Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Windows Analysis Report
SecuriteInfo.com.FileRepMalware.24523.15488.exe

Overview

General Information

Sample Name:SecuriteInfo.com.FileRepMalware.24523.15488.exe
Analysis ID:1266312
MD5:0d978e2a8f4d8fe4a9e454c6c39c1605
SHA1:10ae3aaec8d32152c4b5d162032577cadd4cbb87
SHA256:3ef974b30f539ea369c0e115c52680a9d25e139defd959603702a2734da47d42
Tags:exe

Detection

Score:6
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Creates a DirectInput object (often for capturing keystrokes)
Uses 32bit PE files
Tries to load missing DLLs
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Uses code obfuscation techniques (call, push, ret)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Program does not show much activity (idle)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • Key, Mouse, Clipboard, Microphone and Screen Capturing
  • System Summary
  • Data Obfuscation
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection
  • Remote Access Functionality

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: \Code1\Output\NeoUsb.pdb source: SecuriteInfo.com.FileRepMalware.24523.15488.exe
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeString found in binary or memory: b[0-9a-zA-Z]{6,16}\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*163.commail.163.comvip.163.comvip.163.com126.commail.126.comqq.comvip.qq.comfoxmail.commail.qq.comgmail.commail.google.comsohu.commail.sohu.comtom.commail.tom.comvip.sina.comvip.sina.comsina.com.cnsina.commail.sina.com.cnyahoo.com.cnyahoo.cnmail.cn.yahoo.comyeah.netwww.yeah.net21cn.commail.21cn.comhotmail.comwww.hotmail.comsogou.commail.sogou.com188.comwww.188.com139.commail.10086.com189.comwebmail130.189.cn/smsmailetang.cnmail.etang.cneyou.comwww.eyou.comacrox.eevision.comhttp://%s/api/usersacrox.eevision.comhttp://%s/api/country_language GETcountry_combodatadatanamecodeGETlanguage_combodatadatalanguageid%dcloud_funtion_tab_layoutacrox.eevision.comhttp://%s/api/authorizationsus_idcloud_id_edit(u7b equals www.hotmail.com (Hotmail)
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeString found in binary or memory: b[0-9a-zA-Z]{6,16}\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*163.commail.163.comvip.163.comvip.163.com126.commail.126.comqq.comvip.qq.comfoxmail.commail.qq.comgmail.commail.google.comsohu.commail.sohu.comtom.commail.tom.comvip.sina.comvip.sina.comsina.com.cnsina.commail.sina.com.cnyahoo.com.cnyahoo.cnmail.cn.yahoo.comyeah.netwww.yeah.net21cn.commail.21cn.comhotmail.comwww.hotmail.comsogou.commail.sogou.com188.comwww.188.com139.commail.10086.com189.comwebmail130.189.cn/smsmailetang.cnmail.etang.cneyou.comwww.eyou.comacrox.eevision.comhttp://%s/api/usersacrox.eevision.comhttp://%s/api/country_language GETcountry_combodatadatanamecodeGETlanguage_combodatadatalanguageid%dcloud_funtion_tab_layoutacrox.eevision.comhttp://%s/api/authorizationsus_idcloud_id_edit(u7b equals www.yahoo.com (Yahoo)
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeString found in binary or memory: http://%s/api/usersacrox.eevision.comhttp://%s/api/country_language
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeString found in binary or memory: http://acrox.eevision.com/api/updatesapp_key=%s&version=%d&version=%xPOSTpathnameversion_nameversion
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeString found in binary or memory: http://www.a-jazz.comopenmacro_actionsynchro_device_selectdevice_selectVirtual7.1_Op_tabR_light_slid
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exe, 00000000.00000002.643214518.0000000000C6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeSection loaded: hookdll.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeSection loaded: duilib.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_001528100_2_00152810
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_0036C83D0_2_0036C83D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_0036512D0_2_0036512D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_0034A1760_2_0034A176
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_0034F21F0_2_0034F21F
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_003543600_2_00354360
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_0020C6A00_2_0020C6A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_0034EFF00_2_0034EFF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: String function: 00208830 appears 44 times
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: classification engineClassification label: clean6.winEXE@1/0@0/0
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic file information: File size 3746816 > 1048576
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x237800
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: More than 200 imports for USER32.dll
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: More than 200 imports for DuiLib.dll
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: \Code1\Output\NeoUsb.pdb source: SecuriteInfo.com.FileRepMalware.24523.15488.exe
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_0034551E push ecx; ret 0_2_00345531
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_00345686 push ecx; ret 0_2_00345699
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeStatic PE information: section name: .giats
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_0034D49D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0034D49D
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_00359CE3 mov eax, dword ptr fs:[00000030h]0_2_00359CE3
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_0034530B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0034530B
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_0034D49D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0034D49D
Source: SecuriteInfo.com.FileRepMalware.24523.15488.exeBinary or memory string: {Noto Sans CJK TC RegularVerdana Unicode MSLanguage.configLanguageLanguage_nameLanguageLanguage_fileLanguageLanguage_IDmenu.xmlShell_TrayWndacroxms_dkey_test_0entimerwindowinitwindowsizecolorchangedclickmsleavemsenterselectchangedvaluechangedmovevaluechangeditemselectitemclicktextchangedclick_wpremoveclick_wpaddclick_wpeditclick_wpselectkillfocusclick_select_endAudioFile.jsonAudioFile.jsonDeviceDeviceclosebtnnodevice_ok_btncontrol_light_statuscontrol_light_status
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: EnumSystemLocalesW,0_2_00360B7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0036ABB8
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,0_2_0036A454
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_0036AD8C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: EnumSystemLocalesW,0_2_0036A6CC
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: EnumSystemLocalesW,0_2_0036A717
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: GetLocaleInfoW,0_2_00360FB4
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: EnumSystemLocalesW,0_2_0036A7B2
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_00345924 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00345924
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_00157C70 ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z,?BindTabLayoutName@CButtonUI@DuiLib@@QAEXPB_W@Z,?BindTabIndex@CButtonUI@DuiLib@@QAEXH@Z,0_2_00157C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_00157CE0 ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z,?GetBindTabLayoutIndex@CButtonUI@DuiLib@@QAEHXZ,0_2_00157CE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exeCode function: 0_2_00157D40 ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z,?GetBindTabLayoutName@CButtonUI@DuiLib@@QAEPB_WXZ,0_2_00157D40

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Process Injection		1
Input Capture		1
System Time Discovery		Remote Services1
Input Capture		Exfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
Obfuscated Files or Information		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1266312 Sample: SecuriteInfo.com.FileRepMal... Startdate: 04/07/2023 Architecture: WINDOWS Score: 6 4 SecuriteInfo.com.FileRepMalware.24523.15488.exe 2->4         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.FileRepMalware.24523.15488.exe0%ReversingLabs
SecuriteInfo.com.FileRepMalware.24523.15488.exe0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.a-jazz.comopenmacro_actionsynchro_device_selectdevice_selectVirtual7.1_Op_tabR_light_slid0%Avira URL Cloudsafe
http://%s/api/usersacrox.eevision.comhttp://%s/api/country_language0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://%s/api/usersacrox.eevision.comhttp://%s/api/country_languageSecuriteInfo.com.FileRepMalware.24523.15488.exefalse
  • Avira URL Cloud: safe
low
http://www.a-jazz.comopenmacro_actionsynchro_device_selectdevice_selectVirtual7.1_Op_tabR_light_slidSecuriteInfo.com.FileRepMalware.24523.15488.exefalse
  • Avira URL Cloud: safe
low

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:38.0.0 Beryl
Analysis ID:1266312
Start date and time:2023-07-04 04:29:11 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 8s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:4
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample file name:SecuriteInfo.com.FileRepMalware.24523.15488.exe
Detection:CLEAN
Classification:clean6.winEXE@1/0@0/0
EGA Information:Failed
HDC Information:
  • Successful, ratio: 100% (good quality ratio 92.1%)
  • Quality average: 77.3%
  • Quality standard deviation: 30%
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 136
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
  • Execution Graph export aborted for target SecuriteInfo.com.FileRepMalware.24523.15488.exe, PID 5612 because there are no executed function
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

No created / dropped files found

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.051786953056219
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:SecuriteInfo.com.FileRepMalware.24523.15488.exe
File size:3'746'816 bytes
MD5:0d978e2a8f4d8fe4a9e454c6c39c1605
SHA1:10ae3aaec8d32152c4b5d162032577cadd4cbb87
SHA256:3ef974b30f539ea369c0e115c52680a9d25e139defd959603702a2734da47d42
SHA512:e2b608ccab06f635413e6db689cb417608a9521b9ed8ceb770da1384cc0f72c960e387abe6d398036c1d4ceec9331bc2b4f4ce26a0179cbc221733d67e50e0e5
SSDEEP:49152:3A1PpDoPUb0k+iQWzeiKIXruxHslt1NrC0jypy5SIB133/:mPpDocb0k+iXCiKIbQHUt1NO0jypy5
TLSH:1E065A117E90C836EFA302314A5BB1F9356DAD70D72580DB63CC2E2D39746E26A35A37
File Content Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......0..bt..1t..1t..1.jY1h..1.j[1...1.jZ1V..1.Vo1u..1...0v..1...0v..1..f1~..1..g1u..1..x1v..1O..0m..1O..0P..1O..0...1ok41v..1...1w..

File Icon

Icon Hash:8d3673c98973369c

Static PE Info

General

Entrypoint:0x5f4cbe
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x63BFD154 [Thu Jan 12 09:22:28 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:5e85b9e19c709e8d932c6f836aa7ce75
Instruction
call 00007F6F1C9A1F26h
jmp 00007F6F1C9A1153h
cmp ecx, dword ptr [006C4F64h]
jne 00007F6F1C9A12C5h
ret
jmp 00007F6F1C9A1920h
push ebp
mov ebp, esp
test byte ptr [ebp+08h], 00000001h
push esi
mov esi, ecx
mov dword ptr [esi], 00666C10h
je 00007F6F1C9A12CCh
push 0000000Ch
push esi
call 00007F6F1C9A1ADCh
pop ecx
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
push ebp
mov ebp, esp
mov eax, dword ptr [006C4F64h]
and eax, 1Fh
push 00000020h
pop ecx
sub ecx, eax
mov eax, dword ptr [ebp+08h]
ror eax, cl
xor eax, dword ptr [006C4F64h]
pop ebp
ret
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007F6F1C9A12DBh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007F6F1C9A12CCh
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007F6F1C9A12CEh
add edx, 28h
cmp edx, esi
jne 00007F6F1C9A12ACh
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007F6F1C9A12BBh
call 00007F6F1C9A231Eh
test eax, eax
jne 00007F6F1C9A12C5h
xor al, al
ret
mov eax, dword ptr fs:[00000018h]
push esi
mov esi, 006D1668h
mov edx, dword ptr [eax+04h]
jmp 00007F6F1C9A12C6h
cmp edx, eax
je 00007F6F1C9A12D2h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
Programming Language:
  • [IMP] VS2010 SP1 build 40219
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x2b969c0x1b8.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x2f60000x82f58.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x3790000x2b48c.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x2961d00x70.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x29629c0x18.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2962400x40.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x2390000x11c8.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x2377470x237800unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x2390000x8a4340x8a600False0.2621174909665763data5.058463045396287IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x2c40000x15c800x8000False0.24920654296875data4.914418692261183IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.gfids0x2da0000x19fe80x1a000False0.29842435396634615data4.2456915864786895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.giats0x2f40000x100x200False0.05078125data0.15517757530476972IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls0x2f50000x90x200False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x2f60000x82f580x83000False0.018523005128816793data1.6215106669304558IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x3790000x2b48c0x2b600False0.46630155799711814data6.563620168823668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x2f62700x413c8Device independent bitmap graphic, 256 x 506 x 32, image size 259072, resolution 11811 x 11811 px/mChineseChina0.016679889823657975
RT_ICON0x3376500x413c8Device independent bitmap graphic, 256 x 506 x 32, image size 259072, resolution 11811 x 11811 px/mChineseChina0.016679889823657975
RT_MENU0x378a300x50dataChineseChina0.8375
RT_DIALOG0x378a900x118dataChineseChina0.6178571428571429
RT_STRING0x378ba80x84dataChineseChina0.7045454545454546
RT_ACCELERATOR0x378a800x10dataChineseChina1.25
RT_GROUP_ICON0x3376380x14dataChineseChina1.2
RT_GROUP_ICON0x378a180x14dataChineseChina1.25
RT_MANIFEST0x378c300x327XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (747), with CRLF line terminatorsEnglishUnited States0.5241635687732342
DLLImport
HID.DLLHidD_SetOutputReport, HidD_GetHidGuid, HidD_GetPreparsedData, HidD_GetAttributes, HidP_GetCaps, HidP_GetSpecificButtonCaps, HidP_GetSpecificValueCaps, HidP_MaxUsageListLength, HidP_GetUsages, HidP_GetUsageValue, HidP_GetScaledUsageValue
HookDLL.dll?UnInstallHook@@YAHPAUHWND__@@@Z, ?InstallHook@@YAHPAUHWND__@@H@Z
KERNEL32.dllGetACP, IsValidLocale, EnumSystemLocalesW, GetConsoleCP, GetConsoleMode, SetFilePointerEx, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, GetStartupInfoW, IsDebuggerPresent, InitializeSListHead, GetSystemTimeAsFileTime, QueryPerformanceCounter, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStdHandle, GetUserDefaultLCID, SearchPathW, GetProfileIntW, GetTempFileNameW, VerifyVersionInfoW, VerSetConditionMask, GetWindowsDirectoryW, FindResourceExW, GetCurrentDirectoryW, lstrcpyW, SystemTimeToTzSpecificLocalTime, GetFileTime, GetFileSizeEx, GetFileAttributesExW, GetFileAttributesW, FileTimeToLocalFileTime, VirtualProtect, GlobalFlags, DuplicateHandle, UnlockFile, WriteConsoleW, GetFileType, WaitForSingleObjectEx, SetStdHandle, SetFilePointer, SetEndOfFile, LockFile, GetVolumeInformationW, GetFullPathNameW, FlushFileBuffers, GetUserDefaultUILanguage, GetLocaleInfoW, CompareStringW, GlobalFindAtomW, GlobalAddAtomW, lstrcmpW, GlobalDeleteAtom, FreeLibrary, GetSystemDirectoryW, GetCommandLineW, ResumeThread, SetThreadPriority, GetCurrentThreadId, QueryPerformanceFrequency, FileTimeToSystemTime, GlobalGetAtomNameW, lstrcmpA, LocalReAlloc, LocalAlloc, GlobalHandle, GlobalReAlloc, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSection, LoadLibraryW, LoadLibraryA, GetModuleHandleA, GetCurrentProcessId, SetLastError, CopyFileW, FormatMessageW, MulDiv, LocalFree, GlobalUnlock, GlobalLock, GlobalSize, GlobalAlloc, CancelIo, GetOverlappedResult, GetProcessHeap, DecodePointer, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, InitializeCriticalSectionEx, OutputDebugStringA, HeapFree, GetTempPathW, DeleteCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, CreateMutexW, FreeResource, ReadFile, GetFileSize, lstrlenW, OpenMutexW, EnterCriticalSection, GetCurrentProcess, lstrcmpiW, GetLocalTime, FindClose, WideCharToMultiByte, GlobalFree, MultiByteToWideChar, CloseHandle, WriteFile, CreateFileW, GetModuleHandleW, VirtualQuery, GetProcAddress, GetLastError, LoadLibraryExW, GetModuleFileNameW, GetVersionExW, GetTickCount, WaitForSingleObject, CreateDirectoryW, WritePrivateProfileStringW, FindFirstFileW, Sleep, ExitThread, ResetEvent, TerminateThread, WaitForMultipleObjects, SetEvent, FindResourceW, LoadResource, LockResource, SizeofResource, CreateThread, CreateEventW, DeleteFileW, OutputDebugStringW, GetCommandLineA, HeapQueryInformation, ExitProcess, GetModuleHandleExW, FreeLibraryAndExitThread, RtlUnwind, GetStringTypeW, LCMapStringW, VirtualAlloc, GetSystemInfo, EncodePointer, GetCPInfo
USER32.dllSendMessageW, GetWindowRect, GetCursorPos, PtInRect, CharNextW, IntersectRect, IsWindow, IsChild, OffsetRect, SetWindowPos, ShowWindow, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, ClientToScreen, SetMenuItemInfoW, SetWindowLongW, IsWindowEnabled, GetDoubleClickTime, FindWindowW, SetTimer, ChangeWindowMessageFilter, GetKeyState, GetSystemMetrics, IsWindowVisible, GetMonitorInfoW, MonitorFromWindow, PostMessageW, SendMessageTimeoutW, LoadIconW, UnregisterDeviceNotification, RegisterDeviceNotificationW, SystemParametersInfoW, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, EnableMenuItem, CheckMenuItem, ValidateRect, GetClassInfoExW, IsZoomed, GetActiveWindow, PeekMessageW, DispatchMessageW, TranslateMessage, BroadcastSystemMessageW, KillTimer, IsMenu, DestroyWindow, GetWindowPlacement, SetWindowPlacement, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, GetDlgItem, GetDlgCtrlID, GetCapture, GetMenu, SetMenu, TrackPopupMenu, UpdateWindow, SetActiveWindow, GetForegroundWindow, GetMenuStringW, GetMenuState, GetSubMenu, GetMenuItemID, GetMenuItemCount, InsertMenuW, AppendMenuW, SetForegroundWindow, BeginPaint, EndPaint, RedrawWindow, ScrollWindow, SetScrollPos, GetScrollPos, SetScrollRange, GetScrollRange, ShowScrollBar, SetPropW, GetPropW, RemovePropW, PostQuitMessage, InvalidateRect, RegisterWindowMessageW, LoadBitmapW, GetMessagePos, GetMessageTime, DefWindowProcW, CallWindowProcW, RegisterClassW, CreateWindowExW, GetClassInfoW, GetMessageW, GetWindowTextLengthW, GetWindowTextW, LoadCursorW, GetSysColorBrush, GetSysColor, ReleaseDC, GetDC, GetFocus, SetFocus, GetLastActivePopup, GetWindowThreadProcessId, GetParent, GetWindowLongW, MessageBoxW, GetClientRect, AdjustWindowRectEx, ScreenToClient, MapWindowPoints, CopyRect, EnableWindow, IsIconic, TranslateAcceleratorW, DestroyCursor, GetWindowRgn, CreateMenu, SubtractRect, TranslateMDISysAccel, DefMDIChildProcW, DefFrameProcW, DrawMenuBar, GetUpdateRect, IsClipboardFormatAvailable, CharUpperBuffW, RegisterClipboardFormatW, ModifyMenuW, SetMenuDefaultItem, LockWindowUpdate, SetRect, CopyAcceleratorTableW, DestroyAcceleratorTable, CreateAcceleratorTableW, GetKeyboardState, ToUnicodeEx, MapVirtualKeyExW, IsCharLowerW, GetKeyboardLayout, WaitMessage, PostThreadMessageW, GetComboBoxInfo, ReuseDDElParam, UnpackDDElParam, InsertMenuItemW, EqualRect, LoadAcceleratorsW, MonitorFromPoint, UpdateLayeredWindow, UnionRect, DrawIcon, FrameRect, CopyIcon, SetCursorPos, BringWindowToTop, GetSystemMenu, DrawFrameControl, DrawEdge, DrawStateW, EmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, SetParent, SetWindowRgn, SetClassLongW, EnumDisplayMonitors, SetLayeredWindowAttributes, LoadMenuW, GetKeyNameTextW, MapVirtualKeyW, NotifyWinEvent, InvertRect, HideCaret, EnableScrollBar, MessageBeep, GetIconInfo, DrawIconEx, IsRectEmpty, DrawFocusRect, WindowFromPoint, ReleaseCapture, SetCapture, GetNextDlgGroupItem, GetMenuDefaultItem, CreatePopupMenu, DeleteMenu, SetCursor, ShowOwnedPopups, LoadImageW, TrackMouseEvent, MapDialogRect, GetAsyncKeyState, SetRectEmpty, SendDlgItemMessageA, CopyImage, InflateRect, GetMenuItemInfoW, DestroyMenu, FillRect, GetWindowDC, TabbedTextOutW, GrayStringW, DrawTextExW, DrawTextW, RealChildWindowFromPoint, CharUpperW, DestroyIcon, GetDesktopWindow, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamW, IsDialogMessageW, SetWindowTextW, CheckDlgButton, MoveWindow, WinHelpW, GetScrollInfo, SetScrollInfo, GetWindow, GetTopWindow, GetClassNameW, GetClassLongW, RemoveMenu
GDI32.dllSetDIBColorTable, CreateEllipticRgn, Ellipse, GetTextColor, CreatePolygonRgn, Polygon, Polyline, CreateRoundRectRgn, LPtoDP, Rectangle, GetRgnBox, OffsetRgn, RoundRect, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, ExtFloodFill, SetPaletteEntries, SetPixelV, GetWindowOrgEx, GetViewportOrgEx, GetTextFaceW, StretchBlt, SetPixel, GetTextCharsetInfo, EnumFontFamiliesW, CreateDIBitmap, CreateCompatibleBitmap, GetBkColor, RealizePalette, GetSystemPaletteEntries, GetPaletteEntries, GetNearestPaletteIndex, CreatePalette, EnumFontFamiliesExW, DPtoLP, SetRectRgn, PatBlt, CreateRectRgnIndirect, CombineRgn, GetTextMetricsW, GetTextExtentPoint32W, CreateFontIndirectW, ScaleWindowExtEx, ScaleViewportExtEx, OffsetWindowOrgEx, OffsetViewportOrgEx, SetWindowOrgEx, SetWindowExtEx, SetViewportOrgEx, SetViewportExtEx, ExtTextOutW, TextOutW, MoveToEx, SetTextAlign, SetROP2, SetPolyFillMode, GetLayout, SetLayout, SetMapMode, SetBkMode, SelectPalette, SelectObject, ExtSelectClipRgn, SelectClipRgn, SaveDC, RestoreDC, RectVisible, PtVisible, LineTo, IntersectClipRect, GetWindowExtEx, GetViewportExtEx, GetStockObject, GetPixel, GetObjectType, GetClipBox, ExcludeClipRect, Escape, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePatternBrush, CreatePen, CreateHatchBrush, CreateCompatibleDC, BitBlt, DeleteObject, GetObjectW, SetTextColor, SetBkColor, CreateBitmap, GetDeviceCaps, CreateDCW, CopyMetaFileW, AddFontMemResourceEx, RemoveFontMemResourceEx, CreateDIBSection
MSIMG32.dllAlphaBlend, TransparentBlt
COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
WINSPOOL.DRVClosePrinter, DocumentPropertiesW, OpenPrinterW
ADVAPI32.dllRegDeleteKeyW, RegGetValueW, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegCreateKeyExW, RegDeleteValueW, RegEnumKeyExW
SHELL32.dllSHGetSpecialFolderPathW, SHAppBarMessage, DragFinish, DragQueryFileW, SHBrowseForFolderW, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetFileInfoW, ShellExecuteExW, ShellExecuteW
SHLWAPI.dllStrCatW, StrStrIW, PathFindExtensionW, PathFindFileNameW, PathRemoveFileSpecW, PathIsUNCW, PathStripToRootW, StrFormatKBSizeW, PathFileExistsW
UxTheme.dllGetThemePartSize, GetThemeSysColor, IsThemeBackgroundPartiallyTransparent, IsAppThemed, DrawThemeText, DrawThemeParentBackground, OpenThemeData, CloseThemeData, DrawThemeBackground, GetThemeColor, GetCurrentThemeName, GetWindowTheme
ole32.dllCoInitialize, OleInitialize, OleUninitialize, CoUninitialize, CoTaskMemAlloc, CoTaskMemFree, OleDuplicateData, ReleaseStgMedium, CoInitializeEx, CoCreateInstance, CoDisconnectObject, CreateStreamOnHGlobal, DoDragDrop, OleGetClipboard, CoLockObjectExternal, RegisterDragDrop, RevokeDragDrop, OleLockRunning, OleCreateMenuDescriptor, OleDestroyMenuDescriptor, OleTranslateAccelerator, IsAccelerator
OLEAUT32.dllVariantTimeToSystemTime, SystemTimeToVariantTime, SysStringLen, VariantInit, SysFreeString, LoadTypeLib, SysAllocStringLen, SysAllocString, VarBstrFromDate, VariantChangeType, VariantCopy, VariantClear
IMM32.dllImmReleaseContext, ImmGetContext, ImmGetOpenStatus
gdiplus.dllGdipCreateFromHDC, GdipDeleteGraphics, GdipCreateSolidFill, GdipDeleteBrush, GdipFree, GdipAlloc, GdipCloneBrush, GdipFillPieI, GdipReleaseDC, GdipSetSmoothingMode, GdipFillEllipseI, GdipFillRectangleI, GdiplusShutdown, GdiplusStartup, GdipCloneImage, GdipDisposeImage, GdipGetImageGraphicsContext, GdipGetImageWidth, GdipGetImageHeight, GdipGetImagePixelFormat, GdipGetImagePalette, GdipGetImagePaletteSize, GdipCreateBitmapFromStream, GdipCreateBitmapFromScan0, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipDrawImageI, GdipCreateBitmapFromHBITMAP, GdipSetInterpolationMode, GdipDrawImageRectI
DuiLib.dll?SetName@CControlUI@DuiLib@@UAEXPB_W@Z, ?GetName@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ, ?DrawRect@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@HKH@Z, ?IsEmpty@CDuiString@DuiLib@@QBE_NXZ, ?IsSelected@CListContainerElementUI@DuiLib@@UBE_NXZ, ?DrawItemBk@CListContainerElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z, ?DoEvent@CListContainerElementUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z, ?IsContextMenuUsed@CControlUI@DuiLib@@UBE_NXZ, ?Invalidate@CListContainerElementUI@DuiLib@@QAEXXZ, ?IsEnabled@CControlUI@DuiLib@@UBE_NXZ, ?SetUserData@CControlUI@DuiLib@@UAEXPB_W@Z, ?SetValue@CSliderUI@DuiLib@@QAEXH@Z, ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z, ?IsSelected@COptionUI@DuiLib@@QBE_NXZ, ??0CDuiString@DuiLib@@QAE@ABV01@@Z, ?GetText@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ, ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z, ?SendNotify@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@PB_WIJ_N@Z, ?Activate@CControlUI@DuiLib@@UAE_NXZ, ?GetInterface@CListContainerElementUI@DuiLib@@UAEPAXPB_W@Z, ??0CListContainerElementUI@DuiLib@@QAE@XZ, ?GetToolTip@WindowImplBase@DuiLib@@UAEPB_WPAVCControlUI@2@PB_W@Z, ?QueryControlText@WindowImplBase@DuiLib@@UAEPB_WPB_W0@Z, ?CreateControl@WindowImplBase@DuiLib@@UAEPAVCControlUI@2@PB_W@Z, ?GetStyle@WindowImplBase@DuiLib@@UAEJXZ, ?OnMouseMove@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnLButtonUp@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnLButtonDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnSetFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnKillFocus@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnCreate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnChar@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnMouseHover@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnMouseWheel@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnGetMinMaxInfo@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnNcHitTest@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnNcPaint@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnNcCalcSize@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnNcActivate@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnDestroy@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnClose@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?GetManagerName@WindowImplBase@DuiLib@@MAEPB_WXZ, ?GetSkinType@WindowImplBase@DuiLib@@MAE?AVCDuiString@2@XZ, ?IsInStaticControl@WindowImplBase@DuiLib@@MAEHPAVCControlUI@2@@Z, ?InitResource@WindowImplBase@DuiLib@@UAEXXZ, ?HandleMessage@WindowImplBase@DuiLib@@UAEJIIJ@Z, ?GetClassStyle@WindowImplBase@DuiLib@@UBEIXZ, ?GetSuperClassName@CWindowWnd@DuiLib@@MBEPB_WXZ, ?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z, ?HandleMessage@CWindowWnd@DuiLib@@MAEJIIJ@Z, ??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ, ?Notify@WindowImplBase@DuiLib@@UAEXAAUtagTNotifyUI@2@@Z, ?NeedUpdate@CPaintManagerUI@DuiLib@@QAEXXZ, ?GetRoot@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@XZ, ?CompareNoCase@CDuiString@DuiLib@@QBEHPB_W@Z, ?SendMessageW@CWindowWnd@DuiLib@@QAEJIIJ@Z, ?Close@CWindowWnd@DuiLib@@QAEXI@Z, ?MakeLower@CDuiString@DuiLib@@QAEXXZ, ??1WindowImplBase@DuiLib@@UAE@XZ, ??0WindowImplBase@DuiLib@@QAE@XZ, ?messageMap@WindowImplBase@DuiLib@@1UDUI_MSGMAP@2@B, ?NeedUpdate@CControlUI@DuiLib@@QAEXXZ, ?Format@CDuiString@DuiLib@@QAAHPB_WZZ, ??0CDuiString@DuiLib@@QAE@PB_WH@Z, ??YCDuiString@DuiLib@@QAEABV01@ABV01@@Z, ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z, ??BCDuiString@DuiLib@@QBEPB_WXZ, ??0CDuiString@DuiLib@@QAE@XZ, ??1CDuiString@DuiLib@@QAE@XZ, ?ResponseDefaultKeyEvent@WindowImplBase@DuiLib@@MAEJI@Z, ?GetY@CControlUI@DuiLib@@UBEHXZ, ?GetPadding@CControlUI@DuiLib@@UBE?AUtagRECT@@XZ, ?SetPadding@CControlUI@DuiLib@@UAEXUtagRECT@@@Z, ?GetFixedXY@CControlUI@DuiLib@@UBE?AUtagSIZE@@XZ, ?SetFixedXY@CControlUI@DuiLib@@UAEXUtagSIZE@@@Z, ?GetFixedWidth@CControlUI@DuiLib@@UBEHXZ, ?SetFixedWidth@CControlUI@DuiLib@@UAEXH@Z, ?GetFixedHeight@CControlUI@DuiLib@@UBEHXZ, ?SetFixedHeight@CControlUI@DuiLib@@UAEXH@Z, ?GetMinWidth@CControlUI@DuiLib@@UBEHXZ, ?SetMinWidth@CControlUI@DuiLib@@UAEXH@Z, ?GetMaxWidth@CControlUI@DuiLib@@UBEHXZ, ?SetMaxWidth@CControlUI@DuiLib@@UAEXH@Z, ?GetMinHeight@CControlUI@DuiLib@@UBEHXZ, ?SetMinHeight@CControlUI@DuiLib@@UAEXH@Z, ?GetMaxHeight@CControlUI@DuiLib@@UBEHXZ, ?SetMaxHeight@CControlUI@DuiLib@@UAEXH@Z, ?GetFloatPercent@CControlUI@DuiLib@@UBE?AUtagTPercentInfo@2@XZ, ?SetFloatPercent@CControlUI@DuiLib@@UAEXUtagTPercentInfo@2@@Z, ?SetFloatAlign@CControlUI@DuiLib@@UAEXI@Z, ?GetFloatAlign@CControlUI@DuiLib@@UBEIXZ, ?GetToolTip@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ, ?SetToolTip@CControlUI@DuiLib@@UAEXPB_W@Z, ?SetToolTipWidth@CControlUI@DuiLib@@UAEXH@Z, ?GetToolTipWidth@CControlUI@DuiLib@@UAEHXZ, ?SetUserToolTipXml@CControlUI@DuiLib@@UAEXPB_W@Z, ?GetUserToolTipXml@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ, ?SetToolTipCallBack@CControlUI@DuiLib@@UAEXPAVIToolTipCallBack@2@@Z, ?GetToolTipCallback@CControlUI@DuiLib@@UBEPAVIToolTipCallBack@2@XZ, ?SetUserToolTitle@CControlUI@DuiLib@@UAEXPB_W@Z, ?GetUserToolTitle@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ, ?SetUserToolText@CControlUI@DuiLib@@UAEXPB_W@Z, ?GetUserToolText@CControlUI@DuiLib@@UBE?AVCDuiString@2@XZ, ?GetCursor@CControlUI@DuiLib@@UAEGXZ, ?SetCursor@CControlUI@DuiLib@@UAEXG@Z, ?GetShortcut@CControlUI@DuiLib@@UBE_WXZ, ?SetShortcut@CControlUI@DuiLib@@UAEX_W@Z, ?SetContextMenuUsed@CControlUI@DuiLib@@UAEX_N@Z, ?GetUserData@CControlUI@DuiLib@@UAEABVCDuiString@2@XZ, ?GetTag@CControlUI@DuiLib@@UBEIXZ, ?SetTag@CControlUI@DuiLib@@UAEXI@Z, ?IsVisible@CControlUI@DuiLib@@UBE_NXZ, ?SetVisible@CListContainerElementUI@DuiLib@@UAEX_N@Z, ?SetInternVisible@CContainerUI@DuiLib@@UAEX_N@Z, ?SetEnabled@CListContainerElementUI@DuiLib@@UAEX_N@Z, ?IsMouseEnabled@CControlUI@DuiLib@@UBE_NXZ, ?SetMouseEnabled@CContainerUI@DuiLib@@UAEX_N@Z, ?IsKeyboardEnabled@CControlUI@DuiLib@@UBE_NXZ, ?SetKeyboardEnabled@CControlUI@DuiLib@@UAEX_N@Z, ?IsFocused@CControlUI@DuiLib@@UBE_NXZ, ?SetFocus@CControlUI@DuiLib@@UAEXXZ, ?IsFloat@CControlUI@DuiLib@@UBE_NXZ, ?SetFloat@CControlUI@DuiLib@@UAEX_N@Z, ?FindControl@CContainerUI@DuiLib@@UAEPAVCControlUI@2@P6GPAV32@PAV32@PAX@Z1I@Z, ?Init@CControlUI@DuiLib@@UAEXXZ, ?DoInit@CControlUI@DuiLib@@UAEXXZ, ?Event@CControlUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z, ?SetAttribute@CListContainerElementUI@DuiLib@@UAEXPB_W0@Z, ?EstimateSize@CControlUI@DuiLib@@UAE?AUtagSIZE@@U3@@Z, ?DoPaint@CListContainerElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z, ?PaintBkColor@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z, ?PaintBkImage@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z, ?PaintStatusImage@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z, ?PaintForeColor@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z, ?PaintForeImage@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z, ?PaintText@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z, ?PaintBorder@CControlUI@DuiLib@@UAEXPAUHDC__@@@Z, ?DoPostPaint@CHorizontalLayoutUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z, ?GetInset@CContainerUI@DuiLib@@UBE?AUtagRECT@@XZ, ?SetInset@CContainerUI@DuiLib@@UAEXUtagRECT@@@Z, ?GetChildPadding@CContainerUI@DuiLib@@UBEHXZ, ?SetChildPadding@CContainerUI@DuiLib@@UAEXH@Z, ?GetChildAlign@CContainerUI@DuiLib@@UBEIXZ, ?SetChildAlign@CContainerUI@DuiLib@@UAEXI@Z, ?GetChildVAlign@CContainerUI@DuiLib@@UBEIXZ, ?SetChildVAlign@CContainerUI@DuiLib@@UAEXI@Z, ?IsAutoDestroy@CContainerUI@DuiLib@@UBE_NXZ, ?SetAutoDestroy@CContainerUI@DuiLib@@UAEX_N@Z, ?IsDelayedDestroy@CContainerUI@DuiLib@@UBE_NXZ, ?SetDelayedDestroy@CContainerUI@DuiLib@@UAEX_N@Z, ?IsMouseChildEnabled@CContainerUI@DuiLib@@UBE_NXZ, ?SetMouseChildEnabled@CContainerUI@DuiLib@@UAEX_N@Z, ?FindSelectable@CContainerUI@DuiLib@@UBEHH_N@Z, ?GetScrollPos@CContainerUI@DuiLib@@UBE?AUtagSIZE@@XZ, ?GetScrollRange@CContainerUI@DuiLib@@UBE?AUtagSIZE@@XZ, ?SetScrollPos@CContainerUI@DuiLib@@UAEXUtagSIZE@@_N@Z, ?SetScrollStepSize@CContainerUI@DuiLib@@UAEXH@Z, ?GetScrollStepSize@CContainerUI@DuiLib@@UBEHXZ, ?SetDisabledBkColor@CContainerUI@DuiLib@@UAEXK@Z, ?GetDisabledBkColor@CContainerUI@DuiLib@@UBEKXZ, ?SetDisabledTextColor@CContainerUI@DuiLib@@UAEXK@Z, ?GetDisabledTextColor@CContainerUI@DuiLib@@UBEKXZ, ?LineUp@CContainerUI@DuiLib@@UAEXXZ, ?LineDown@CContainerUI@DuiLib@@UAEXXZ, ?PageUp@CContainerUI@DuiLib@@UAEXXZ, ?PageDown@CContainerUI@DuiLib@@UAEXXZ, ?HomeUp@CContainerUI@DuiLib@@UAEXXZ, ?EndDown@CContainerUI@DuiLib@@UAEXXZ, ?LineLeft@CContainerUI@DuiLib@@UAEXXZ, ?LineRight@CContainerUI@DuiLib@@UAEXXZ, ?PageLeft@CContainerUI@DuiLib@@UAEXXZ, ?PageRight@CContainerUI@DuiLib@@UAEXXZ, ?HomeLeft@CContainerUI@DuiLib@@UAEXXZ, ?EndRight@CContainerUI@DuiLib@@UAEXXZ, ?EnableScrollBar@CContainerUI@DuiLib@@UAEX_N0@Z, ?GetVerticalScrollBar@CContainerUI@DuiLib@@UBEPAVCScrollBarUI@2@XZ, ?GetHorizontalScrollBar@CContainerUI@DuiLib@@UBEPAVCScrollBarUI@2@XZ, ?SetFloatPos@CContainerUI@DuiLib@@MAEXH@Z, ?ProcessScrollBar@CContainerUI@DuiLib@@MAEXUtagRECT@@HH@Z, ?GetItemAt@CContainerUI@DuiLib@@UBEPAVCControlUI@2@H@Z, ?GetItemIndex@CContainerUI@DuiLib@@UBEHPAVCControlUI@2@@Z, ?SetItemIndex@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z, ?GetCount@CContainerUI@DuiLib@@UBEHXZ, ?Add@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@@Z, ?AddAt@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@H@Z, ?Remove@CContainerUI@DuiLib@@UAE_NPAVCControlUI@2@@Z, ?RemoveAt@CContainerUI@DuiLib@@UAE_NH@Z, ?RemoveAll@CContainerUI@DuiLib@@UAEXXZ, ?NotifyPump@CNotifyPump@DuiLib@@QAEXAAUtagTNotifyUI@2@@Z, ?GetMaxValue@CProgressUI@DuiLib@@QBEHXZ, ?SetThumbPushedImage@CSliderUI@DuiLib@@QAEXPB_W@Z, ?SetThumbHotImage@CSliderUI@DuiLib@@QAEXPB_W@Z, ?SetThumbImage@CSliderUI@DuiLib@@QAEXPB_W@Z, ?SetTextStyle@CLabelUI@DuiLib@@QAEXI@Z, ?GetTextStyle@CLabelUI@DuiLib@@QBEIXZ, ?SetTipValue@CRichEditUI@DuiLib@@QAEXPB_W@Z, ?GetMessageMap@CNotifyPump@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ, ?SetBorderSize@CControlUI@DuiLib@@QAEXH@Z, ?SetSelectedBkColor@COptionUI@DuiLib@@QAEXK@Z, ?Release@CResourceManager@DuiLib@@QAEXXZ, ?MessageLoop@CPaintManagerUI@DuiLib@@SAXXZ, ?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z, ?GetInstance@CControlFactory@DuiLib@@SAPAV12@XZ, ?RegistControl@CControlFactory@DuiLib@@QAEXVCDuiString@2@P6APAVCControlUI@2@XZ@Z, ?SetResourceZip@CPaintManagerUI@DuiLib@@SAXPAXIPB_W@Z, ?GetResourceDll@CPaintManagerUI@DuiLib@@SAPAUHINSTANCE__@@XZ, ?SetResourceZip@CPaintManagerUI@DuiLib@@SAXPB_W_N0@Z, ?LoadResource@CResourceManager@DuiLib@@QAEHVSTRINGorID@2@PB_W@Z, ?SetResourcePath@CPaintManagerUI@DuiLib@@SAXPB_W@Z, ?GetResourceType@CPaintManagerUI@DuiLib@@SAHXZ, ?SetResourceType@CPaintManagerUI@DuiLib@@SAXH@Z, ?SetMinValue@CProgressUI@DuiLib@@QAEXH@Z, ?MessageHandler@WindowImplBase@DuiLib@@UAEJIIJAA_N@Z, ?OnSysCommand@WindowImplBase@DuiLib@@UAEJIIJAAH@Z, ?OnClick@WindowImplBase@DuiLib@@MAEXAAUtagTNotifyUI@2@@Z, ?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCDuiString@2@XZ, ?SetForeImage@CControlUI@DuiLib@@QAEXPB_W@Z, ?ResetDPIAssets@CPaintManagerUI@DuiLib@@QAEXXZ, ?SetDPI@CPaintManagerUI@DuiLib@@QAEXH@Z, ?SetAllDPI@CPaintManagerUI@DuiLib@@SAXH@Z, ?DeleteTrayIcon@CTrayIcon@DuiLib@@QAEXXZ, ?Compare@CDuiString@DuiLib@@QBEHPB_W@Z, ?GetLanguage@CResourceManager@DuiLib@@QAEPB_WXZ, ?ReloadText@CResourceManager@DuiLib@@QAEXXZ, ?SetLanguage@CResourceManager@DuiLib@@QAEXPB_W@Z, ?SetDefaultFont@CPaintManagerUI@DuiLib@@QAEXPB_WH_N111@Z, ?AddFont@CPaintManagerUI@DuiLib@@QAEPAUHFONT__@@HPB_WH_N111@Z, ?RemoveAllFonts@CPaintManagerUI@DuiLib@@QAEX_N@Z, ?OnFinalMessage@WindowImplBase@DuiLib@@UAEXPAUHWND__@@@Z, ?CreateTrayIcon@CTrayIcon@DuiLib@@QAEXPAUHWND__@@IPB_WI@Z, ?LoadLanguage@CResourceManager@DuiLib@@QAEHPB_W@Z, ?SetTextQueryInterface@CResourceManager@DuiLib@@QAEXPAVIQueryControlText@2@@Z, ?GetControlFlags@CListContainerElementUI@DuiLib@@UBEIXZ, ?DestroyMenu@CMenuWnd@DuiLib@@SAXXZ, ?AddVirtualWnd@CNotifyPump@DuiLib@@QAE_NVCDuiString@2@PAV12@@Z, ??1CTrayIcon@DuiLib@@QAE@XZ, ??0CTrayIcon@DuiLib@@QAE@XZ, ??1CNotifyPump@DuiLib@@QAE@XZ, ??0CStdStringPtrMap@DuiLib@@QAE@H@Z, ??1CStdStringPtrMap@DuiLib@@QAE@XZ, ??0CNotifyPump@DuiLib@@QAE@XZ, ?messageMap@CNotifyPump@DuiLib@@1UDUI_MSGMAP@2@B, ?MessageHandler@CPaintManagerUI@DuiLib@@QAE_NIIJAAJ@Z, ?AddNotifier@CPaintManagerUI@DuiLib@@QAE_NPAVINotifyUI@2@@Z, ?AttachDialog@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@@Z, ?Init@CPaintManagerUI@DuiLib@@QAEXPAUHWND__@@PB_W@Z, ?SetIcon@CWindowWnd@DuiLib@@QAEXI@Z, ?GetInitSize@CPaintManagerUI@DuiLib@@QAE?AUtagSIZE@@XZ, ??1CPaintManagerUI@DuiLib@@UAE@XZ, ??0CPaintManagerUI@DuiLib@@QAE@XZ, ??0CWindowWnd@DuiLib@@QAE@XZ, ?GetInstance@CResourceManager@DuiLib@@SAPAV12@XZ, ?ShowWindow@CWindowWnd@DuiLib@@QAEX_N0@Z, ?SetSelectedTextColor@COptionUI@DuiLib@@QAEXK@Z, ?SetDisabledTextColor@CLabelUI@DuiLib@@QAEXK@Z, ?SetTextColor@CLabelUI@DuiLib@@QAEXK@Z, ??1CProgressUI@DuiLib@@UAE@XZ, ??1CButtonUI@DuiLib@@UAE@XZ, ??1tagTDrawInfo@DuiLib@@QAE@XZ, ??0tagTDrawInfo@DuiLib@@QAE@$$QAU01@@Z, ??1CVerticalLayoutUI@DuiLib@@UAE@XZ, ?DoPostPaint@CVerticalLayoutUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z, ?SetAttribute@CVerticalLayoutUI@DuiLib@@UAEXPB_W0@Z, ?SetPos@CVerticalLayoutUI@DuiLib@@UAEXUtagRECT@@_N@Z, ?GetControlFlags@CVerticalLayoutUI@DuiLib@@UBEIXZ, ?GetInterface@CVerticalLayoutUI@DuiLib@@UAEPAXPB_W@Z, ?PaintText@CButtonUI@DuiLib@@UAEXPAUHDC__@@@Z, ?PaintForeImage@CButtonUI@DuiLib@@UAEXPAUHDC__@@@Z, ?SetEnabled@CButtonUI@DuiLib@@UAEX_N@Z, ?GetInterface@CButtonUI@DuiLib@@UAEPAXPB_W@Z, ?GetControlFlags@CControlUI@DuiLib@@UBEIXZ, ?GetInterface@CControlUI@DuiLib@@UAEPAXPB_W@Z, ?UpdateText@CProgressUI@DuiLib@@UAEXXZ, ?SetAttribute@CProgressUI@DuiLib@@UAEXPB_W0@Z, ?GetInterface@CProgressUI@DuiLib@@UAEPAXPB_W@Z, ?DrawTextW@CRenderEngine@DuiLib@@SAXPAUHDC__@@PAVCPaintManagerUI@2@AAUtagRECT@@PB_WKHI@Z, ?DrawHtmlText@CRenderEngine@DuiLib@@SAXPAUHDC__@@PAVCPaintManagerUI@2@AAUtagRECT@@PB_WKPAU5@PAVCDuiString@2@AAHI@Z, ?SetAttribute@CControlUI@DuiLib@@UAEXPB_W0@Z, ?GetAdjustColor@CControlUI@DuiLib@@QAEKK@Z, ?DrawColor@CRenderEngine@DuiLib@@SAXPAUHDC__@@ABUtagRECT@@K@Z, ??1CControlUI@DuiLib@@UAE@XZ, ??0CControlUI@DuiLib@@QAE@XZ, ?GetClass@CControlUI@DuiLib@@UBEPB_WXZ, ?DoEvent@CVerticalLayoutUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z, ??0CVerticalLayoutUI@DuiLib@@QAE@XZ, ?Activate@CButtonUI@DuiLib@@UAE_NXZ, ??ACDuiString@DuiLib@@QBE_WH@Z, ??0tagTDrawInfo@DuiLib@@QAE@XZ, ??YCDuiString@DuiLib@@QAEABV01@_W@Z, ?Empty@CDuiString@DuiLib@@QAEXXZ, ?IsLayered@CPaintManagerUI@DuiLib@@QAE_NXZ, ?DrawImage@CRenderEngine@DuiLib@@SAXPAUHDC__@@PAUHBITMAP__@@ABUtagRECT@@222_NE333@Z, ?GetImageEx@CPaintManagerUI@DuiLib@@QAEPBUtagTImageInfo@2@PB_W0K_NPAUHINSTANCE__@@@Z, ?GetDrawInfo@CPaintManagerUI@DuiLib@@QAEPBUtagTDrawInfo@2@PB_W0@Z, ?GetDPIObj@CPaintManagerUI@DuiLib@@QAEPAVCDPI@2@XZ, ?Scale@CDPI@DuiLib@@QAEHH@Z, ?SetAttribute@CButtonUI@DuiLib@@UAEXPB_W0@Z, ?DoEvent@CButtonUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z, ?PaintBkColor@CButtonUI@DuiLib@@UAEXPAUHDC__@@@Z, ?DrawImageString@CRenderEngine@DuiLib@@SA_NPAUHDC__@@PAVCPaintManagerUI@2@ABUtagRECT@@2PB_W3PAUHINSTANCE__@@KH_N@Z, ?PaintStatusImage@CButtonUI@DuiLib@@UAEXPAUHDC__@@@Z, ??0CButtonUI@DuiLib@@QAE@XZ, ??0CProgressUI@DuiLib@@QAE@XZ, ?SetBkImage@CControlUI@DuiLib@@QAEXPB_W@Z, ?SetValue@CProgressUI@DuiLib@@QAEXH@Z, ??1CEditUI@DuiLib@@UAE@XZ, ?PaintText@CLabelUI@DuiLib@@UAEXPAUHDC__@@@Z, ?DoEvent@CLabelUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z, ?SetEnabled@CControlUI@DuiLib@@UAEX_N@Z, ?GetControlFlags@CLabelUI@DuiLib@@UBEIXZ, ?GetInterface@CLabelUI@DuiLib@@UAEPAXPB_W@Z, ?GetClass@CLabelUI@DuiLib@@UBEPB_WXZ, ?EstimateSize@CListTextElementUI@DuiLib@@UAE?AUtagSIZE@@U3@@Z, ?DoEvent@CListTextElementUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z, ?GetControlFlags@CListTextElementUI@DuiLib@@UBEIXZ, ?GetInterface@CListTextElementUI@DuiLib@@UAEPAXPB_W@Z, ?GetClass@CListTextElementUI@DuiLib@@UBEPB_WXZ, ?PaintBorder@CEditUI@DuiLib@@UAEXPAUHDC__@@@Z, ?PaintText@CEditUI@DuiLib@@UAEXPAUHDC__@@@Z, ?PaintStatusImage@CEditUI@DuiLib@@UAEXPAUHDC__@@@Z, ?EstimateSize@CEditUI@DuiLib@@UAE?AUtagSIZE@@U3@@Z, ?DoEvent@CEditUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z, ?SetEnabled@CEditUI@DuiLib@@UAEX_N@Z, ?SetInternVisible@CEditUI@DuiLib@@UAEX_N@Z, ?SetVisible@CEditUI@DuiLib@@UAEX_N@Z, ?Move@CEditUI@DuiLib@@UAEXUtagSIZE@@_N@Z, ?SetPos@CEditUI@DuiLib@@UAEXUtagRECT@@_N@Z, ?GetControlFlags@CEditUI@DuiLib@@UBEIXZ, ?GetInterface@CEditUI@DuiLib@@UAEPAXPB_W@Z, ?GetClass@CEditUI@DuiLib@@UBEPB_WXZ, ?SetSel@CEditUI@DuiLib@@QAEXJJ@Z, ?GetPaintWindow@CPaintManagerUI@DuiLib@@QBEPAUHWND__@@XZ, ?SelectItemActivate@CListUI@DuiLib@@QAE_NH@Z, ?SetTextPadding@CLabelUI@DuiLib@@QAEXUtagRECT@@@Z, ??1CLabelUI@DuiLib@@UAE@XZ, ?SetMinValue@CEditUI@DuiLib@@QAEXH@Z, ?SetMaxValue@CEditUI@DuiLib@@QAEXH@Z, ?SetNumberOnly@CEditUI@DuiLib@@QAEX_N@Z, ?SetMaxChar@CEditUI@DuiLib@@QAEXI@Z, ?SetAttribute@CEditUI@DuiLib@@UAEXPB_W0@Z, ?SetAttribute@CLabelUI@DuiLib@@UAEXPB_W0@Z, ??0CEditUI@DuiLib@@QAE@XZ, ??0CLabelUI@DuiLib@@QAE@XZ, ?SetText@CEditUI@DuiLib@@UAEXPB_W@Z, ??0CDuiString@DuiLib@@QAE@_W@Z, ?GetText@CListTextElementUI@DuiLib@@QBEPB_WH@Z, ?InitListCtrl@CListExUI@DuiLib@@QAEXXZ, ??1CListTextElementUI@DuiLib@@UAE@XZ, ?SetText@CListTextElementUI@DuiLib@@QAEXHPB_W@Z, ??0CListTextElementUI@DuiLib@@QAE@XZ, ?EnsureVisible@CListUI@DuiLib@@QAEXH@Z, ?GetDefaultFontInfo@CPaintManagerUI@DuiLib@@QAEPAUtagTFontInfo@2@XZ, ?SetHotForeImage@CButtonUI@DuiLib@@UAEXPB_W@Z, ?GetHotForeImage@CButtonUI@DuiLib@@UAEPB_WXZ, ?SetDisabledImage@CButtonUI@DuiLib@@UAEXPB_W@Z, ?GetDisabledImage@CButtonUI@DuiLib@@UAEPB_WXZ, ?SetFocusedImage@CButtonUI@DuiLib@@UAEXPB_W@Z, ?GetFocusedImage@CButtonUI@DuiLib@@UAEPB_WXZ, ?SetPushedImage@CButtonUI@DuiLib@@UAEXPB_W@Z, ?GetPushedImage@CButtonUI@DuiLib@@UAEPB_WXZ, ?SetHotImage@CButtonUI@DuiLib@@UAEXPB_W@Z, ?GetHotImage@CButtonUI@DuiLib@@UAEPB_WXZ, ?GetNormalImage@CButtonUI@DuiLib@@UAEPB_WXZ, ?SetAutoCalcWidth@CLabelUI@DuiLib@@UAEX_N@Z, ?GetAutoCalcWidth@CLabelUI@DuiLib@@UBE_NXZ, ?PaintBorder@CButtonUI@DuiLib@@UAEXPAUHDC__@@@Z, ?DoPaint@CControlUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z, ?EstimateSize@CLabelUI@DuiLib@@UAE?AUtagSIZE@@U3@@Z, ?GetControlFlags@CButtonUI@DuiLib@@UBEIXZ, ?GetClass@CListContainerElementUI@DuiLib@@UBEPB_WXZ, ?GetHWND@CWindowWnd@DuiLib@@QBEPAUHWND__@@XZ, ?Mid@CDuiString@DuiLib@@QBE?AV12@HH@Z, ?Left@CDuiString@DuiLib@@QBE?AV12@H@Z, ?GetLength@CDuiString@DuiLib@@QBEHXZ, ??1CMenuWnd@DuiLib@@QAE@XZ, ?Init@CMenuWnd@DuiLib@@QAEXPAVCMenuElementUI@2@VSTRINGorID@2@UtagPOINT@@PAVCPaintManagerUI@2@PAVCStdStringPtrMap@2@K@Z, ?SetIndex@CListContainerElementUI@DuiLib@@UAEXH@Z, ?GetOwner@CListContainerElementUI@DuiLib@@UAEPAVIListOwnerUI@2@XZ, ?SetOwner@CListContainerElementUI@DuiLib@@UAEXPAVCControlUI@2@@Z, ?Select@CListContainerElementUI@DuiLib@@UAE_N_N@Z, ?SelectMulti@CListContainerElementUI@DuiLib@@UAE_N_N@Z, ?IsExpanded@CListContainerElementUI@DuiLib@@UBE_NXZ, ?Expand@CListContainerElementUI@DuiLib@@UAE_N_N@Z, ?DrawItemText@CListContainerElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z, ??1CListContainerElementUI@DuiLib@@UAE@XZ, ??0CDialogBuilder@DuiLib@@QAE@XZ, ?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z, ??0STRINGorID@DuiLib@@QAE@PB_W@Z, ??8CDuiString@DuiLib@@QBE_NPB_W@Z, ?DoEvent@CContainerUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z, ?Activate@CListContainerElementUI@DuiLib@@UAE_NXZ, ?DoEvent@CControlUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z, ?SetAttribute@CContainerUI@DuiLib@@UAEXPB_W0@Z, ??1CDialogBuilder@DuiLib@@QAE@XZ, ?Invalidate@CControlUI@DuiLib@@QAEXXZ, ?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z, ?SetTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@II@Z, ?DoPaint@CContainerUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z, ??0CHorizontalLayoutUI@DuiLib@@QAE@XZ, ?GetInterface@CHorizontalLayoutUI@DuiLib@@UAEPAXPB_W@Z, ?SetSelectedImage@COptionUI@DuiLib@@QAEXPB_W@Z, ?BindTabLayoutName@CButtonUI@DuiLib@@QAEXPB_W@Z, ?BindTabIndex@CButtonUI@DuiLib@@QAEXH@Z, ?GetBindTabLayoutIndex@CButtonUI@DuiLib@@QAEHXZ, ?GetBindTabLayoutName@CButtonUI@DuiLib@@QAEPB_WXZ, ?SetGroup@COptionUI@DuiLib@@QAEXPB_W@Z, ?DoEvent@CHorizontalLayoutUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z, ?SetVisible@CContainerUI@DuiLib@@UAEX_N@Z, ?SetEnabled@CContainerUI@DuiLib@@UAEX_N@Z, ?GetControlFlags@CHorizontalLayoutUI@DuiLib@@UBEIXZ, ?SetPos@CHorizontalLayoutUI@DuiLib@@UAEXUtagRECT@@_N@Z, ?SetAttribute@CHorizontalLayoutUI@DuiLib@@UAEXPB_W0@Z, ??1CHorizontalLayoutUI@DuiLib@@UAE@XZ, ??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z, ??HCDuiString@DuiLib@@QBE?AV01@ABV01@@Z, ??0CListLabelElementUI@DuiLib@@QAE@XZ, ?SelectItem1@CComboUI@DuiLib@@QAE_NH_N0@Z, ?GetClass@CListLabelElementUI@DuiLib@@UBEPB_WXZ, ?GetInterface@CListLabelElementUI@DuiLib@@UAEPAXPB_W@Z, ?GetControlFlags@CListElementUI@DuiLib@@UBEIXZ, ?Activate@CListElementUI@DuiLib@@UAE_NXZ, ?SetManager@CControlUI@DuiLib@@UAEXPAVCPaintManagerUI@2@PAV12@_N@Z, ?GetClientPos@CControlUI@DuiLib@@UBE?AUtagRECT@@XZ, ?SetPos@CControlUI@DuiLib@@UAEXUtagRECT@@_N@Z, ?Move@CControlUI@DuiLib@@UAEXUtagSIZE@@_N@Z, ?SetVisible@CListElementUI@DuiLib@@UAEX_N@Z, ?SetInternVisible@CControlUI@DuiLib@@UAEX_N@Z, ?SetEnabled@CListElementUI@DuiLib@@UAEX_N@Z, ?SetMouseEnabled@CControlUI@DuiLib@@UAEX_N@Z, ?FindControl@CControlUI@DuiLib@@UAEPAV12@P6GPAV12@PAV12@PAX@Z1I@Z, ?DoEvent@CListLabelElementUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z, ?SetAttribute@CListElementUI@DuiLib@@UAEXPB_W0@Z, ?EstimateSize@CListLabelElementUI@DuiLib@@UAE?AUtagSIZE@@U3@@Z, ?DoPaint@CListLabelElementUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z, ?DoPostPaint@CControlUI@DuiLib@@UAEXPAUHDC__@@ABUtagRECT@@@Z, ?GetClass@CHorizontalLayoutUI@DuiLib@@UBEPB_WXZ, ??1CListLabelElementUI@DuiLib@@UAE@XZ, ?SetMaxValue@CProgressUI@DuiLib@@QAEXH@Z, ?GetValue@CProgressUI@DuiLib@@QBEHXZ, ?SetSelectColor@CColorPaletteUI@DuiLib@@QAEXK@Z, ?GetSelectColor@CColorPaletteUI@DuiLib@@QAEKXZ, ?GetBkColor@CControlUI@DuiLib@@QBEKXZ, ?SetBkColor@CControlUI@DuiLib@@QAEXK@Z, ?Create@CWindowWnd@DuiLib@@QAEPAUHWND__@@PAU3@PB_WKKHHHHPAUHMENU__@@@Z, ?CenterWindow@CWindowWnd@DuiLib@@QAEXXZ, ?ShowModal@CWindowWnd@DuiLib@@QAEIXZ, ?ReverseFind@CDuiString@DuiLib@@QBEH_W@Z, ?GetResourcePath@CPaintManagerUI@DuiLib@@SAABVCDuiString@2@XZ, ?GetManager@CControlUI@DuiLib@@UBEPAVCPaintManagerUI@2@XZ, ?SetManager@CContainerUI@DuiLib@@UAEXPAVCPaintManagerUI@2@PAVCControlUI@2@_N@Z, ?GetParent@CControlUI@DuiLib@@UBEPAV12@XZ, ?SetText@CControlUI@DuiLib@@UAEXPB_W@Z, ?IsResourceText@CControlUI@DuiLib@@UBE_NXZ, ?SetResourceText@CControlUI@DuiLib@@UAEX_N@Z, ?IsDragEnabled@CControlUI@DuiLib@@UBE_NXZ, ?SetDragEnable@CControlUI@DuiLib@@UAEX_N@Z, ?IsDropEnabled@CControlUI@DuiLib@@UBE_NXZ, ?SetDropEnable@CControlUI@DuiLib@@UAEX_N@Z, ?GetRelativePos@CControlUI@DuiLib@@UBE?AUtagRECT@@XZ, ?GetClientPos@CContainerUI@DuiLib@@UBE?AUtagRECT@@XZ, ?GetPos@CControlUI@DuiLib@@UBEABUtagRECT@@XZ, ?SetPos@CListContainerElementUI@DuiLib@@UAEXUtagRECT@@_N@Z, ?Move@CContainerUI@DuiLib@@UAEXUtagSIZE@@_N@Z, ?GetWidth@CControlUI@DuiLib@@UBEHXZ, ?GetData@CDuiString@DuiLib@@QBEPB_WXZ, ?SetNormalImage@CButtonUI@DuiLib@@UAEXPB_W@Z, ?SetVisible@CControlUI@DuiLib@@UAEX_N@Z, ??YCDuiString@DuiLib@@QAEABV01@PB_W@Z, ?DeletePtr@CPaintManagerUI@DuiLib@@QAEXPAX@Z, ?GetHeight@CControlUI@DuiLib@@UBEHXZ, ?RemoveVirtualWnd@CNotifyPump@DuiLib@@QAE_NVCDuiString@2@@Z, ?GetX@CControlUI@DuiLib@@UBEHXZ, ?SetText@CLabelUI@DuiLib@@UAEXPB_W@Z, ??0CMenuWnd@DuiLib@@QAE@XZ, ?GetIndex@CListContainerElementUI@DuiLib@@UBEHXZ
WINHTTP.dllWinHttpGetIEProxyConfigForCurrentUser, WinHttpGetProxyForUrl, WinHttpWriteData, WinHttpQueryDataAvailable, WinHttpCrackUrl, WinHttpOpen, WinHttpConnect, WinHttpOpenRequest, WinHttpSendRequest, WinHttpReceiveResponse, WinHttpQueryHeaders, WinHttpCloseHandle, WinHttpReadData, WinHttpSetOption, WinHttpAddRequestHeaders, WinHttpSetTimeouts
OLEACC.dllAccessibleObjectFromWindow, LresultFromObject, CreateStdAccessibleObject
WINMM.dllPlaySoundW
SETUPAPI.dllSetupDiDestroyDeviceInfoList, SetupDiGetDeviceInterfaceDetailW, SetupDiEnumDeviceInterfaces, SetupDiGetClassDevsW

Possible Origin

Language of compilation systemCountry where language is spokenMap
ChineseChina
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

General

Target ID:0
Start time:04:30:03
Start date:04/07/2023
Path:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exe
Wow64 process (32bit):true
Commandline:C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.24523.15488.exe
Imagebase:0x150000
File size:3'746'816 bytes
MD5 hash:0D978E2A8F4D8FE4A9E454C6C39C1605
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

Non-executed Functions

APIs
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4030,000000FF,48591883,?,00376254,000000FF), ref: 001528B8
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4034,000000FF,?,00376254,000000FF), ref: 0015294E
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4038,000000FF,?,00376254,000000FF), ref: 001529DC
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D403C,000000FF,?,00376254,000000FF), ref: 00152A6F
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4040,000000FF,?,00376254,000000FF), ref: 00152AFF
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4044,000000FF,?,00376254,000000FF), ref: 00152B93
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4048,000000FF,?,00376254,000000FF), ref: 00152C23
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D404C,000000FF,?,00376254,000000FF), ref: 00152CB6
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4050,000000FF,?,00376254,000000FF), ref: 00152D41
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4054,000000FF,?,00376254,000000FF), ref: 00152DCE
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4058,000000FF,?,00376254,000000FF), ref: 00152E55
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$__onexit
  • String ID: 0FB$<IB$\DB$hGB
  • API String ID: 2284767783-3047158677
  • Opcode ID: 71ccf639788e03c6cb15b7e4196a230a99d691d2421949769a6dae776a6214fc
  • Instruction ID: 7f6ac9ba1cd64f60966554492deea0c80a635ce6e2509d8dea967e1154817f29
  • Opcode Fuzzy Hash: 71ccf639788e03c6cb15b7e4196a230a99d691d2421949769a6dae776a6214fc
  • Instruction Fuzzy Hash: 90E10C6432928097E324EBB4FC147523262EFE9310F90A53DD529CB7F5E7BA4946870E
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 65%
			E0036C83D(void* __ebx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20, intOrPtr _a24) {
				signed int _v8;
				char _v460;
				signed int _v464;
				void _v468;
				signed int _v472;
				signed int _v932;
				signed int _v936;
				signed int _v1392;
				signed int _v1396;
				signed int _v1400;
				char _v1860;
				signed int _v1864;
				signed int _v1865;
				signed int _v1872;
				signed int _v1876;
				signed int _v1880;
				signed int _v1884;
				signed int _v1888;
				signed int _v1892;
				signed int _v1896;
				intOrPtr _v1900;
				signed int _v1904;
				signed int _v1908;
				signed int _v1912;
				signed int _v1916;
				signed int _v1920;
				signed int _v1924;
				signed int _v1928;
				char _v1936;
				char _v1944;
				char _v2404;
				signed int _v2408;
				signed int _v2436;
				signed int _t724;
				signed int _t734;
				signed int _t735;
				signed int _t746;
				signed int _t751;
				signed int _t752;
				signed int _t758;
				signed int _t764;
				intOrPtr _t766;
				void* _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t779;
				signed int _t784;
				signed int _t785;
				signed int _t786;
				signed int _t789;
				signed int _t790;
				signed int _t791;
				signed int _t793;
				signed int _t794;
				signed int _t795;
				signed int _t796;
				signed int _t801;
				signed int _t802;
				signed int _t808;
				signed int _t809;
				signed int _t812;
				signed int _t817;
				signed int _t825;
				signed int* _t828;
				signed int _t832;
				signed int _t843;
				signed int _t844;
				signed int _t846;
				char* _t847;
				signed int _t850;
				signed int _t854;
				signed int _t855;
				signed int _t860;
				signed int _t862;
				signed int _t867;
				signed int _t876;
				signed int _t879;
				signed int _t881;
				signed int _t884;
				signed int _t885;
				signed int _t886;
				signed int _t889;
				signed int _t902;
				signed int _t903;
				signed int _t905;
				char* _t906;
				signed int _t909;
				signed int _t913;
				signed int _t914;
				signed int* _t916;
				signed int _t919;
				signed int _t921;
				signed int _t926;
				signed int _t934;
				signed int _t937;
				signed int _t941;
				signed int* _t948;
				intOrPtr _t950;
				void* _t951;
				intOrPtr* _t953;
				signed int* _t957;
				unsigned int _t968;
				signed int _t969;
				void* _t972;
				signed int _t973;
				void* _t975;
				signed int _t976;
				signed int _t977;
				signed int _t978;
				signed int _t988;
				signed int _t993;
				signed int _t996;
				unsigned int _t999;
				signed int _t1000;
				void* _t1003;
				signed int _t1004;
				void* _t1006;
				signed int _t1007;
				signed int _t1008;
				signed int _t1009;
				signed int _t1014;
				signed int* _t1019;
				signed int _t1021;
				signed int _t1031;
				void _t1034;
				signed int _t1037;
				void* _t1040;
				signed int _t1047;
				signed int _t1054;
				signed int _t1055;
				signed int _t1058;
				signed int _t1059;
				signed int _t1061;
				signed int _t1062;
				signed int _t1063;
				signed int _t1067;
				signed int _t1071;
				signed int _t1072;
				signed int _t1073;
				signed int _t1075;
				signed int _t1076;
				signed int _t1077;
				signed int _t1078;
				signed int _t1079;
				signed int _t1080;
				signed int _t1082;
				signed int _t1083;
				signed int _t1084;
				signed int _t1085;
				signed int _t1086;
				signed int _t1087;
				unsigned int _t1088;
				void* _t1091;
				intOrPtr _t1093;
				signed int _t1094;
				signed int _t1095;
				signed int _t1096;
				signed int* _t1100;
				void* _t1104;
				void* _t1105;
				signed int _t1106;
				signed int _t1107;
				signed int _t1108;
				signed int _t1111;
				signed int _t1112;
				signed int _t1117;
				signed int _t1119;
				signed int _t1122;
				char _t1127;
				signed int _t1129;
				signed int _t1130;
				signed int _t1131;
				signed int _t1132;
				signed int _t1133;
				signed int _t1134;
				signed int _t1135;
				signed int _t1139;
				signed int _t1140;
				signed int _t1141;
				signed int _t1142;
				signed int _t1143;
				unsigned int _t1146;
				void* _t1150;
				void* _t1151;
				unsigned int _t1152;
				signed int _t1157;
				signed int _t1158;
				signed int _t1160;
				signed int _t1161;
				intOrPtr* _t1163;
				signed int _t1164;
				signed int _t1166;
				signed int _t1167;
				signed int _t1170;
				signed int _t1172;
				signed int _t1173;
				void* _t1174;
				signed int _t1175;
				signed int _t1176;
				signed int _t1177;
				void* _t1180;
				signed int _t1181;
				signed int _t1182;
				signed int _t1183;
				signed int _t1184;
				signed int _t1185;
				signed int* _t1188;
				signed int _t1189;
				signed int _t1190;
				signed int _t1191;
				signed int _t1192;
				intOrPtr* _t1194;
				intOrPtr* _t1195;
				signed int _t1197;
				signed int _t1199;
				signed int _t1202;
				signed int _t1208;
				signed int _t1212;
				signed int _t1217;
				signed int _t1220;
				signed int _t1221;
				signed int _t1222;
				signed int _t1223;
				signed int _t1224;
				signed int _t1225;
				signed int _t1227;
				signed int _t1228;
				signed int _t1229;
				signed int _t1230;
				signed int _t1232;
				signed int _t1233;
				signed int _t1234;
				signed int _t1235;
				signed int _t1236;
				signed int _t1238;
				signed int _t1239;
				signed int _t1241;
				signed int _t1243;
				signed int _t1245;
				signed int _t1248;
				signed int _t1253;
				signed int* _t1254;
				signed int* _t1257;
				signed int _t1266;

				_t1248 = _t1253;
				_t1254 = _t1253 - 0x964;
				_t724 =  *0x414f64; // 0x48591883
				_v8 = _t724 ^ _t1248;
				_t1031 = _a20;
				_push(__esi);
				_push(__edi);
				_t1163 = _a16;
				_v1924 = _t1163;
				_v1920 = _t1031;
				E0036C813( &_v1944, __eflags);
				_t1212 = _a8;
				_t729 = 0x2d;
				if((_t1212 & 0x80000000) == 0) {
					_t729 = 0x120;
				}
				 *_t1163 = _t729;
				 *((intOrPtr*)(_t1163 + 8)) = _t1031;
				_t1164 = _a4;
				if((_t1212 & 0x7ff00000) != 0) {
					L6:
					_t734 = E00361992( &_a4);
					_pop(_t1046);
					__eflags = _t734;
					if(_t734 != 0) {
						_t1046 = _v1924;
						 *((intOrPtr*)(_v1924 + 4)) = 1;
					}
					_t735 = _t734 - 1;
					__eflags = _t735;
					if(_t735 == 0) {
						_push("1#INF");
						goto L309;
					} else {
						_t751 = _t735 - 1;
						__eflags = _t751;
						if(_t751 == 0) {
							_push("1#QNAN");
							goto L309;
						} else {
							_t752 = _t751 - 1;
							__eflags = _t752;
							if(_t752 == 0) {
								_push("1#SNAN");
								goto L309;
							} else {
								__eflags = _t752 == 1;
								if(_t752 == 1) {
									_push("1#IND");
									goto L309;
								} else {
									_v1928 = _v1928 & 0x00000000;
									_a4 = _t1164;
									_a8 = _t1212 & 0x7fffffff;
									_t1266 = _a4;
									asm("fst qword [ebp-0x768]");
									_t1166 = _v1896;
									_v1916 = _a12 + 1;
									_t1054 = _t1166 >> 0x14;
									_t758 = _t1054 & 0x000007ff;
									__eflags = _t758;
									if(_t758 != 0) {
										_t1119 = 0;
										_t758 = 0;
										__eflags = 0;
									} else {
										_t1119 = 1;
									}
									_t1167 = _t1166 & 0x000fffff;
									_t1034 = _v1900 + _t758;
									asm("adc edi, esi");
									__eflags = _t1119;
									_t1055 = _t1054 & 0x000007ff;
									_t1217 = _t1055 - 0x434 + (0 | _t1119 != 0x00000000) + 1;
									_v1872 = _t1217;
									E0036EEB0(_t1055, _t1266);
									_push(_t1055);
									_push(_t1055);
									 *_t1254 = _t1266;
									_t764 = E003457B0(E0035C470(_t1167, _t1217), _t1266);
									_v1904 = _t764;
									__eflags = _t764 - 0x7fffffff;
									if(_t764 == 0x7fffffff) {
										L17:
										__eflags = 0;
										_v1904 = 0;
									} else {
										__eflags = _t764 - 0x80000000;
										if(_t764 == 0x80000000) {
											goto L17;
										}
									}
									_v468 = _t1034;
									__eflags = _t1167;
									_v464 = _t1167;
									_t1037 = (0 | _t1167 != 0x00000000) + 1;
									_v472 = _t1037;
									__eflags = _t1217;
									if(_t1217 < 0) {
										__eflags = _t1217 - 0xfffffc02;
										if(_t1217 == 0xfffffc02) {
											L102:
											_t766 =  *((intOrPtr*)(_t1248 + _t1037 * 4 - 0x1d4));
											_t195 =  &_v1896;
											 *_t195 = _v1896 & 0x00000000;
											__eflags =  *_t195;
											asm("bsr eax, eax");
											if( *_t195 == 0) {
												_t1058 = 0;
												__eflags = 0;
											} else {
												_t1058 = _t766 + 1;
											}
											_t767 = 0x20;
											_t768 = _t767 - _t1058;
											__eflags = _t768 - 1;
											_t769 = _t768 & 0xffffff00 | _t768 - 0x00000001 > 0x00000000;
											__eflags = _t1037 - 0x73;
											_v1865 = _t769;
											_t1059 = _t1058 & 0xffffff00 | _t1037 - 0x00000073 > 0x00000000;
											__eflags = _t1037 - 0x73;
											if(_t1037 != 0x73) {
												L108:
												_t770 = 0;
												__eflags = 0;
											} else {
												__eflags = _t769;
												if(_t769 == 0) {
													goto L108;
												} else {
													_t770 = 1;
												}
											}
											__eflags = _t1059;
											if(_t1059 != 0) {
												L127:
												_v1400 = _v1400 & 0x00000000;
												_t224 =  &_v472;
												 *_t224 = _v472 & 0x00000000;
												__eflags =  *_t224;
												E00354838( &_v468, 0x1cc,  &_v1396, 0);
												_t1254 =  &(_t1254[4]);
											} else {
												__eflags = _t770;
												if(_t770 != 0) {
													goto L127;
												} else {
													_t1086 = 0x72;
													__eflags = _t1037 - _t1086;
													if(_t1037 < _t1086) {
														_t1086 = _t1037;
													}
													__eflags = _t1086 - 0xffffffff;
													if(_t1086 != 0xffffffff) {
														_t1235 = _t1086;
														_t1194 =  &_v468 + _t1086 * 4;
														_v1880 = _t1194;
														while(1) {
															__eflags = _t1235 - _t1037;
															if(_t1235 >= _t1037) {
																_t208 =  &_v1876;
																 *_t208 = _v1876 & 0x00000000;
																__eflags =  *_t208;
															} else {
																_v1876 =  *_t1194;
															}
															_t210 = _t1235 - 1; // 0x70
															__eflags = _t210 - _t1037;
															if(_t210 >= _t1037) {
																_t1146 = 0;
																__eflags = 0;
															} else {
																_t1146 =  *(_t1194 - 4);
															}
															_t1194 = _t1194 - 4;
															_t948 = _v1880;
															_t1235 = _t1235 - 1;
															 *_t948 = _t1146 >> 0x0000001f ^ _v1876 + _v1876;
															_v1880 = _t948 - 4;
															__eflags = _t1235 - 0xffffffff;
															if(_t1235 == 0xffffffff) {
																break;
															}
															_t1037 = _v472;
														}
														_t1217 = _v1872;
													}
													__eflags = _v1865;
													if(_v1865 == 0) {
														_v472 = _t1086;
													} else {
														_t218 = _t1086 + 1; // 0x73
														_v472 = _t218;
													}
												}
											}
											_t1170 = 1 - _t1217;
											E00349980(_t1170,  &_v1396, 0, 1);
											__eflags = 1;
											 *(_t1248 + 0xbad63d) = 1 << (_t1170 & 0x0000001f);
											_t779 = 0xbadbae;
										} else {
											_v1396 = _v1396 & 0x00000000;
											_t1087 = 2;
											_v1392 = 0x100000;
											_v1400 = _t1087;
											__eflags = _t1037 - _t1087;
											if(_t1037 == _t1087) {
												_t1150 = 0;
												__eflags = 0;
												while(1) {
													_t950 =  *((intOrPtr*)(_t1248 + _t1150 - 0x570));
													__eflags = _t950 -  *((intOrPtr*)(_t1248 + _t1150 - 0x1d0));
													if(_t950 !=  *((intOrPtr*)(_t1248 + _t1150 - 0x1d0))) {
														goto L102;
													}
													_t1150 = _t1150 + 4;
													__eflags = _t1150 - 8;
													if(_t1150 != 8) {
														continue;
													} else {
														_t166 =  &_v1896;
														 *_t166 = _v1896 & 0x00000000;
														__eflags =  *_t166;
														asm("bsr eax, edi");
														if( *_t166 == 0) {
															_t1151 = 0;
															__eflags = 0;
														} else {
															_t1151 = _t950 + 1;
														}
														_t951 = 0x20;
														_t1236 = _t1087;
														__eflags = _t951 - _t1151 - _t1087;
														_t953 =  &_v460;
														_v1880 = _t953;
														_t1195 = _t953;
														_t171 =  &_v1865;
														 *_t171 = _t951 - _t1151 - _t1087 > 0;
														__eflags =  *_t171;
														while(1) {
															__eflags = _t1236 - _t1037;
															if(_t1236 >= _t1037) {
																_t173 =  &_v1876;
																 *_t173 = _v1876 & 0x00000000;
																__eflags =  *_t173;
															} else {
																_v1876 =  *_t1195;
															}
															_t175 = _t1236 - 1; // 0x0
															__eflags = _t175 - _t1037;
															if(_t175 >= _t1037) {
																_t1152 = 0;
																__eflags = 0;
															} else {
																_t1152 =  *(_t1195 - 4);
															}
															_t1195 = _t1195 - 4;
															_t957 = _v1880;
															_t1236 = _t1236 - 1;
															 *_t957 = _t1152 >> 0x0000001e ^ _v1876 << 0x00000002;
															_v1880 = _t957 - 4;
															__eflags = _t1236 - 0xffffffff;
															if(_t1236 == 0xffffffff) {
																break;
															}
															_t1037 = _v472;
														}
														__eflags = _v1865;
														_t1088 = _t1087 - _v1872;
														_v472 = (0 | _v1865 != 0x00000000) + _t1087;
														_t1197 = _t1088 >> 5;
														_v1884 = _t1088;
														_t1238 = _t1197 << 2;
														E00349980(_t1197,  &_v1396, 0, _t1238);
														 *(_t1248 + _t1238 - 0x570) = 1 << (_v1884 & 0x0000001f);
														_t779 = _t1197 + 1;
													}
													goto L129;
												}
											}
											goto L102;
										}
										L129:
										_v1400 = _t779;
										_t1040 = 0x1cc;
										_v936 = _t779;
										__eflags = _t779 << 2;
										E00354838( &_v932, 0x1cc,  &_v1396, _t779 << 2);
										_t1257 =  &(_t1254[7]);
									} else {
										_v1396 = _v1396 & 0x00000000;
										_t1239 = 2;
										_v1392 = 0x100000;
										_v1400 = _t1239;
										__eflags = _t1037 - _t1239;
										if(_t1037 != _t1239) {
											L54:
											_t968 = _v1872 + 1;
											_t969 = _t968 & 0x0000001f;
											_t1091 = 0x20;
											_v1876 = _t969;
											_t1199 = _t968 >> 5;
											_v1872 = _t1199;
											_v1908 = _t1091 - _t969;
											_t972 = E00345870(1, _t1091 - _t969, 0);
											_t1093 =  *((intOrPtr*)(_t1248 + _t1037 * 4 - 0x1d4));
											_t973 = _t972 - 1;
											_t108 =  &_v1896;
											 *_t108 = _v1896 & 0x00000000;
											__eflags =  *_t108;
											asm("bsr ecx, ecx");
											_v1884 = _t973;
											_v1912 =  !_t973;
											if( *_t108 == 0) {
												_t1094 = 0;
												__eflags = 0;
											} else {
												_t1094 = _t1093 + 1;
											}
											_t975 = 0x20;
											_t976 = _t975 - _t1094;
											_t1157 = _t1037 + _t1199;
											__eflags = _v1876 - _t976;
											_v1892 = _t1157;
											_t977 = _t976 & 0xffffff00 | _v1876 - _t976 > 0x00000000;
											__eflags = _t1157 - 0x73;
											_v1865 = _t977;
											_t1095 = _t1094 & 0xffffff00 | _t1157 - 0x00000073 > 0x00000000;
											__eflags = _t1157 - 0x73;
											if(_t1157 != 0x73) {
												L60:
												_t978 = 0;
												__eflags = 0;
											} else {
												__eflags = _t977;
												if(_t977 == 0) {
													goto L60;
												} else {
													_t978 = 1;
												}
											}
											__eflags = _t1095;
											if(_t1095 != 0) {
												L82:
												__eflags = 0;
												_t1040 = 0x1cc;
												_v1400 = 0;
												_v472 = 0;
												E00354838( &_v468, 0x1cc,  &_v1396, 0);
												_t1254 =  &(_t1254[4]);
											} else {
												__eflags = _t978;
												if(_t978 != 0) {
													goto L82;
												} else {
													_t1096 = 0x72;
													__eflags = _t1157 - _t1096;
													if(_t1157 >= _t1096) {
														_t1157 = _t1096;
														_v1892 = _t1096;
													}
													_t988 = _t1157;
													_v1880 = _t988;
													__eflags = _t1157 - 0xffffffff;
													if(_t1157 != 0xffffffff) {
														_t1158 = _v1872;
														_t1241 = _t1157 - _t1158;
														__eflags = _t1241;
														_t1100 =  &_v468 + _t1241 * 4;
														_v1888 = _t1100;
														while(1) {
															__eflags = _t988 - _t1158;
															if(_t988 < _t1158) {
																break;
															}
															__eflags = _t1241 - _t1037;
															if(_t1241 >= _t1037) {
																_t1202 = 0;
																__eflags = 0;
															} else {
																_t1202 =  *_t1100;
															}
															__eflags = _t1241 - 1 - _t1037;
															if(_t1241 - 1 >= _t1037) {
																_t993 = 0;
																__eflags = 0;
															} else {
																_t993 =  *(_t1100 - 4);
															}
															_t996 = _v1880;
															_t1100 = _v1888 - 4;
															_v1888 = _t1100;
															 *(_t1248 + _t996 * 4 - 0x1d0) = (_t1202 & _v1884) << _v1876 | (_t993 & _v1912) >> _v1908;
															_t988 = _t996 - 1;
															_t1241 = _t1241 - 1;
															_v1880 = _t988;
															__eflags = _t988 - 0xffffffff;
															if(_t988 != 0xffffffff) {
																_t1037 = _v472;
																continue;
															}
															break;
														}
														_t1157 = _v1892;
														_t1199 = _v1872;
														_t1239 = 2;
													}
													__eflags = _t1199;
													if(_t1199 != 0) {
														__eflags = 0;
														memset( &_v468, 0, _t1199 << 2);
														_t1254 =  &(_t1254[3]);
													}
													__eflags = _v1865;
													_t1040 = 0x1cc;
													if(_v1865 == 0) {
														_v472 = _t1157;
													} else {
														_v472 = _t1157 + 1;
													}
												}
											}
											_v1392 = _v1392 & 0x00000000;
											_v1396 = _t1239;
											_v1400 = 1;
											_v936 = 1;
											_push(4);
										} else {
											_t1104 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((intOrPtr*)(_t1248 + _t1104 - 0x570)) -  *((intOrPtr*)(_t1248 + _t1104 - 0x1d0));
												if( *((intOrPtr*)(_t1248 + _t1104 - 0x570)) !=  *((intOrPtr*)(_t1248 + _t1104 - 0x1d0))) {
													goto L54;
												}
												_t1104 = _t1104 + 4;
												__eflags = _t1104 - 8;
												if(_t1104 != 8) {
													continue;
												} else {
													_t999 = _v1872 + 2;
													_t1000 = _t999 & 0x0000001f;
													_t1105 = 0x20;
													_t1106 = _t1105 - _t1000;
													_v1888 = _t1000;
													_t1243 = _t999 >> 5;
													_v1876 = _t1243;
													_v1908 = _t1106;
													_t1003 = E00345870(1, _t1106, 0);
													_v1896 = _v1896 & 0x00000000;
													_t1004 = _t1003 - 1;
													__eflags = _t1004;
													asm("bsr ecx, edi");
													_v1884 = _t1004;
													_v1912 =  !_t1004;
													if(_t1004 == 0) {
														_t1107 = 0;
														__eflags = 0;
													} else {
														_t1107 = _t1106 + 1;
													}
													_t1006 = 0x20;
													_t1007 = _t1006 - _t1107;
													_t1160 = _t1243 + 2;
													__eflags = _v1888 - _t1007;
													_v1880 = _t1160;
													_t1008 = _t1007 & 0xffffff00 | _v1888 - _t1007 > 0x00000000;
													__eflags = _t1160 - 0x73;
													_v1865 = _t1008;
													_t1108 = _t1107 & 0xffffff00 | _t1160 - 0x00000073 > 0x00000000;
													__eflags = _t1160 - 0x73;
													if(_t1160 != 0x73) {
														L29:
														_t1009 = 0;
														__eflags = 0;
													} else {
														__eflags = _t1008;
														if(_t1008 == 0) {
															goto L29;
														} else {
															_t1009 = 1;
														}
													}
													__eflags = _t1108;
													if(_t1108 != 0) {
														L51:
														__eflags = 0;
														_t1040 = 0x1cc;
														_v1400 = 0;
														_v472 = 0;
														E00354838( &_v468, 0x1cc,  &_v1396, 0);
														_t1254 =  &(_t1254[4]);
													} else {
														__eflags = _t1009;
														if(_t1009 != 0) {
															goto L51;
														} else {
															_t1111 = 0x72;
															__eflags = _t1160 - _t1111;
															if(_t1160 >= _t1111) {
																_t1160 = _t1111;
																_v1880 = _t1111;
															}
															_t1112 = _t1160;
															_v1892 = _t1112;
															__eflags = _t1160 - 0xffffffff;
															if(_t1160 != 0xffffffff) {
																_t1161 = _v1876;
																_t1245 = _t1160 - _t1161;
																__eflags = _t1245;
																_t1019 =  &_v468 + _t1245 * 4;
																_v1872 = _t1019;
																while(1) {
																	__eflags = _t1112 - _t1161;
																	if(_t1112 < _t1161) {
																		break;
																	}
																	__eflags = _t1245 - _t1037;
																	if(_t1245 >= _t1037) {
																		_t1208 = 0;
																		__eflags = 0;
																	} else {
																		_t1208 =  *_t1019;
																	}
																	__eflags = _t1245 - 1 - _t1037;
																	if(_t1245 - 1 >= _t1037) {
																		_t1021 = 0;
																		__eflags = 0;
																	} else {
																		_t1021 =  *(_v1872 - 4);
																	}
																	_t1117 = _v1892;
																	 *(_t1248 + _t1117 * 4 - 0x1d0) = (_t1021 & _v1912) >> _v1908 | (_t1208 & _v1884) << _v1888;
																	_t1112 = _t1117 - 1;
																	_t1245 = _t1245 - 1;
																	_t1019 = _v1872 - 4;
																	_v1892 = _t1112;
																	_v1872 = _t1019;
																	__eflags = _t1112 - 0xffffffff;
																	if(_t1112 != 0xffffffff) {
																		_t1037 = _v472;
																		continue;
																	}
																	break;
																}
																_t1160 = _v1880;
																_t1243 = _v1876;
															}
															__eflags = _t1243;
															if(_t1243 != 0) {
																__eflags = 0;
																memset( &_v468, 0, _t1243 << 2);
																_t1254 =  &(_t1254[3]);
															}
															__eflags = _v1865;
															_t1040 = 0x1cc;
															if(_v1865 == 0) {
																_v472 = _t1160;
															} else {
																_v472 = _t1160 + 1;
															}
														}
													}
													_v1392 = _v1392 & 0x00000000;
													_t1014 = 4;
													__eflags = 1;
													_v1396 = _t1014;
													_v1400 = 1;
													_v936 = 1;
													_push(_t1014);
												}
												goto L53;
											}
											goto L54;
										}
										L53:
										_push( &_v1396);
										_push(_t1040);
										_push( &_v932);
										E00354838();
										_t1257 =  &(_t1254[4]);
									}
									_t784 = _v1904;
									_t1061 = 0xa;
									_v1912 = _t1061;
									__eflags = _t784;
									if(_t784 < 0) {
										_t785 =  ~_t784;
										_t786 = _t785 / _t1061;
										_v1880 = _t786;
										_t1062 = _t785 % _t1061;
										_v1884 = _t1062;
										__eflags = _t786;
										if(_t786 == 0) {
											L250:
											__eflags = _t1062;
											if(_t1062 != 0) {
												_t825 =  *(0x3ba1e4 + _t1062 * 4);
												_v1896 = _t825;
												__eflags = _t825;
												if(_t825 == 0) {
													L261:
													__eflags = 0;
													_push(0);
													_v472 = 0;
													_v2408 = 0;
													goto L262;
												} else {
													__eflags = _t825 - 1;
													if(_t825 != 1) {
														_t1073 = _v472;
														__eflags = _t1073;
														if(_t1073 != 0) {
															_t1177 = 0;
															_t1225 = 0;
															__eflags = 0;
															do {
																_t1131 = _t825 *  *(_t1248 + _t1225 * 4 - 0x1d0) >> 0x20;
																 *(_t1248 + _t1225 * 4 - 0x1d0) = _t825 *  *(_t1248 + _t1225 * 4 - 0x1d0) + _t1177;
																_t825 = _v1896;
																asm("adc edx, 0x0");
																_t1225 = _t1225 + 1;
																_t1177 = _t1131;
																__eflags = _t1225 - _t1073;
															} while (_t1225 != _t1073);
															__eflags = _t1177;
															if(_t1177 != 0) {
																_t832 = _v472;
																__eflags = _t832 - 0x73;
																if(_t832 >= 0x73) {
																	goto L261;
																} else {
																	 *(_t1248 + _t832 * 4 - 0x1d0) = _t1177;
																	_v472 = _v472 + 1;
																}
															}
														}
													}
												}
											}
										} else {
											do {
												__eflags = _t786 - 0x26;
												if(_t786 > 0x26) {
													_t786 = 0x26;
												}
												_t1074 =  *(0x3ba14e + _t786 * 4) & 0x000000ff;
												_v1872 = _t786;
												_v1400 = ( *(0x3ba14e + _t786 * 4) & 0x000000ff) + ( *(0x3ba14f + _t786 * 4) & 0x000000ff);
												E00349980(_t1074 << 2,  &_v1396, 0, _t1074 << 2);
												_t843 = E00349400( &(( &_v1396)[_t1074]), 0x3b9848 + ( *(0x3ba14c + _v1872 * 4) & 0x0000ffff) * 4, ( *(0x3ba14f + _t786 * 4) & 0x000000ff) << 2);
												_t1075 = _v1400;
												_t1257 =  &(_t1257[6]);
												_v1892 = _t1075;
												__eflags = _t1075 - 1;
												if(_t1075 > 1) {
													__eflags = _v472 - 1;
													if(_v472 > 1) {
														__eflags = _t1075 - _v472;
														_t1180 =  &_v1396;
														_t844 = _t843 & 0xffffff00 | _t1075 - _v472 > 0x00000000;
														__eflags = _t844;
														if(_t844 != 0) {
															_t1132 =  &_v468;
														} else {
															_t1180 =  &_v468;
															_t1132 =  &_v1396;
														}
														_v1908 = _t1132;
														__eflags = _t844;
														if(_t844 == 0) {
															_t1075 = _v472;
														}
														_v1876 = _t1075;
														__eflags = _t844;
														if(_t844 != 0) {
															_v1892 = _v472;
														}
														_t1133 = 0;
														_t1227 = 0;
														_v1864 = 0;
														__eflags = _t1075;
														if(_t1075 == 0) {
															L244:
															_v472 = _t1133;
															_t846 = _t1133 << 2;
															__eflags = _t846;
															_push(_t846);
															_t847 =  &_v1860;
															goto L245;
														} else {
															_t1181 = _t1180 -  &_v1860;
															__eflags = _t1181;
															_v1928 = _t1181;
															do {
																_t854 =  *(_t1248 + _t1181 + _t1227 * 4 - 0x740);
																_v1896 = _t854;
																__eflags = _t854;
																if(_t854 != 0) {
																	_t855 = 0;
																	_t1182 = 0;
																	_t1076 = _t1227;
																	_v1888 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L241:
																		__eflags = _t1076 - 0x73;
																		if(_t1076 == 0x73) {
																			goto L259;
																		} else {
																			_t1181 = _v1928;
																			_t1075 = _v1876;
																			goto L243;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1076 - 0x73;
																			if(_t1076 == 0x73) {
																				goto L236;
																			}
																			__eflags = _t1076 - _t1133;
																			if(_t1076 == _t1133) {
																				 *(_t1248 + _t1076 * 4 - 0x740) =  *(_t1248 + _t1076 * 4 - 0x740) & 0x00000000;
																				_t867 = _t855 + 1 + _t1227;
																				__eflags = _t867;
																				_v1864 = _t867;
																				_t855 = _v1888;
																			}
																			_t862 =  *(_v1908 + _t855 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1248 + _t1076 * 4 - 0x740) =  *(_t1248 + _t1076 * 4 - 0x740) + _t862 * _v1896 + _t1182;
																			asm("adc edx, 0x0");
																			_t855 = _v1888 + 1;
																			_t1076 = _t1076 + 1;
																			_v1888 = _t855;
																			_t1182 = _t862 * _v1896 >> 0x20;
																			_t1133 = _v1864;
																			__eflags = _t855 - _v1892;
																			if(_t855 != _v1892) {
																				continue;
																			} else {
																				goto L236;
																			}
																			while(1) {
																				L236:
																				__eflags = _t1182;
																				if(_t1182 == 0) {
																					goto L241;
																				}
																				__eflags = _t1076 - 0x73;
																				if(_t1076 == 0x73) {
																					goto L259;
																				} else {
																					__eflags = _t1076 - _t1133;
																					if(_t1076 == _t1133) {
																						_t558 = _t1248 + _t1076 * 4 - 0x740;
																						 *_t558 =  *(_t1248 + _t1076 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t558;
																						_t564 = _t1076 + 1; // 0x1
																						_v1864 = _t564;
																					}
																					_t860 = _t1182;
																					_t1182 = 0;
																					 *(_t1248 + _t1076 * 4 - 0x740) =  *(_t1248 + _t1076 * 4 - 0x740) + _t860;
																					_t1133 = _v1864;
																					asm("adc edi, edi");
																					_t1076 = _t1076 + 1;
																					continue;
																				}
																				goto L247;
																			}
																			goto L241;
																		}
																		goto L236;
																	}
																} else {
																	__eflags = _t1227 - _t1133;
																	if(_t1227 == _t1133) {
																		 *(_t1248 + _t1227 * 4 - 0x740) =  *(_t1248 + _t1227 * 4 - 0x740) & _t854;
																		_t526 = _t1227 + 1; // 0x1
																		_t1133 = _t526;
																		_v1864 = _t1133;
																	}
																	goto L243;
																}
																goto L247;
																L243:
																_t1227 = _t1227 + 1;
																__eflags = _t1227 - _t1075;
															} while (_t1227 != _t1075);
															goto L244;
														}
													} else {
														_t1183 = _v468;
														_v472 = _t1075;
														E00354838( &_v468, _t1040,  &_v1396, _t1075 << 2);
														_t1257 =  &(_t1257[4]);
														__eflags = _t1183;
														if(_t1183 == 0) {
															goto L204;
														} else {
															__eflags = _t1183 - 1;
															if(_t1183 == 1) {
																goto L246;
															} else {
																__eflags = _v472;
																if(_v472 == 0) {
																	goto L246;
																} else {
																	_t1077 = 0;
																	_v1896 = _v472;
																	_t1228 = 0;
																	__eflags = 0;
																	do {
																		_t876 = _t1183;
																		_t1134 = _t876 *  *(_t1248 + _t1228 * 4 - 0x1d0) >> 0x20;
																		 *(_t1248 + _t1228 * 4 - 0x1d0) = _t876 *  *(_t1248 + _t1228 * 4 - 0x1d0) + _t1077;
																		asm("adc edx, 0x0");
																		_t1228 = _t1228 + 1;
																		_t1077 = _t1134;
																		__eflags = _t1228 - _v1896;
																	} while (_t1228 != _v1896);
																	goto L209;
																}
															}
														}
													}
												} else {
													_t1184 = _v1396;
													__eflags = _t1184;
													if(_t1184 != 0) {
														__eflags = _t1184 - 1;
														if(_t1184 == 1) {
															goto L246;
														} else {
															__eflags = _v472;
															if(_v472 == 0) {
																goto L246;
															} else {
																_t1078 = 0;
																_v1896 = _v472;
																_t1229 = 0;
																__eflags = 0;
																do {
																	_t881 = _t1184;
																	_t1135 = _t881 *  *(_t1248 + _t1229 * 4 - 0x1d0) >> 0x20;
																	 *(_t1248 + _t1229 * 4 - 0x1d0) = _t881 *  *(_t1248 + _t1229 * 4 - 0x1d0) + _t1078;
																	asm("adc edx, 0x0");
																	_t1229 = _t1229 + 1;
																	_t1078 = _t1135;
																	__eflags = _t1229 - _v1896;
																} while (_t1229 != _v1896);
																L209:
																__eflags = _t1077;
																if(_t1077 == 0) {
																	goto L246;
																} else {
																	_t879 = _v472;
																	__eflags = _t879 - 0x73;
																	if(_t879 >= 0x73) {
																		L259:
																		_v2408 = 0;
																		_v472 = 0;
																		E00354838( &_v468, _t1040,  &_v2404, 0);
																		_t1257 =  &(_t1257[4]);
																		_t850 = 0;
																	} else {
																		 *(_t1248 + _t879 * 4 - 0x1d0) = _t1077;
																		_v472 = _v472 + 1;
																		goto L246;
																	}
																}
															}
														}
													} else {
														L204:
														_v2408 = 0;
														_v472 = 0;
														_push(0);
														_t847 =  &_v2404;
														L245:
														_push(_t847);
														_push(_t1040);
														_push( &_v468);
														E00354838();
														_t1257 =  &(_t1257[4]);
														L246:
														_t850 = 1;
													}
												}
												L247:
												__eflags = _t850;
												if(_t850 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_v472 = _v472 & 0x00000000;
													_push(0);
													L262:
													_push( &_v2404);
													_t828 =  &_v468;
													goto L263;
												} else {
													goto L248;
												}
												goto L264;
												L248:
												_t786 = _v1880 - _v1872;
												__eflags = _t786;
												_v1880 = _t786;
											} while (_t786 != 0);
											_t1062 = _v1884;
											goto L250;
										}
									} else {
										_t884 = _t784 / _t1061;
										_v1908 = _t884;
										_t1079 = _t784 % _t1061;
										_v1896 = _t1079;
										__eflags = _t884;
										if(_t884 == 0) {
											L185:
											__eflags = _t1079;
											if(_t1079 != 0) {
												_t1185 =  *(0x3ba1e4 + _t1079 * 4);
												__eflags = _t1185;
												if(_t1185 != 0) {
													__eflags = _t1185 - 1;
													if(_t1185 != 1) {
														_t885 = _v936;
														_v1896 = _t885;
														__eflags = _t885;
														if(_t885 != 0) {
															_t1230 = 0;
															_t1080 = 0;
															__eflags = 0;
															do {
																_t886 = _t1185;
																_t1139 = _t886 *  *(_t1248 + _t1080 * 4 - 0x3a0) >> 0x20;
																 *(_t1248 + _t1080 * 4 - 0x3a0) = _t886 *  *(_t1248 + _t1080 * 4 - 0x3a0) + _t1230;
																asm("adc edx, 0x0");
																_t1080 = _t1080 + 1;
																_t1230 = _t1139;
																__eflags = _t1080 - _v1896;
															} while (_t1080 != _v1896);
															__eflags = _t1230;
															if(_t1230 != 0) {
																_t889 = _v936;
																__eflags = _t889 - 0x73;
																if(_t889 >= 0x73) {
																	goto L187;
																} else {
																	 *(_t1248 + _t889 * 4 - 0x3a0) = _t1230;
																	_v936 = _v936 + 1;
																}
															}
														}
													}
												} else {
													L187:
													_v2408 = 0;
													_v936 = 0;
													_push(0);
													goto L191;
												}
											}
										} else {
											do {
												__eflags = _t884 - 0x26;
												if(_t884 > 0x26) {
													_t884 = 0x26;
												}
												_t1081 =  *(0x3ba14e + _t884 * 4) & 0x000000ff;
												_v1888 = _t884;
												_v1400 = ( *(0x3ba14e + _t884 * 4) & 0x000000ff) + ( *(0x3ba14f + _t884 * 4) & 0x000000ff);
												E00349980(_t1081 << 2,  &_v1396, 0, _t1081 << 2);
												_t902 = E00349400( &(( &_v1396)[_t1081]), 0x3b9848 + ( *(0x3ba14c + _v1888 * 4) & 0x0000ffff) * 4, ( *(0x3ba14f + _t884 * 4) & 0x000000ff) << 2);
												_t1082 = _v1400;
												_t1257 =  &(_t1257[6]);
												_v1892 = _t1082;
												__eflags = _t1082 - 1;
												if(_t1082 > 1) {
													__eflags = _v936 - 1;
													if(_v936 > 1) {
														__eflags = _t1082 - _v936;
														_t1188 =  &_v1396;
														_t903 = _t902 & 0xffffff00 | _t1082 - _v936 > 0x00000000;
														__eflags = _t903;
														if(_t903 != 0) {
															_t1140 =  &_v932;
														} else {
															_t1188 =  &_v932;
															_t1140 =  &_v1396;
														}
														_v1876 = _t1140;
														__eflags = _t903;
														if(_t903 == 0) {
															_t1082 = _v936;
														}
														_v1880 = _t1082;
														__eflags = _t903;
														if(_t903 != 0) {
															_v1892 = _v936;
														}
														_t1141 = 0;
														_t1232 = 0;
														_v1864 = 0;
														__eflags = _t1082;
														if(_t1082 == 0) {
															L178:
															_v936 = _t1141;
															_t905 = _t1141 << 2;
															__eflags = _t905;
															goto L179;
														} else {
															_t1189 = _t1188 -  &_v1860;
															__eflags = _t1189;
															_v1928 = _t1189;
															do {
																_t913 =  *(_t1248 + _t1189 + _t1232 * 4 - 0x740);
																_v1884 = _t913;
																__eflags = _t913;
																if(_t913 != 0) {
																	_t914 = 0;
																	_t1190 = 0;
																	_t1083 = _t1232;
																	_v1872 = 0;
																	__eflags = _v1892;
																	if(_v1892 == 0) {
																		L175:
																		__eflags = _t1083 - 0x73;
																		if(_t1083 == 0x73) {
																			goto L188;
																		} else {
																			_t1189 = _v1928;
																			_t1082 = _v1880;
																			goto L177;
																		}
																	} else {
																		while(1) {
																			__eflags = _t1083 - 0x73;
																			if(_t1083 == 0x73) {
																				goto L170;
																			}
																			__eflags = _t1083 - _t1141;
																			if(_t1083 == _t1141) {
																				 *(_t1248 + _t1083 * 4 - 0x740) =  *(_t1248 + _t1083 * 4 - 0x740) & 0x00000000;
																				_t926 = _t914 + 1 + _t1232;
																				__eflags = _t926;
																				_v1864 = _t926;
																				_t914 = _v1872;
																			}
																			_t921 =  *(_v1876 + _t914 * 4);
																			asm("adc edx, 0x0");
																			 *(_t1248 + _t1083 * 4 - 0x740) =  *(_t1248 + _t1083 * 4 - 0x740) + _t921 * _v1884 + _t1190;
																			asm("adc edx, 0x0");
																			_t914 = _v1872 + 1;
																			_t1083 = _t1083 + 1;
																			_v1872 = _t914;
																			_t1190 = _t921 * _v1884 >> 0x20;
																			_t1141 = _v1864;
																			__eflags = _t914 - _v1892;
																			if(_t914 != _v1892) {
																				continue;
																			} else {
																				goto L170;
																			}
																			while(1) {
																				L170:
																				__eflags = _t1190;
																				if(_t1190 == 0) {
																					goto L175;
																				}
																				__eflags = _t1083 - 0x73;
																				if(_t1083 == 0x73) {
																					L188:
																					__eflags = 0;
																					_v2408 = 0;
																					_v936 = 0;
																					_push(0);
																					_t916 =  &_v2404;
																					goto L189;
																				} else {
																					__eflags = _t1083 - _t1141;
																					if(_t1083 == _t1141) {
																						_t370 = _t1248 + _t1083 * 4 - 0x740;
																						 *_t370 =  *(_t1248 + _t1083 * 4 - 0x740) & 0x00000000;
																						__eflags =  *_t370;
																						_t376 = _t1083 + 1; // 0x1
																						_v1864 = _t376;
																					}
																					_t919 = _t1190;
																					_t1190 = 0;
																					 *(_t1248 + _t1083 * 4 - 0x740) =  *(_t1248 + _t1083 * 4 - 0x740) + _t919;
																					_t1141 = _v1864;
																					asm("adc edi, edi");
																					_t1083 = _t1083 + 1;
																					continue;
																				}
																				goto L182;
																			}
																			goto L175;
																		}
																		goto L170;
																	}
																} else {
																	__eflags = _t1232 - _t1141;
																	if(_t1232 == _t1141) {
																		 *(_t1248 + _t1232 * 4 - 0x740) =  *(_t1248 + _t1232 * 4 - 0x740) & _t913;
																		_t338 = _t1232 + 1; // 0x1
																		_t1141 = _t338;
																		_v1864 = _t1141;
																	}
																	goto L177;
																}
																goto L182;
																L177:
																_t1232 = _t1232 + 1;
																__eflags = _t1232 - _t1082;
															} while (_t1232 != _t1082);
															goto L178;
														}
													} else {
														_t1191 = _v932;
														_v936 = _t1082;
														E00354838( &_v932, _t1040,  &_v1396, _t1082 << 2);
														_t1257 =  &(_t1257[4]);
														__eflags = _t1191;
														if(_t1191 != 0) {
															__eflags = _t1191 - 1;
															if(_t1191 == 1) {
																goto L181;
															} else {
																__eflags = _v936;
																if(_v936 == 0) {
																	goto L181;
																} else {
																	_t1084 = 0;
																	_v1884 = _v936;
																	_t1233 = 0;
																	__eflags = 0;
																	do {
																		_t934 = _t1191;
																		_t1142 = _t934 *  *(_t1248 + _t1233 * 4 - 0x3a0) >> 0x20;
																		 *(_t1248 + _t1233 * 4 - 0x3a0) = _t934 *  *(_t1248 + _t1233 * 4 - 0x3a0) + _t1084;
																		asm("adc edx, 0x0");
																		_t1233 = _t1233 + 1;
																		_t1084 = _t1142;
																		__eflags = _t1233 - _v1884;
																	} while (_t1233 != _v1884);
																	goto L150;
																}
															}
														} else {
															_v1400 = 0;
															_v936 = 0;
															_push(0);
															_t906 =  &_v1396;
															goto L180;
														}
													}
												} else {
													_t1192 = _v1396;
													__eflags = _t1192;
													if(_t1192 != 0) {
														__eflags = _t1192 - 1;
														if(_t1192 == 1) {
															goto L181;
														} else {
															__eflags = _v936;
															if(_v936 == 0) {
																goto L181;
															} else {
																_t1085 = 0;
																_v1884 = _v936;
																_t1234 = 0;
																__eflags = 0;
																do {
																	_t941 = _t1192;
																	_t1143 = _t941 *  *(_t1248 + _t1234 * 4 - 0x3a0) >> 0x20;
																	 *(_t1248 + _t1234 * 4 - 0x3a0) = _t941 *  *(_t1248 + _t1234 * 4 - 0x3a0) + _t1085;
																	asm("adc edx, 0x0");
																	_t1234 = _t1234 + 1;
																	_t1085 = _t1143;
																	__eflags = _t1234 - _v1884;
																} while (_t1234 != _v1884);
																L150:
																__eflags = _t1084;
																if(_t1084 == 0) {
																	goto L181;
																} else {
																	_t937 = _v936;
																	__eflags = _t937 - 0x73;
																	if(_t937 < 0x73) {
																		 *(_t1248 + _t937 * 4 - 0x3a0) = _t1084;
																		_v936 = _v936 + 1;
																		goto L181;
																	} else {
																		_v1400 = 0;
																		_v936 = 0;
																		_push(0);
																		_t916 =  &_v1396;
																		L189:
																		_push(_t916);
																		_push(_t1040);
																		_push( &_v932);
																		E00354838();
																		_t1257 =  &(_t1257[4]);
																		_t909 = 0;
																	}
																}
															}
														}
													} else {
														_t905 = 0;
														_v1864 = 0;
														_v936 = 0;
														L179:
														_push(_t905);
														_t906 =  &_v1860;
														L180:
														_push(_t906);
														_push(_t1040);
														_push( &_v932);
														E00354838();
														_t1257 =  &(_t1257[4]);
														L181:
														_t909 = 1;
													}
												}
												L182:
												__eflags = _t909;
												if(_t909 == 0) {
													_v2408 = _v2408 & 0x00000000;
													_t404 =  &_v936;
													 *_t404 = _v936 & 0x00000000;
													__eflags =  *_t404;
													_push(0);
													L191:
													_push( &_v2404);
													_t828 =  &_v932;
													L263:
													_push(_t1040);
													_push(_t828);
													E00354838();
													_t1257 =  &(_t1257[4]);
												} else {
													goto L183;
												}
												goto L264;
												L183:
												_t884 = _v1908 - _v1888;
												__eflags = _t884;
												_v1908 = _t884;
											} while (_t884 != 0);
											_t1079 = _v1896;
											goto L185;
										}
									}
									L264:
									_t1172 = _v1920;
									_t1220 = _t1172;
									_t1063 = _v472;
									_v1872 = _t1220;
									__eflags = _t1063;
									if(_t1063 != 0) {
										_t1224 = 0;
										_t1176 = 0;
										__eflags = 0;
										do {
											_t817 =  *(_t1248 + _t1176 * 4 - 0x1d0);
											_t1129 = 0xa;
											_t1130 = _t817 * _t1129 >> 0x20;
											 *(_t1248 + _t1176 * 4 - 0x1d0) = _t817 * _t1129 + _t1224;
											asm("adc edx, 0x0");
											_t1176 = _t1176 + 1;
											_t1224 = _t1130;
											__eflags = _t1176 - _t1063;
										} while (_t1176 != _t1063);
										_v1896 = _t1224;
										__eflags = _t1224;
										_t1220 = _v1872;
										if(_t1224 != 0) {
											_t1072 = _v472;
											__eflags = _t1072 - 0x73;
											if(_t1072 >= 0x73) {
												__eflags = 0;
												_v2408 = 0;
												_v472 = 0;
												E00354838( &_v468, _t1040,  &_v2404, 0);
												_t1257 =  &(_t1257[4]);
											} else {
												 *(_t1248 + _t1072 * 4 - 0x1d0) = _t1130;
												_v472 = _v472 + 1;
											}
										}
										_t1172 = _t1220;
									}
									_t789 = E00354360( &_v472,  &_v936);
									_t1122 = 0xa;
									__eflags = _t789 - _t1122;
									if(_t789 != _t1122) {
										__eflags = _t789;
										if(_t789 != 0) {
											_t790 = _t789 + 0x30;
											__eflags = _t790;
											_t1220 = _t1172 + 1;
											 *_t1172 = _t790;
											_v1872 = _t1220;
											goto L283;
										} else {
											_t791 = _v1904 - 1;
										}
									} else {
										_v1904 = _v1904 + 1;
										_t1220 = _t1172 + 1;
										_t808 = _v936;
										 *_t1172 = 0x31;
										_v1872 = _t1220;
										__eflags = _t808;
										if(_t808 != 0) {
											_t1175 = 0;
											_t1223 = _t808;
											_t1071 = 0;
											__eflags = 0;
											do {
												_t809 =  *(_t1248 + _t1071 * 4 - 0x3a0);
												 *(_t1248 + _t1071 * 4 - 0x3a0) = _t809 * _t1122 + _t1175;
												asm("adc edx, 0x0");
												_t1071 = _t1071 + 1;
												_t1175 = _t809 * _t1122 >> 0x20;
												_t1122 = 0xa;
												__eflags = _t1071 - _t1223;
											} while (_t1071 != _t1223);
											_t1220 = _v1872;
											__eflags = _t1175;
											if(_t1175 != 0) {
												_t812 = _v936;
												__eflags = _t812 - 0x73;
												if(_t812 >= 0x73) {
													_v2408 = 0;
													_v936 = 0;
													E00354838( &_v932, _t1040,  &_v2404, 0);
													_t1257 =  &(_t1257[4]);
												} else {
													 *(_t1248 + _t812 * 4 - 0x3a0) = _t1175;
													_v936 = _v936 + 1;
												}
											}
										}
										L283:
										_t791 = _v1904;
									}
									 *((intOrPtr*)(_v1924 + 4)) = _t791;
									_t1046 = _v1916;
									__eflags = _t791;
									if(_t791 >= 0) {
										__eflags = _t1046 - 0x7fffffff;
										if(_t1046 <= 0x7fffffff) {
											_t1046 = _t1046 + _t791;
											__eflags = _t1046;
										}
									}
									_t793 = _a24 - 1;
									__eflags = _t793 - _t1046;
									if(_t793 >= _t1046) {
										_t793 = _t1046;
									}
									_t794 = _t793 + _v1920;
									_v1916 = _t794;
									__eflags = _t1220 - _t794;
									if(__eflags != 0) {
										while(1) {
											_t795 = _v472;
											__eflags = _t795;
											if(__eflags == 0) {
												goto L304;
											}
											_t1173 = 0;
											_t1221 = _t795;
											_t1067 = 0;
											__eflags = 0;
											do {
												_t796 =  *(_t1248 + _t1067 * 4 - 0x1d0);
												 *(_t1248 + _t1067 * 4 - 0x1d0) = _t796 * 0x3b9aca00 + _t1173;
												asm("adc edx, 0x0");
												_t1067 = _t1067 + 1;
												_t1173 = _t796 * 0x3b9aca00 >> 0x20;
												__eflags = _t1067 - _t1221;
											} while (_t1067 != _t1221);
											_t1222 = _v1872;
											__eflags = _t1173;
											if(_t1173 != 0) {
												_t802 = _v472;
												__eflags = _t802 - 0x73;
												if(_t802 >= 0x73) {
													__eflags = 0;
													_v2408 = 0;
													_v472 = 0;
													E00354838( &_v468, _t1040,  &_v2404, 0);
													_t1257 =  &(_t1257[4]);
												} else {
													 *(_t1248 + _t802 * 4 - 0x1d0) = _t1173;
													_v472 = _v472 + 1;
												}
											}
											_t801 = E00354360( &_v472,  &_v936);
											_t1174 = 8;
											_t1046 = _v1916 - _t1222;
											__eflags = _t1046;
											do {
												_t708 = _t801 % _v1912;
												_t801 = _t801 / _v1912;
												_t1127 = _t708 + 0x30;
												__eflags = _t1046 - _t1174;
												if(_t1046 >= _t1174) {
													 *((char*)(_t1174 + _t1222)) = _t1127;
												}
												_t1174 = _t1174 - 1;
												__eflags = _t1174 - 0xffffffff;
											} while (_t1174 != 0xffffffff);
											__eflags = _t1046 - 9;
											if(_t1046 > 9) {
												_t1046 = 9;
											}
											_t1220 = _t1222 + _t1046;
											_v1872 = _t1220;
											__eflags = _t1220 - _v1916;
											if(__eflags != 0) {
												continue;
											}
											goto L304;
										}
									}
									L304:
									 *_t1220 = 0;
									goto L310;
								}
							}
						}
					}
				} else {
					_t1046 = _t1212 & 0x000fffff;
					if((_t1164 | _t1212 & 0x000fffff) != 0) {
						goto L6;
					} else {
						_push(0x3bde90);
						 *((intOrPtr*)(_v1924 + 4)) =  *(_v1924 + 4) & 0x00000000;
						L309:
						_push(_a24);
						_push(_t1031);
						if(E00360490() != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E0034D694();
							asm("int3");
							_push(_t1248);
							_t1047 = _v2436;
							__eflags = _t1047 - 0xfffffffe;
							if(_t1047 != 0xfffffffe) {
								__eflags = _t1047;
								if(_t1047 < 0) {
									L319:
									 *((intOrPtr*)(E0035013D())) = 9;
									E0034D667();
									goto L320;
								} else {
									__eflags = _t1047 -  *0x422420;
									if(_t1047 >=  *0x422420) {
										goto L319;
									} else {
										_t723 = 0x28 + (_t1047 & 0x0000003f) * 0x30; // 0x7d804c74
										_t746 =  *( *((intOrPtr*)(0x422220 + (_t1047 >> 6) * 4)) + _t723) & 0x40;
										__eflags = _t746;
										return _t746;
									}
								}
							} else {
								 *((intOrPtr*)(E0035013D())) = 9;
								L320:
								__eflags = 0;
								return 0;
							}
						} else {
							L310:
							_t1264 = _v1936;
							if(_v1936 != 0) {
								E0036EDC9(_t1046, _t1264,  &_v1944);
							}
							return E00344CC8(_v8 ^ _t1248);
						}
					}
				}
			}
























































































































































































































































0x0036c840
0x0036c842
0x0036c848
0x0036c84f
0x0036c853
0x0036c85c
0x0036c85d
0x0036c85e
0x0036c861
0x0036c867
0x0036c86d
0x0036c872
0x0036c881
0x0036c883
0x0036c885
0x0036c885
0x0036c88c
0x0036c896
0x0036c89b
0x0036c89e
0x0036c8c2
0x0036c8c6
0x0036c8cb
0x0036c8cc
0x0036c8ce
0x0036c8d0
0x0036c8d6
0x0036c8d6
0x0036c8dd
0x0036c8dd
0x0036c8e0
0x0036db90
0x00000000
0x0036c8e6
0x0036c8e6
0x0036c8e6
0x0036c8e9
0x0036db89
0x00000000
0x0036c8ef
0x0036c8ef
0x0036c8ef
0x0036c8f2
0x0036db82
0x00000000
0x0036c8f8
0x0036c8f8
0x0036c8fb
0x0036db7b
0x00000000
0x0036c901
0x0036c90a
0x0036c912
0x0036c915
0x0036c918
0x0036c91b
0x0036c921
0x0036c929
0x0036c92f
0x0036c939
0x0036c939
0x0036c93c
0x0036c944
0x0036c94b
0x0036c94b
0x0036c93e
0x0036c93e
0x0036c940
0x0036c953
0x0036c959
0x0036c95b
0x0036c95f
0x0036c964
0x0036c971
0x0036c973
0x0036c979
0x0036c97e
0x0036c97f
0x0036c980
0x0036c98a
0x0036c98f
0x0036c995
0x0036c99a
0x0036c9a3
0x0036c9a3
0x0036c9a5
0x0036c99c
0x0036c99c
0x0036c9a1
0x00000000
0x00000000
0x0036c9a1
0x0036c9ab
0x0036c9b3
0x0036c9b5
0x0036c9be
0x0036c9bf
0x0036c9c5
0x0036c9c7
0x0036cdba
0x0036cdc0
0x0036cedf
0x0036cedf
0x0036cee6
0x0036cee6
0x0036cee6
0x0036ceed
0x0036cef0
0x0036cef7
0x0036cef7
0x0036cef2
0x0036cef2
0x0036cef2
0x0036cefb
0x0036cefc
0x0036cefe
0x0036cf01
0x0036cf04
0x0036cf07
0x0036cf0d
0x0036cf10
0x0036cf13
0x0036cf1d
0x0036cf1d
0x0036cf1d
0x0036cf15
0x0036cf15
0x0036cf17
0x00000000
0x0036cf19
0x0036cf19
0x0036cf19
0x0036cf17
0x0036cf1f
0x0036cf21
0x0036cfc2
0x0036cfc2
0x0036cfcf
0x0036cfcf
0x0036cfcf
0x0036cfe5
0x0036cfea
0x0036cf27
0x0036cf27
0x0036cf29
0x00000000
0x0036cf2f
0x0036cf31
0x0036cf32
0x0036cf34
0x0036cf36
0x0036cf36
0x0036cf38
0x0036cf3b
0x0036cf43
0x0036cf45
0x0036cf48
0x0036cf4e
0x0036cf4e
0x0036cf50
0x0036cf5c
0x0036cf5c
0x0036cf5c
0x0036cf52
0x0036cf54
0x0036cf54
0x0036cf63
0x0036cf66
0x0036cf68
0x0036cf6f
0x0036cf6f
0x0036cf6a
0x0036cf6a
0x0036cf6a
0x0036cf77
0x0036cf81
0x0036cf87
0x0036cf88
0x0036cf8d
0x0036cf93
0x0036cf96
0x00000000
0x00000000
0x0036cf98
0x0036cf98
0x0036cfa0
0x0036cfa0
0x0036cfa6
0x0036cfad
0x0036cfba
0x0036cfaf
0x0036cfaf
0x0036cfb2
0x0036cfb2
0x0036cfad
0x0036cf29
0x0036cff6
0x0036d006
0x0036d013
0x0036d015
0x0036d01c
0x0036cdc6
0x0036cdc6
0x0036cdcf
0x0036cdd0
0x0036cdda
0x0036cde0
0x0036cde2
0x0036cde8
0x0036cde8
0x0036cdea
0x0036cdea
0x0036cdf1
0x0036cdf8
0x00000000
0x00000000
0x0036cdfe
0x0036ce01
0x0036ce04
0x00000000
0x0036ce06
0x0036ce06
0x0036ce06
0x0036ce06
0x0036ce0d
0x0036ce10
0x0036ce17
0x0036ce17
0x0036ce12
0x0036ce12
0x0036ce12
0x0036ce1b
0x0036ce1e
0x0036ce20
0x0036ce22
0x0036ce28
0x0036ce2e
0x0036ce30
0x0036ce30
0x0036ce30
0x0036ce37
0x0036ce37
0x0036ce39
0x0036ce45
0x0036ce45
0x0036ce45
0x0036ce3b
0x0036ce3d
0x0036ce3d
0x0036ce4c
0x0036ce4f
0x0036ce51
0x0036ce58
0x0036ce58
0x0036ce53
0x0036ce53
0x0036ce53
0x0036ce60
0x0036ce6b
0x0036ce71
0x0036ce72
0x0036ce77
0x0036ce7d
0x0036ce80
0x00000000
0x00000000
0x0036ce82
0x0036ce82
0x0036ce8c
0x0036ce97
0x0036ce9f
0x0036cea5
0x0036ceb0
0x0036ceb6
0x0036cebd
0x0036ced0
0x0036ced7
0x0036ced7
0x00000000
0x0036ce04
0x0036cdea
0x00000000
0x0036cde2
0x0036d01f
0x0036d01f
0x0036d025
0x0036d02a
0x0036d030
0x0036d043
0x0036d048
0x0036c9cd
0x0036c9cd
0x0036c9d6
0x0036c9d7
0x0036c9e1
0x0036c9e7
0x0036c9e9
0x0036cbef
0x0036cbf7
0x0036cbfa
0x0036cbff
0x0036cc02
0x0036cc0a
0x0036cc0e
0x0036cc14
0x0036cc1a
0x0036cc1f
0x0036cc26
0x0036cc27
0x0036cc27
0x0036cc27
0x0036cc2e
0x0036cc31
0x0036cc39
0x0036cc3f
0x0036cc44
0x0036cc44
0x0036cc41
0x0036cc41
0x0036cc41
0x0036cc48
0x0036cc49
0x0036cc4b
0x0036cc4e
0x0036cc54
0x0036cc5a
0x0036cc5d
0x0036cc60
0x0036cc66
0x0036cc69
0x0036cc6c
0x0036cc76
0x0036cc76
0x0036cc76
0x0036cc6e
0x0036cc6e
0x0036cc70
0x00000000
0x0036cc72
0x0036cc72
0x0036cc72
0x0036cc70
0x0036cc78
0x0036cc7a
0x0036cd6c
0x0036cd6c
0x0036cd6e
0x0036cd74
0x0036cd7a
0x0036cd8f
0x0036cd94
0x0036cc80
0x0036cc80
0x0036cc82
0x00000000
0x0036cc88
0x0036cc8a
0x0036cc8b
0x0036cc8d
0x0036cc8f
0x0036cc91
0x0036cc91
0x0036cc97
0x0036cc99
0x0036cc9f
0x0036cca2
0x0036ccb0
0x0036ccb6
0x0036ccb6
0x0036ccb8
0x0036ccbb
0x0036ccc1
0x0036ccc1
0x0036ccc3
0x00000000
0x00000000
0x0036ccc5
0x0036ccc7
0x0036cccd
0x0036cccd
0x0036ccc9
0x0036ccc9
0x0036ccc9
0x0036ccd2
0x0036ccd4
0x0036ccdb
0x0036ccdb
0x0036ccd6
0x0036ccd6
0x0036ccd6
0x0036cd01
0x0036cd07
0x0036cd0a
0x0036cd10
0x0036cd17
0x0036cd18
0x0036cd19
0x0036cd1f
0x0036cd22
0x0036cd24
0x00000000
0x0036cd24
0x00000000
0x0036cd22
0x0036cd2c
0x0036cd32
0x0036cd3a
0x0036cd3a
0x0036cd3b
0x0036cd3d
0x0036cd41
0x0036cd49
0x0036cd49
0x0036cd49
0x0036cd4b
0x0036cd52
0x0036cd57
0x0036cd64
0x0036cd59
0x0036cd5c
0x0036cd5c
0x0036cd57
0x0036cc82
0x0036cd97
0x0036cda1
0x0036cda7
0x0036cdad
0x0036cdb3
0x0036c9ef
0x0036c9ef
0x0036c9ef
0x0036c9f1
0x0036c9f8
0x0036c9ff
0x00000000
0x00000000
0x0036ca05
0x0036ca08
0x0036ca0b
0x00000000
0x0036ca0d
0x0036ca15
0x0036ca1a
0x0036ca1f
0x0036ca20
0x0036ca22
0x0036ca2a
0x0036ca2e
0x0036ca34
0x0036ca3a
0x0036ca3f
0x0036ca46
0x0036ca46
0x0036ca47
0x0036ca4a
0x0036ca52
0x0036ca58
0x0036ca5d
0x0036ca5d
0x0036ca5a
0x0036ca5a
0x0036ca5a
0x0036ca61
0x0036ca62
0x0036ca64
0x0036ca67
0x0036ca6d
0x0036ca73
0x0036ca76
0x0036ca79
0x0036ca7f
0x0036ca82
0x0036ca85
0x0036ca8f
0x0036ca8f
0x0036ca8f
0x0036ca87
0x0036ca87
0x0036ca89
0x00000000
0x0036ca8b
0x0036ca8b
0x0036ca8b
0x0036ca89
0x0036ca91
0x0036ca93
0x0036cb88
0x0036cb88
0x0036cb8a
0x0036cb90
0x0036cb96
0x0036cbab
0x0036cbb0
0x0036ca99
0x0036ca99
0x0036ca9b
0x00000000
0x0036caa1
0x0036caa3
0x0036caa4
0x0036caa6
0x0036caa8
0x0036caaa
0x0036caaa
0x0036cab0
0x0036cab2
0x0036cab8
0x0036cabb
0x0036cac9
0x0036cacf
0x0036cacf
0x0036cad1
0x0036cad4
0x0036cada
0x0036cada
0x0036cadc
0x00000000
0x00000000
0x0036cade
0x0036cae0
0x0036cae6
0x0036cae6
0x0036cae2
0x0036cae2
0x0036cae2
0x0036caeb
0x0036caed
0x0036cafa
0x0036cafa
0x0036caef
0x0036caf5
0x0036caf5
0x0036cb18
0x0036cb20
0x0036cb27
0x0036cb2e
0x0036cb2f
0x0036cb32
0x0036cb38
0x0036cb3e
0x0036cb41
0x0036cb43
0x00000000
0x0036cb43
0x00000000
0x0036cb41
0x0036cb4b
0x0036cb51
0x0036cb51
0x0036cb57
0x0036cb59
0x0036cb63
0x0036cb65
0x0036cb65
0x0036cb65
0x0036cb67
0x0036cb6e
0x0036cb73
0x0036cb80
0x0036cb75
0x0036cb78
0x0036cb78
0x0036cb73
0x0036ca9b
0x0036cbb3
0x0036cbbe
0x0036cbbf
0x0036cbc0
0x0036cbc6
0x0036cbcc
0x0036cbd2
0x0036cbd2
0x00000000
0x0036ca0b
0x00000000
0x0036c9f1
0x0036cbd3
0x0036cbd9
0x0036cbe0
0x0036cbe1
0x0036cbe2
0x0036cbe7
0x0036cbe7
0x0036d04b
0x0036d055
0x0036d056
0x0036d05c
0x0036d05e
0x0036d4c7
0x0036d4c9
0x0036d4cb
0x0036d4d1
0x0036d4d3
0x0036d4d9
0x0036d4db
0x0036d82d
0x0036d82d
0x0036d82f
0x0036d835
0x0036d83c
0x0036d842
0x0036d844
0x0036d8e2
0x0036d8e2
0x0036d8e4
0x0036d8e5
0x0036d8eb
0x00000000
0x0036d84a
0x0036d84a
0x0036d84d
0x0036d853
0x0036d859
0x0036d85b
0x0036d861
0x0036d863
0x0036d863
0x0036d865
0x0036d865
0x0036d86e
0x0036d875
0x0036d87b
0x0036d87e
0x0036d87f
0x0036d881
0x0036d881
0x0036d885
0x0036d887
0x0036d889
0x0036d88f
0x0036d892
0x00000000
0x0036d894
0x0036d894
0x0036d89b
0x0036d89b
0x0036d892
0x0036d887
0x0036d85b
0x0036d84d
0x0036d844
0x0036d4e1
0x0036d4e1
0x0036d4e1
0x0036d4e4
0x0036d4e8
0x0036d4e8
0x0036d4e9
0x0036d4fb
0x0036d508
0x0036d517
0x0036d541
0x0036d546
0x0036d54c
0x0036d54f
0x0036d555
0x0036d558
0x0036d5f1
0x0036d5f8
0x0036d676
0x0036d67c
0x0036d682
0x0036d685
0x0036d687
0x0036d710
0x0036d68d
0x0036d68d
0x0036d693
0x0036d693
0x0036d699
0x0036d69f
0x0036d6a1
0x0036d6a3
0x0036d6a3
0x0036d6a9
0x0036d6af
0x0036d6b1
0x0036d6b9
0x0036d6b9
0x0036d6bf
0x0036d6c1
0x0036d6c3
0x0036d6c9
0x0036d6cb
0x0036d7e2
0x0036d7e4
0x0036d7ea
0x0036d7ea
0x0036d7ed
0x0036d7ee
0x00000000
0x0036d6d1
0x0036d6d7
0x0036d6d7
0x0036d6d9
0x0036d6df
0x0036d6e2
0x0036d6e9
0x0036d6ef
0x0036d6f1
0x0036d718
0x0036d71a
0x0036d71c
0x0036d71e
0x0036d724
0x0036d72a
0x0036d7c4
0x0036d7c4
0x0036d7c7
0x00000000
0x0036d7cd
0x0036d7cd
0x0036d7d3
0x00000000
0x0036d7d3
0x0036d730
0x0036d730
0x0036d730
0x0036d733
0x00000000
0x00000000
0x0036d735
0x0036d737
0x0036d739
0x0036d742
0x0036d742
0x0036d744
0x0036d74a
0x0036d74a
0x0036d756
0x0036d761
0x0036d764
0x0036d771
0x0036d774
0x0036d775
0x0036d776
0x0036d77c
0x0036d77e
0x0036d784
0x0036d78a
0x00000000
0x00000000
0x00000000
0x00000000
0x0036d78c
0x0036d78c
0x0036d78c
0x0036d78e
0x00000000
0x00000000
0x0036d790
0x0036d793
0x00000000
0x0036d799
0x0036d799
0x0036d79b
0x0036d79d
0x0036d79d
0x0036d79d
0x0036d7a5
0x0036d7a8
0x0036d7a8
0x0036d7ae
0x0036d7b0
0x0036d7b2
0x0036d7b9
0x0036d7bf
0x0036d7c1
0x00000000
0x0036d7c1
0x00000000
0x0036d793
0x00000000
0x0036d78c
0x00000000
0x0036d730
0x0036d6f3
0x0036d6f3
0x0036d6f5
0x0036d6fb
0x0036d702
0x0036d702
0x0036d705
0x0036d705
0x00000000
0x0036d6f5
0x00000000
0x0036d7d9
0x0036d7d9
0x0036d7da
0x0036d7da
0x00000000
0x0036d6df
0x0036d5fa
0x0036d5fa
0x0036d60c
0x0036d61b
0x0036d620
0x0036d623
0x0036d625
0x00000000
0x0036d62b
0x0036d62b
0x0036d62e
0x00000000
0x0036d634
0x0036d634
0x0036d63b
0x00000000
0x0036d641
0x0036d647
0x0036d649
0x0036d64f
0x0036d64f
0x0036d651
0x0036d651
0x0036d653
0x0036d65c
0x0036d663
0x0036d666
0x0036d667
0x0036d669
0x0036d669
0x00000000
0x0036d671
0x0036d63b
0x0036d62e
0x0036d625
0x0036d55e
0x0036d55e
0x0036d564
0x0036d566
0x0036d582
0x0036d585
0x00000000
0x0036d58b
0x0036d58b
0x0036d592
0x00000000
0x0036d598
0x0036d59e
0x0036d5a0
0x0036d5a6
0x0036d5a6
0x0036d5a8
0x0036d5a8
0x0036d5aa
0x0036d5b3
0x0036d5ba
0x0036d5bd
0x0036d5be
0x0036d5c0
0x0036d5c0
0x0036d5c8
0x0036d5c8
0x0036d5ca
0x00000000
0x0036d5d0
0x0036d5d0
0x0036d5d6
0x0036d5d9
0x0036d8a3
0x0036d8a6
0x0036d8ac
0x0036d8c1
0x0036d8c6
0x0036d8c9
0x0036d5df
0x0036d5df
0x0036d5e6
0x00000000
0x0036d5e6
0x0036d5d9
0x0036d5ca
0x0036d592
0x0036d568
0x0036d568
0x0036d56a
0x0036d570
0x0036d576
0x0036d577
0x0036d7f4
0x0036d7f4
0x0036d7fb
0x0036d7fc
0x0036d7fd
0x0036d802
0x0036d805
0x0036d805
0x0036d805
0x0036d566
0x0036d807
0x0036d807
0x0036d809
0x0036d8d0
0x0036d8d7
0x0036d8de
0x0036d8f1
0x0036d8f7
0x0036d8f8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0036d80f
0x0036d815
0x0036d815
0x0036d81b
0x0036d81b
0x0036d827
0x00000000
0x0036d827
0x0036d064
0x0036d064
0x0036d066
0x0036d06c
0x0036d06e
0x0036d074
0x0036d076
0x0036d3ed
0x0036d3ed
0x0036d3ef
0x0036d3f5
0x0036d3fc
0x0036d3fe
0x0036d45d
0x0036d460
0x0036d466
0x0036d46c
0x0036d472
0x0036d474
0x0036d47a
0x0036d47c
0x0036d47c
0x0036d47e
0x0036d47e
0x0036d480
0x0036d489
0x0036d490
0x0036d493
0x0036d494
0x0036d496
0x0036d496
0x0036d49e
0x0036d4a0
0x0036d4a6
0x0036d4ac
0x0036d4af
0x00000000
0x0036d4b5
0x0036d4b5
0x0036d4bc
0x0036d4bc
0x0036d4af
0x0036d4a0
0x0036d474
0x0036d400
0x0036d400
0x0036d402
0x0036d408
0x0036d40e
0x00000000
0x0036d40e
0x0036d3fe
0x0036d07c
0x0036d07c
0x0036d07c
0x0036d07f
0x0036d083
0x0036d083
0x0036d084
0x0036d096
0x0036d0a3
0x0036d0b2
0x0036d0dc
0x0036d0e1
0x0036d0e7
0x0036d0ea
0x0036d0f0
0x0036d0f3
0x0036d16f
0x0036d176
0x0036d23a
0x0036d240
0x0036d246
0x0036d249
0x0036d24b
0x0036d2d4
0x0036d251
0x0036d251
0x0036d257
0x0036d257
0x0036d25d
0x0036d263
0x0036d265
0x0036d267
0x0036d267
0x0036d26d
0x0036d273
0x0036d275
0x0036d27d
0x0036d27d
0x0036d283
0x0036d285
0x0036d287
0x0036d28d
0x0036d28f
0x0036d3a6
0x0036d3a8
0x0036d3ae
0x0036d3ae
0x00000000
0x0036d295
0x0036d29b
0x0036d29b
0x0036d29d
0x0036d2a3
0x0036d2a6
0x0036d2ad
0x0036d2b3
0x0036d2b5
0x0036d2dc
0x0036d2de
0x0036d2e0
0x0036d2e2
0x0036d2e8
0x0036d2ee
0x0036d388
0x0036d388
0x0036d38b
0x00000000
0x0036d391
0x0036d391
0x0036d397
0x00000000
0x0036d397
0x0036d2f4
0x0036d2f4
0x0036d2f4
0x0036d2f7
0x00000000
0x00000000
0x0036d2f9
0x0036d2fb
0x0036d2fd
0x0036d306
0x0036d306
0x0036d308
0x0036d30e
0x0036d30e
0x0036d31a
0x0036d325
0x0036d328
0x0036d335
0x0036d338
0x0036d339
0x0036d33a
0x0036d340
0x0036d342
0x0036d348
0x0036d34e
0x00000000
0x00000000
0x00000000
0x00000000
0x0036d350
0x0036d350
0x0036d350
0x0036d352
0x00000000
0x00000000
0x0036d354
0x0036d357
0x0036d411
0x0036d411
0x0036d413
0x0036d419
0x0036d41f
0x0036d420
0x00000000
0x0036d35d
0x0036d35d
0x0036d35f
0x0036d361
0x0036d361
0x0036d361
0x0036d369
0x0036d36c
0x0036d36c
0x0036d372
0x0036d374
0x0036d376
0x0036d37d
0x0036d383
0x0036d385
0x00000000
0x0036d385
0x00000000
0x0036d357
0x00000000
0x0036d350
0x00000000
0x0036d2f4
0x0036d2b7
0x0036d2b7
0x0036d2b9
0x0036d2bf
0x0036d2c6
0x0036d2c6
0x0036d2c9
0x0036d2c9
0x00000000
0x0036d2b9
0x00000000
0x0036d39d
0x0036d39d
0x0036d39e
0x0036d39e
0x00000000
0x0036d2a3
0x0036d17c
0x0036d17c
0x0036d18e
0x0036d19d
0x0036d1a2
0x0036d1a5
0x0036d1a7
0x0036d1c3
0x0036d1c6
0x00000000
0x0036d1cc
0x0036d1cc
0x0036d1d3
0x00000000
0x0036d1d9
0x0036d1df
0x0036d1e1
0x0036d1e7
0x0036d1e7
0x0036d1e9
0x0036d1e9
0x0036d1eb
0x0036d1f4
0x0036d1fb
0x0036d1fe
0x0036d1ff
0x0036d201
0x0036d201
0x00000000
0x0036d1e9
0x0036d1d3
0x0036d1a9
0x0036d1ab
0x0036d1b1
0x0036d1b7
0x0036d1b8
0x00000000
0x0036d1b8
0x0036d1a7
0x0036d0f5
0x0036d0f5
0x0036d0fb
0x0036d0fd
0x0036d112
0x0036d115
0x00000000
0x0036d11b
0x0036d11b
0x0036d122
0x00000000
0x0036d128
0x0036d12e
0x0036d130
0x0036d136
0x0036d136
0x0036d138
0x0036d138
0x0036d13a
0x0036d143
0x0036d14a
0x0036d14d
0x0036d14e
0x0036d150
0x0036d150
0x0036d209
0x0036d209
0x0036d20b
0x00000000
0x0036d211
0x0036d211
0x0036d217
0x0036d21a
0x0036d15d
0x0036d164
0x00000000
0x0036d220
0x0036d222
0x0036d228
0x0036d22e
0x0036d22f
0x0036d426
0x0036d426
0x0036d42d
0x0036d42e
0x0036d42f
0x0036d434
0x0036d437
0x0036d437
0x0036d21a
0x0036d20b
0x0036d122
0x0036d0ff
0x0036d0ff
0x0036d101
0x0036d107
0x0036d3b1
0x0036d3b1
0x0036d3b2
0x0036d3b8
0x0036d3b8
0x0036d3bf
0x0036d3c0
0x0036d3c1
0x0036d3c6
0x0036d3c9
0x0036d3c9
0x0036d3c9
0x0036d0fd
0x0036d3cb
0x0036d3cb
0x0036d3cd
0x0036d43b
0x0036d442
0x0036d442
0x0036d442
0x0036d449
0x0036d44b
0x0036d451
0x0036d452
0x0036d8fe
0x0036d8fe
0x0036d8ff
0x0036d900
0x0036d905
0x00000000
0x00000000
0x00000000
0x00000000
0x0036d3cf
0x0036d3d5
0x0036d3d5
0x0036d3db
0x0036d3db
0x0036d3e7
0x00000000
0x0036d3e7
0x0036d076
0x0036d908
0x0036d908
0x0036d90e
0x0036d910
0x0036d916
0x0036d91c
0x0036d91e
0x0036d920
0x0036d922
0x0036d922
0x0036d924
0x0036d924
0x0036d92d
0x0036d92e
0x0036d932
0x0036d939
0x0036d93c
0x0036d93d
0x0036d93f
0x0036d93f
0x0036d943
0x0036d949
0x0036d94b
0x0036d951
0x0036d953
0x0036d959
0x0036d95c
0x0036d96f
0x0036d972
0x0036d978
0x0036d98d
0x0036d992
0x0036d95e
0x0036d960
0x0036d967
0x0036d967
0x0036d95c
0x0036d995
0x0036d995
0x0036d9a5
0x0036d9ae
0x0036d9af
0x0036d9b1
0x0036da48
0x0036da4a
0x0036da55
0x0036da55
0x0036da57
0x0036da5a
0x0036da5c
0x00000000
0x0036da4c
0x0036da52
0x0036da52
0x0036d9b7
0x0036d9b7
0x0036d9bd
0x0036d9c0
0x0036d9c6
0x0036d9c9
0x0036d9cf
0x0036d9d1
0x0036d9d7
0x0036d9d9
0x0036d9db
0x0036d9db
0x0036d9dd
0x0036d9dd
0x0036d9ea
0x0036d9f1
0x0036d9f4
0x0036d9f5
0x0036d9f7
0x0036d9f8
0x0036d9f8
0x0036d9fc
0x0036da02
0x0036da04
0x0036da06
0x0036da0c
0x0036da0f
0x0036da23
0x0036da29
0x0036da3e
0x0036da43
0x0036da11
0x0036da11
0x0036da18
0x0036da18
0x0036da0f
0x0036da04
0x0036da62
0x0036da62
0x0036da62
0x0036da6e
0x0036da71
0x0036da77
0x0036da79
0x0036da7b
0x0036da81
0x0036da83
0x0036da83
0x0036da83
0x0036da81
0x0036da88
0x0036da89
0x0036da8b
0x0036da8d
0x0036da8d
0x0036da8f
0x0036da95
0x0036da9b
0x0036da9d
0x0036daa3
0x0036daa3
0x0036daa9
0x0036daab
0x00000000
0x00000000
0x0036dab1
0x0036dab3
0x0036dab5
0x0036dab5
0x0036dab7
0x0036dab7
0x0036dac7
0x0036dace
0x0036dad1
0x0036dad2
0x0036dad4
0x0036dad4
0x0036dad8
0x0036dade
0x0036dae0
0x0036dae2
0x0036dae8
0x0036daeb
0x0036dafc
0x0036daff
0x0036db05
0x0036db1a
0x0036db1f
0x0036daed
0x0036daed
0x0036daf4
0x0036daf4
0x0036daeb
0x0036db30
0x0036db3f
0x0036db40
0x0036db40
0x0036db42
0x0036db44
0x0036db44
0x0036db4a
0x0036db4d
0x0036db4f
0x0036db51
0x0036db51
0x0036db54
0x0036db55
0x0036db55
0x0036db5a
0x0036db5d
0x0036db61
0x0036db61
0x0036db62
0x0036db64
0x0036db6a
0x0036db70
0x00000000
0x00000000
0x00000000
0x0036db70
0x0036daa3
0x0036db76
0x0036db76
0x00000000
0x0036db76
0x0036c8fb
0x0036c8f2
0x0036c8e9
0x0036c8a0
0x0036c8a4
0x0036c8ac
0x00000000
0x0036c8ae
0x0036c8b4
0x0036c8b9
0x0036db95
0x0036db95
0x0036db98
0x0036dba3
0x0036dbce
0x0036dbcf
0x0036dbd0
0x0036dbd1
0x0036dbd2
0x0036dbd3
0x0036dbd8
0x0036dbdb
0x0036dbde
0x0036dbe1
0x0036dbe4
0x0036dbf3
0x0036dbf5
0x0036dc1b
0x0036dc20
0x0036dc26
0x00000000
0x0036dbf7
0x0036dbf7
0x0036dbfd
0x00000000
0x0036dbff
0x0036dc11
0x0036dc16
0x0036dc16
0x0036dc1a
0x0036dc1a
0x0036dbfd
0x0036dbe6
0x0036dbeb
0x0036dc2b
0x0036dc2b
0x0036dc2e
0x0036dc2e
0x0036dba5
0x0036dba5
0x0036dba5
0x0036dbaf
0x0036dbb8
0x0036dbbd
0x0036dbcb
0x0036dbcb
0x0036dba3
0x0036c8ac

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: __floor_pentium4
  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
  • API String ID: 4168288129-2761157908
  • Opcode ID: f1ef1b4be919ad420a45a07db7cc340774ec65adbe7440309720c27d377d4251
  • Instruction ID: 24d214c3920ac1722e2c4494929cc9abd011e60b67c9de41c52bd476b914030b
  • Opcode Fuzzy Hash: f1ef1b4be919ad420a45a07db7cc340774ec65adbe7440309720c27d377d4251
  • Instruction Fuzzy Hash: 90C26D71E186288FDB26CF28DD407EAB7B9EB44305F1581EAD84DE7244E775AE818F40
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 92%
			E0020C6A0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v36;
				char _v44;
				char _v68;
				void* _v92;
				char _v96;
				char _v97;
				signed int _v104;
				char _v116;
				char _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				char _v168;
				char _v180;
				char _v192;
				signed int _t122;
				signed int _t123;
				signed int _t128;
				intOrPtr* _t133;
				signed int _t148;
				char* _t156;
				char _t164;
				intOrPtr* _t177;
				signed int _t183;
				void* _t185;
				intOrPtr _t186;
				char _t189;
				intOrPtr* _t192;
				intOrPtr* _t196;
				char _t198;
				void* _t205;
				void* _t213;
				char* _t219;
				intOrPtr* _t222;
				signed int _t227;
				signed int _t229;
				intOrPtr _t254;
				intOrPtr* _t258;
				intOrPtr _t268;
				intOrPtr* _t270;
				signed int _t280;
				signed int _t283;
				intOrPtr _t289;
				intOrPtr* _t291;
				intOrPtr _t294;
				intOrPtr* _t295;
				intOrPtr _t298;
				signed int _t299;
				void* _t304;

				_t304 = __eflags;
				_push(0xffffffff);
				_push(0x37aec4);
				_push( *[fs:0x0]);
				_t122 =  *0x414f64; // 0x48591883
				_t123 = _t122 ^ _t299;
				_v20 = _t123;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t123);
				 *[fs:0x0] =  &_v16;
				_t289 = __ecx;
				_v132 = __ecx;
				_t219 =  &_v68;
				E0015ED50();
				_v8 = 0;
				_v144 = 0;
				_t128 = _v148 & 0xfffffe07 | 0x00000007;
				_v140 = 0;
				_v104 = _t128;
				_v148 = _t128;
				_v136 = 0;
				_t213 = E00214952(_t304, 8);
				_v96 = _t213;
				_v8 = 1;
				_t305 = _t213;
				if(_t213 == 0) {
					_t213 = 0;
					__eflags = 0;
				} else {
					E0015E530( &_v97);
					 *_t213 = 0;
					 *((intOrPtr*)(_t213 + 4)) = 0;
					 *_t213 = E0020A5F0(_t213, _t289);
				}
				_v156 = _t213;
				_push(_t219);
				_v8 = 2;
				_t133 = E00210240(E00210490(_t289, _t305,  &_v128),  &_v168);
				_v96 = _t133;
				_t222 =  *_t133;
				_t306 = _t222;
				if(_t222 != 0) {
					_t294 =  *_t222;
				} else {
					_t294 = 0;
				}
				_t295 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t294 + 4)) + E00168580(_t294,  *((intOrPtr*)(_t133 + 8))) * 4)) + ( *(_v96 + 8) & 0x00000003) * 4));
				_t280 = _v104;
				 *(_t295 + 8) = _t280;
				_v156 =  *_t295;
				_v104 = _t280 ^ (_t280 ^  *(_t295 + 8)) & 0x000000ff;
				 *((intOrPtr*)(_t295 + 4)) = _v152;
				 *_t295 = _t213;
				_t227 =  *(_t295 + 8);
				_v152 =  *((intOrPtr*)(_t295 + 4));
				_t283 = _v104;
				_t229 = (_t227 ^ _t283) & 0x00000100;
				 *(_t295 + 8) = (_t227 ^ _t283) & 0x00000100 ^ _t227;
				_push(_t229);
				_v148 = _t283 ^ _t229;
				_t214 = E00210240(E00210490(_t289, _t306,  &_v128),  &_v168);
				_t296 =  *_t214;
				if(_t296 != 0) {
					_t296 =  *_t296;
				}
				_t148 = E00168580(_t296,  *(_t214 + 8));
				_t286 =  *(_t214 + 8) & 0x00000003;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t296 + 4)) + _t148 * 4)) + ( *(_t214 + 8) & 0x00000003) * 4)) + 0x10)) =  *((intOrPtr*)(_a4 + 4)) -  *((intOrPtr*)(_t289 + 0x40));
				if(E0020C070(_t289,  &_v116) == 0) {
					L38:
					E00169EF0("Missing \'}\' or object member name");
					_v8 = 0xa;
					_t156 =  &_v116;
					goto L39;
				} else {
					do {
						_t296 = _v116;
						_t164 = 1;
						if(_t296 != 0xc) {
							L14:
							_t313 = _t296 - 2;
							if(_t296 != 2 || E001683C0( &_v68, _t313) == 0) {
								_v8 = 3;
								E0015F910( &_v68, 0);
								_v8 = 2;
								_t315 = _t296 - 5;
								if(_t296 != 5) {
									__eflags = _t296 - 6;
									if(_t296 != 6) {
										goto L38;
									} else {
										__eflags =  *((char*)(_t289 + 0x6f));
										if( *((char*)(_t289 + 0x6f)) == 0) {
											goto L38;
										} else {
											_v36 = _v36 & 0xfffffe00;
											_v32 = 0;
											_v28 = 0;
											_v24 = 0;
											_v8 = 5;
											__eflags = E0020D030(_t289, _t286,  &_v116,  &_v44);
											if(__eflags == 0) {
												E0020DCD0(_t289, __eflags, 2);
												E002073E0( &_v44);
											} else {
												E0015E220( &_v68, E00169EF0(E00207650(_t214,  &_v44)));
												E0015FA10();
												_v8 = 2;
												E002073E0( &_v44);
												goto L23;
											}
										}
									}
								} else {
									_t205 = E0020D710(_t214, _t289, _t289, _t296, _t315,  &_v116,  &_v68);
									_t316 = _t205;
									if(_t205 != 0) {
										L23:
										_t254 = _t289;
										_t177 = E0020C070(_t254,  &_v168);
										__eflags = _t177;
										if(_t177 == 0) {
											L44:
											E00169EF0("Missing \':\' after object member name");
											_v8 = 6;
											_t156 =  &_v168;
											goto L39;
										} else {
											__eflags = _v168 - 0xb;
											if(__eflags != 0) {
												goto L44;
											} else {
												_push(_t254);
												_t291 = E00210240(E00210490(_t289, __eflags,  &_v192),  &_v180);
												_t258 =  *_t291;
												__eflags = _t258;
												if(_t258 != 0) {
													_t298 =  *_t258;
												} else {
													_t298 = 0;
												}
												_t183 = E00168580(_t298,  *(_t291 + 8));
												_t286 =  *(_t291 + 8) & 0x00000003;
												_v8 = 7;
												_t185 = E0015F5B0( &_v68);
												_v8 = 8;
												_t186 = E0015F5B0( &_v68);
												_v8 = 2;
												_t296 = _t186;
												_t189 = E00208450( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t298 + 4)) + _t183 * 4)) + ( *(_t291 + 8) & 0x00000003) * 4)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t298 + 4)) + _t183 * 4)) + ( *(_t291 + 8) & 0x00000003) * 4)), _t185, _t186, _t186, E00167FB0( &_v68) + _t185);
												_t289 = _v132;
												_v96 = _t189;
												E0020EF20(_t289, __eflags,  &_v96);
												_t192 = E0020BCF0( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t298 + 4)) + _t183 * 4)) + ( *(_t291 + 8) & 0x00000003) * 4)), _t289, _t289, _t186, __eflags);
												_t214 = _t192;
												E00168310(_t289, __eflags);
												_t268 = _t289;
												__eflags = _t192;
												if(__eflags == 0) {
													E0020DCD0(_t268, __eflags, 2);
												} else {
													_t196 = E0020C070(_t268,  &_v128);
													__eflags = _t196;
													if(_t196 == 0) {
														L42:
														E00169EF0("Missing \',\' or \'}\' in object declaration");
														_v8 = 9;
														_t156 =  &_v128;
														L39:
														E0020DDA0(_t214, _t289, _t289, _t296, __eflags,  &_v44, _t156, 2);
														E0015FA10();
													} else {
														_t198 = _v128;
														__eflags = _t198 - 2;
														if(_t198 == 2) {
															L33:
															_t270 = 1;
															__eflags = _t198 - 0xc;
															if(_t198 == 0xc) {
																while(1) {
																	__eflags = _t270;
																	if(_t270 == 0) {
																		goto L36;
																	}
																	_t270 = E0020C070(_t289,  &_v128);
																	_t198 = _v128;
																	__eflags = _t198 - 0xc;
																	if(_t198 == 0xc) {
																		continue;
																	}
																	goto L36;
																}
															}
															L36:
															__eflags = _t198 - 2;
															if(_t198 == 2) {
																goto L41;
															} else {
																goto L37;
															}
														} else {
															__eflags = _t198 - 0xa;
															if(_t198 == 0xa) {
																goto L33;
															} else {
																__eflags = _t198 - 0xc;
																if(_t198 != 0xc) {
																	goto L42;
																} else {
																	goto L33;
																}
															}
														}
													}
												}
											}
										}
									} else {
										E0020DCD0(_t289, _t316, 2);
									}
								}
							} else {
								L41:
							}
						} else {
							while(_t164 != 0) {
								_t164 = E0020C070(_t289,  &_v116);
								_t296 = _v116;
								if(_t296 == 0xc) {
									continue;
								} else {
									if(_t164 == 0) {
										goto L38;
									} else {
										goto L14;
									}
								}
								goto L40;
							}
							goto L38;
						}
						goto L40;
						L37:
						__eflags = E0020C070(_t289,  &_v116);
					} while (__eflags != 0);
					goto L38;
				}
				L40:
				E002073E0( &_v156);
				E0015FA10();
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t299);
			}






























































0x0020c6a0
0x0020c6a3
0x0020c6a5
0x0020c6b0
0x0020c6b7
0x0020c6bc
0x0020c6be
0x0020c6c1
0x0020c6c2
0x0020c6c3
0x0020c6c4
0x0020c6c8
0x0020c6ce
0x0020c6d0
0x0020c6d3
0x0020c6d6
0x0020c6db
0x0020c6ed
0x0020c6f7
0x0020c6fa
0x0020c706
0x0020c709
0x0020c70f
0x0020c71e
0x0020c723
0x0020c726
0x0020c72a
0x0020c72c
0x0020c750
0x0020c750
0x0020c72e
0x0020c732
0x0020c73a
0x0020c740
0x0020c74c
0x0020c74c
0x0020c752
0x0020c758
0x0020c75f
0x0020c771
0x0020c776
0x0020c779
0x0020c77b
0x0020c77d
0x0020c783
0x0020c77f
0x0020c77f
0x0020c77f
0x0020c79e
0x0020c7a1
0x0020c7ac
0x0020c7b6
0x0020c7c2
0x0020c7c8
0x0020c7cb
0x0020c7cd
0x0020c7d2
0x0020c7d8
0x0020c7e6
0x0020c7ec
0x0020c7ef
0x0020c7fc
0x0020c811
0x0020c813
0x0020c817
0x0020c819
0x0020c819
0x0020c820
0x0020c82b
0x0020c83d
0x0020c84d
0x0020ca72
0x0020ca7a
0x0020ca7f
0x0020ca83
0x00000000
0x0020c853
0x0020c853
0x0020c853
0x0020c856
0x0020c85b
0x0020c883
0x0020c883
0x0020c886
0x0020c89d
0x0020c8a1
0x0020c8a6
0x0020c8aa
0x0020c8ad
0x0020c8d6
0x0020c8d9
0x00000000
0x0020c8df
0x0020c8df
0x0020c8e3
0x00000000
0x0020c8e9
0x0020c8e9
0x0020c8f0
0x0020c8f7
0x0020c8fe
0x0020c908
0x0020c918
0x0020c91a
0x0020cb16
0x0020cb20
0x0020c920
0x0020c935
0x0020c93d
0x0020c945
0x0020c949
0x00000000
0x0020c949
0x0020c91a
0x0020c8e3
0x0020c8af
0x0020c8b9
0x0020c8be
0x0020c8c0
0x0020c94e
0x0020c954
0x0020c957
0x0020c95c
0x0020c95e
0x0020caf6
0x0020cafe
0x0020cb03
0x0020cb07
0x00000000
0x0020c964
0x0020c964
0x0020c96b
0x00000000
0x0020c971
0x0020c971
0x0020c98e
0x0020c990
0x0020c992
0x0020c994
0x0020c99a
0x0020c996
0x0020c996
0x0020c996
0x0020c9a1
0x0020c9ac
0x0020c9b8
0x0020c9bc
0x0020c9c6
0x0020c9ca
0x0020c9d2
0x0020c9d6
0x0020c9e3
0x0020c9e8
0x0020c9ed
0x0020c9f4
0x0020c9fb
0x0020ca02
0x0020ca04
0x0020ca09
0x0020ca0b
0x0020ca0d
0x0020caed
0x0020ca13
0x0020ca17
0x0020ca1c
0x0020ca1e
0x0020cad5
0x0020cadd
0x0020cae2
0x0020cae6
0x0020ca86
0x0020ca8f
0x0020ca99
0x0020ca24
0x0020ca24
0x0020ca27
0x0020ca2a
0x0020ca3a
0x0020ca3a
0x0020ca3c
0x0020ca3f
0x0020ca41
0x0020ca41
0x0020ca43
0x00000000
0x00000000
0x0020ca50
0x0020ca52
0x0020ca55
0x0020ca58
0x00000000
0x00000000
0x00000000
0x0020ca58
0x0020ca41
0x0020ca5a
0x0020ca5a
0x0020ca5d
0x00000000
0x00000000
0x00000000
0x00000000
0x0020ca2c
0x0020ca2c
0x0020ca2f
0x00000000
0x0020ca31
0x0020ca31
0x0020ca34
0x00000000
0x00000000
0x00000000
0x00000000
0x0020ca34
0x0020ca2f
0x0020ca2a
0x0020ca1e
0x0020ca0d
0x0020c96b
0x0020c8c6
0x0020c8ca
0x0020c8cf
0x0020c8c0
0x0020cad1
0x0020cad1
0x0020cad1
0x0020c860
0x0020c860
0x0020c86e
0x0020c873
0x0020c879
0x00000000
0x0020c87b
0x0020c87d
0x00000000
0x00000000
0x00000000
0x00000000
0x0020c87d
0x00000000
0x0020c879
0x00000000
0x0020c860
0x00000000
0x0020ca5f
0x0020ca6a
0x0020ca6a
0x00000000
0x0020c853
0x0020ca9e
0x0020caa4
0x0020caac
0x0020cab6
0x0020cace

APIs
    • Part of subcall function 0020D030: __aulldiv.LIBCMT ref: 0020D06E
    • Part of subcall function 0015E220: operator!=.LIBCPMTD ref: 0015E27B
    • Part of subcall function 0015E220: operator!=.LIBCPMTD ref: 0015E2AD
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0020C9BC
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0020C9CA
Strings
  • Missing ',' or '}' in object declaration, xrefs: 0020CAD5
  • Missing ':' after object member name, xrefs: 0020CAF6
  • Missing '}' or object member name, xrefs: 0020CA72
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Base::Concurrency::details::ContextIdentityQueueWorkoperator!=$__aulldiv
  • String ID: Missing ',' or '}' in object declaration$Missing ':' after object member name$Missing '}' or object member name
  • API String ID: 1936017645-3980781130
  • Opcode ID: 5546955486c7464b1dbb10cd0a5a4fc0631a5d826e155245757842c528f484c6
  • Instruction ID: 09147e29a36f149e4d11999a6ff65183fad84ae3d59cbc2f6aa462c483949cbe
  • Opcode Fuzzy Hash: 5546955486c7464b1dbb10cd0a5a4fc0631a5d826e155245757842c528f484c6
  • Instruction Fuzzy Hash: D6D18071E103188BCF24DFA4C895BEEB7B5AF55300F244269E846AB283DB749D55CF90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 94%
			E0036ABB8(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_push(__ecx);
				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					_t12 = _a8 + 8; // 0xfde8fe81
					if(GetLocaleInfoW( *_t12, 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = 0x3bcf60;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = 0x3bcf68;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E0034D449(_t23, _t23);
									goto L25;
								}
								_t8 = _a8 + 8; // 0xfde8fe81
								if(GetLocaleInfoW( *_t8, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}
















0x0036abbd
0x0036abbe
0x0036abc5
0x0036ac69
0x0036ac77
0x0036ac82
0x0036ac88
0x0036ac8d
0x0036ac8f
0x0036ac8f
0x0036ac95
0x0036ac9a
0x0036ac9a
0x0036ac84
0x0036ac84
0x00000000
0x0036ac84
0x0036abcb
0x0036abd0
0x00000000
0x00000000
0x0036abd6
0x0036abdb
0x0036abdd
0x0036abdd
0x0036abe3
0x00000000
0x00000000
0x0036abe8
0x0036abff
0x0036abff
0x0036ac08
0x0036ac0a
0x00000000
0x00000000
0x0036ac0c
0x0036ac11
0x0036ac13
0x0036ac13
0x0036ac19
0x00000000
0x00000000
0x0036ac1e
0x0036ac3c
0x0036ac3e
0x0036ac61
0x00000000
0x0036ac66
0x0036ac4e
0x0036ac59
0x00000000
0x00000000
0x0036ac5b
0x00000000
0x0036ac5b
0x0036ac20
0x0036ac28
0x00000000
0x00000000
0x0036ac2a
0x0036ac2d
0x0036ac33
0x00000000
0x00000000
0x00000000
0x0036ac35
0x0036ac37
0x0036ac39
0x00000000
0x0036ac39
0x0036abea
0x0036abf2
0x00000000
0x00000000
0x0036abf4
0x0036abf7
0x0036abfd
0x00000000
0x00000000
0x00000000
0x0036abfd
0x0036ac03
0x0036ac05
0x00000000

APIs
  • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,0036AED7,?,00000000), ref: 0036AC51
  • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,0036AED7,?,00000000), ref: 0036AC7A
  • GetACP.KERNEL32(?,?,0036AED7,?,00000000), ref: 0036AC8F
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: InfoLocale
  • String ID: ACP$OCP
  • API String ID: 2299586839-711371036
  • Opcode ID: 1d49f04097c75452ef90761a0a5639d621626bdf60a8d243367cb884e9011582
  • Instruction ID: 1a07f691fe208378eb7d87c9a5fcd57f06ce54603844e99e6f278851a170c5d5
  • Opcode Fuzzy Hash: 1d49f04097c75452ef90761a0a5639d621626bdf60a8d243367cb884e9011582
  • Instruction Fuzzy Hash: 5C21A432704908ABD737CF55C940AA7B3AAAB50F54B5BC065E90AEB608E732DD40DB52
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 89%
			E0036AD8C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed int* _v24;
				short* _v28;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed int* _t46;
				signed int _t47;
				short* _t48;
				int _t49;
				short* _t56;
				short* _t57;
				short* _t58;
				int _t66;
				int _t68;
				short* _t72;
				intOrPtr _t75;
				void* _t77;
				short* _t78;
				intOrPtr _t85;
				short* _t89;
				short* _t92;
				void* _t94;
				short** _t102;
				short* _t103;
				signed int _t105;
				signed short _t108;
				signed int _t109;
				void* _t110;

				_t39 =  *0x414f64; // 0x48591883
				_v8 = _t39 ^ _t109;
				_t89 = _a12;
				_t105 = _a4;
				_v28 = _a8;
				_v24 = E0036098D(_t89, __ecx, __edx) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E0036098D(_t89, __ecx, __edx);
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t92 = _t105 + 0x80;
				_t46 = _v24;
				 *_t46 = _t105;
				_t102 =  &(_t46[1]);
				 *_t102 = _t92;
				if(_t92 != 0 &&  *_t92 != 0) {
					_t85 =  *0x3bcf5c; // 0x17
					E0036AD2F(0, 0x3bce48, _t85 - 1, _t102);
					_t46 = _v24;
					_t110 = _t110 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					__eflags = _t48;
					if(_t48 == 0) {
						L19:
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
						goto L20;
					}
					__eflags =  *_t48 - _t99;
					if( *_t48 == _t99) {
						goto L19;
					}
					E0036A6CC(_t92, _t99,  &_v20);
					_pop(_t92);
					goto L20;
				} else {
					_t72 =  *_t102;
					if(_t72 == 0 ||  *_t72 == _t99) {
						E0036A7B2(_t92, _t99,  &_v20);
					} else {
						E0036A717(_t92, _t99,  &_v20);
					}
					_pop(_t92);
					if(_v20 != 0) {
						_t103 = 0;
						__eflags = 0;
						goto L25;
					} else {
						_t75 =  *0x3bce44; // 0x41
						_t77 = E0036AD2F(_t99, 0x3bcb38, _t75 - 1, _v24);
						_t110 = _t110 + 0xc;
						if(_t77 == 0) {
							L20:
							_t103 = 0;
							__eflags = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t108 = E0036ABB8(_t92,  ~_t105 & _t105 + 0x00000100,  &_v20);
								_pop(_t94);
								__eflags = _t108;
								if(_t108 == 0) {
									goto L22;
								}
								__eflags = _t108 - 0xfde8;
								if(_t108 == 0xfde8) {
									goto L22;
								}
								__eflags = _t108 - 0xfde9;
								if(_t108 == 0xfde9) {
									goto L22;
								}
								_t56 = IsValidCodePage(_t108 & 0x0000ffff);
								__eflags = _t56;
								if(_t56 == 0) {
									goto L22;
								}
								_t57 = IsValidLocale(_v16, 1);
								__eflags = _t57;
								if(_t57 == 0) {
									goto L22;
								}
								_t58 = _v28;
								__eflags = _t58;
								if(__eflags != 0) {
									 *_t58 = _t108;
								}
								E0036114A(_t89, _t94, _t99, _t103, _t108, __eflags, _v16,  &(_v24[0x94]), 0x55, _t103);
								__eflags = _t89;
								if(__eflags == 0) {
									L36:
									L23:
									return E00344CC8(_v8 ^ _t109);
								}
								_t33 =  &(_t89[0x90]); // 0x35ea18
								E0036114A(_t89, _t94, _t99, _t103, _t108, __eflags, _v16, _t33, 0x55, _t103);
								_t66 = GetLocaleInfoW(_v16, 0x1001, _t89, 0x40);
								__eflags = _t66;
								if(_t66 == 0) {
									goto L22;
								}
								_t36 =  &(_t89[0x40]); // 0x35e978
								_t68 = GetLocaleInfoW(_v12, 0x1002, _t36, 0x40);
								__eflags = _t68;
								if(_t68 == 0) {
									goto L22;
								}
								_t38 =  &(_t89[0x80]); // 0x35e9f8
								E0035B02F(_t38, _t108, _t38, 0x10, 0xa);
								goto L36;
							}
							L22:
							goto L23;
						}
						_t78 =  *_t102;
						_t103 = 0;
						if(_t78 == 0 ||  *_t78 == 0) {
							E0036A7B2(_t92, _t99,  &_v20);
						} else {
							E0036A717(_t92, _t99,  &_v20);
						}
						_pop(_t92);
						goto L21;
					}
				}
			}



































0x0036ad94
0x0036ad9b
0x0036ada2
0x0036ada6
0x0036adaa
0x0036adb8
0x0036adbd
0x0036adbe
0x0036adbf
0x0036adc0
0x0036adc8
0x0036adca
0x0036add0
0x0036add6
0x0036add9
0x0036addb
0x0036adde
0x0036ade2
0x0036ade9
0x0036adf6
0x0036adfb
0x0036adfe
0x0036ae01
0x0036ae01
0x0036ae03
0x0036ae06
0x0036ae0a
0x0036ae7a
0x0036ae7c
0x0036ae7e
0x0036ae91
0x0036ae91
0x0036ae98
0x0036ae9e
0x0036aea1
0x00000000
0x0036aea1
0x0036ae80
0x0036ae83
0x00000000
0x00000000
0x0036ae89
0x0036ae8e
0x00000000
0x0036ae11
0x0036ae11
0x0036ae15
0x0036ae2b
0x0036ae1c
0x0036ae20
0x0036ae20
0x0036ae34
0x0036ae35
0x0036aebf
0x0036aebf
0x00000000
0x0036ae3b
0x0036ae3b
0x0036ae4a
0x0036ae4f
0x0036ae54
0x0036aea4
0x0036aea4
0x0036aea4
0x0036aea6
0x0036aeaa
0x0036aec1
0x0036aecd
0x0036aed7
0x0036aeda
0x0036aedb
0x0036aedd
0x00000000
0x00000000
0x0036aedf
0x0036aee5
0x00000000
0x00000000
0x0036aee7
0x0036aeed
0x00000000
0x00000000
0x0036aef3
0x0036aef9
0x0036aefb
0x00000000
0x00000000
0x0036af02
0x0036af08
0x0036af0a
0x00000000
0x00000000
0x0036af0c
0x0036af0f
0x0036af11
0x0036af13
0x0036af13
0x0036af24
0x0036af29
0x0036af2b
0x0036af8b
0x0036aeae
0x0036aebe
0x0036aebe
0x0036af30
0x0036af3a
0x0036af4a
0x0036af50
0x0036af52
0x00000000
0x00000000
0x0036af5a
0x0036af69
0x0036af6f
0x0036af71
0x00000000
0x00000000
0x0036af7b
0x0036af83
0x00000000
0x0036af88
0x0036aeac
0x00000000
0x0036aeac
0x0036ae56
0x0036ae58
0x0036ae5c
0x0036ae72
0x0036ae63
0x0036ae67
0x0036ae67
0x0036ae77
0x00000000
0x0036ae77
0x0036ae35

APIs
    • Part of subcall function 0036098D: GetLastError.KERNEL32(?,00000000,0034D338,00000000,?,?,00367A5E,?,00000020,?,?,?,0035D143,?,UTF-8,00000005), ref: 00360991
    • Part of subcall function 0036098D: _free.LIBCMT ref: 003609C4
    • Part of subcall function 0036098D: SetLastError.KERNEL32(00000000,00000020,?,?,?,0035D143,?,UTF-8,00000005,?,0019E626,00000000,00356348,?,?,0019E626), ref: 00360A05
    • Part of subcall function 0036098D: _abort.LIBCMT ref: 00360A0B
    • Part of subcall function 0036098D: _free.LIBCMT ref: 003609EC
    • Part of subcall function 0036098D: SetLastError.KERNEL32(00000000,00000020,?,?,?,0035D143,?,UTF-8,00000005,?,0019E626,00000000,00356348,?,?,0019E626), ref: 003609F9
  • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0036AE98
  • IsValidCodePage.KERNEL32(00000000), ref: 0036AEF3
  • IsValidLocale.KERNEL32(?,00000001), ref: 0036AF02
  • GetLocaleInfoW.KERNEL32(?,00001001,0035E8F8,00000040,?,0035EA18,00000055,00000000,?,?,00000055,00000000), ref: 0036AF4A
  • GetLocaleInfoW.KERNEL32(?,00001002,0035E978,00000040), ref: 0036AF69
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
  • String ID:
  • API String ID: 745075371-0
  • Opcode ID: 52e3268b13cd0904fb9c4e29fe0f5b32f4adefed212e664538e4e5873d686532
  • Instruction ID: 7c678a14e889841bdbcbb6d9f61982cd165564427e9185153bd52b2b351cf6d5
  • Opcode Fuzzy Hash: 52e3268b13cd0904fb9c4e29fe0f5b32f4adefed212e664538e4e5873d686532
  • Instruction Fuzzy Hash: 21516271A00A05AFDF22DFA4CC45ABE77B8AF44700F098469E911FB155E7719D40CF62
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_select), ref: 00157C92
  • ?BindTabLayoutName@CButtonUI@DuiLib@@QAEXPB_W@Z.DUILIB(?), ref: 00157CBC
  • ?BindTabIndex@CButtonUI@DuiLib@@QAEXH@Z.DUILIB(?), ref: 00157CCF
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$BindButtonControlName@$FindI@2@Index@LayoutManagerPaintV32@
  • String ID: device_select
  • API String ID: 2903300273-2564987867
  • Opcode ID: d6de41e5aeeb62d497f3a70443b6a2a2fec9057e333efd2a3fd4c4ad47ae797a
  • Instruction ID: bfc8c14f51318e9c36bc9524b1d4ba7b9de4594eceb91de5f61b1a3e80370421
  • Opcode Fuzzy Hash: d6de41e5aeeb62d497f3a70443b6a2a2fec9057e333efd2a3fd4c4ad47ae797a
  • Instruction Fuzzy Hash: B201E874608108EFCB04CF95E984AA9B7F6FB48311F2481A9E8199B354DB31AE00DF80
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 68%
			E0036A454(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				signed int _v12;
				intOrPtr _v40;
				signed int _v52;
				char _v252;
				short _v292;
				void* __ebp;
				void* _t34;
				short* _t35;
				intOrPtr* _t36;
				void* _t39;
				signed short* _t44;
				intOrPtr _t47;
				void* _t49;
				signed int _t52;
				signed int _t58;
				signed int _t60;
				signed int _t66;
				void* _t68;
				void* _t71;
				void* _t76;
				void* _t80;
				intOrPtr _t87;
				short* _t89;
				void* _t90;
				void* _t92;
				signed int _t94;
				void* _t95;
				intOrPtr* _t98;
				void* _t112;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t121;
				signed int* _t122;
				intOrPtr* _t125;
				signed short _t127;
				int _t129;
				signed int _t132;
				void* _t133;
				signed int _t134;

				_t115 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t34 = E0036098D(__ebx, __ecx, __edx);
				_t87 = _a4;
				_t94 = 0;
				_v12 = 0;
				_t3 = _t34 + 0x50; // 0x50
				_t125 = _t3;
				_t4 = _t125 + 0x250; // 0x2a0
				_t35 = _t4;
				 *((intOrPtr*)(_t125 + 8)) = 0;
				 *_t35 = 0;
				_t6 = _t125 + 4; // 0x54
				_t118 = _t6;
				_v8 = _t35;
				_t36 = _t87 + 0x80;
				 *_t125 = _t87;
				 *_t118 = _t36;
				if( *_t36 != 0) {
					E0036A3E5(0x3bce48, 0x16, _t118);
					_t133 = _t133 + 0xc;
					_t94 = 0;
				}
				_push(_t125);
				if( *((intOrPtr*)( *_t125)) == _t94) {
					E00369D56(_t87, _t94, _t115, _t118, __eflags);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t118)) == _t94) {
						E00369E79();
					} else {
						E00369DDF(_t94);
					}
					_pop(_t95);
					if( *((intOrPtr*)(_t125 + 8)) == 0) {
						_t80 = E0036A3E5(0x3bcb38, 0x40, _t125);
						_t133 = _t133 + 0xc;
						if(_t80 != 0) {
							_push(_t125);
							if( *((intOrPtr*)( *_t118)) == 0) {
								E00369E79();
							} else {
								E00369DDF(0);
							}
							L12:
							_pop(_t95);
						}
					}
				}
				if( *((intOrPtr*)(_t125 + 8)) == 0) {
					L31:
					_t39 = 0;
					__eflags = 0;
					goto L32;
				} else {
					_t127 = E0036A2B3(_t95, _t87 + 0x100, _t125);
					if(_t127 == 0 || _t127 == 0xfde8 || _t127 == 0xfde9 || IsValidCodePage(_t127 & 0x0000ffff) == 0) {
						goto L31;
					} else {
						_t44 = _a8;
						if(_t44 != 0) {
							 *_t44 = _t127;
						}
						_t121 = _a12;
						if(_t121 == 0) {
							L30:
							_t39 = 1;
							goto L32;
						} else {
							_t98 = _v8;
							_t15 = _t121 + 0x120; // 0x35ea1f
							_t89 = _t15;
							 *_t89 = 0;
							_t116 = _t98 + 2;
							do {
								_t47 =  *_t98;
								_t98 = _t98 + 2;
							} while (_t47 != _v12);
							_t100 = _t98 - _t116 >> 1;
							_push((_t98 - _t116 >> 1) + 1);
							_t49 = E0035AC4F(_t98 - _t116 >> 1, _t89, 0x55, _v8);
							_t134 = _t133 + 0x10;
							_t153 = _t49;
							if(_t49 != 0) {
								__eflags = 0;
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E0034D694();
								asm("int3");
								_t132 = _t134;
								_t52 =  *0x414f64; // 0x48591883
								_v52 = _t52 ^ _t132;
								_push(_t89);
								_push(_t127);
								_push(_t121);
								_t90 = E0036098D(_t89, _t100, _t116);
								_t122 =  *(E0036098D(_t90, _t100, _t116) + 0x34c);
								_t129 = E0036AB67(_v40);
								asm("sbb ecx, ecx");
								_t58 = GetLocaleInfoW(_t129, ( ~( *(_t90 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								__eflags = _t58;
								if(_t58 != 0) {
									_t60 = E00356028(_t90, _t122, _t129,  *((intOrPtr*)(_t90 + 0x54)),  &_v252);
									__eflags = _t60;
									if(_t60 == 0) {
										_t66 = E0036AC9B(_t129);
										__eflags = _t66;
										if(_t66 != 0) {
											 *_t122 =  *_t122 | 0x00000004;
											__eflags =  *_t122;
											_t122[2] = _t129;
											_t122[1] = _t129;
										}
									}
									__eflags =  !( *_t122 >> 2) & 0x00000001;
								} else {
									 *_t122 =  *_t122 & _t58;
								}
								__eflags = _v12 ^ _t132;
								return E00344CC8(_v12 ^ _t132);
							} else {
								_t68 = E00360FB4(_t100, _t127, _t153, _t89, 0x1001, _t121, 0x40);
								_t154 = _t68;
								if(_t68 == 0) {
									goto L31;
								} else {
									_t20 = _t121 + 0x80; // 0x35e97f
									_t92 = _t20;
									_t21 = _t121 + 0x120; // 0x35ea1f
									if(E00360FB4(_t100, _t127, _t154, _t21, 0x1002, _t92, 0x40) == 0) {
										goto L31;
									} else {
										_push(0x5f);
										_t71 = E00349F1E(_t100);
										_t112 = _t92;
										if(_t71 != 0) {
											L28:
											_t22 = _t121 + 0x120; // 0x35ea1f
											if(E00360FB4(_t112, _t127, _t157, _t22, 7, _t92, 0x40) == 0) {
												goto L31;
											} else {
												goto L29;
											}
										} else {
											_push(0x2e);
											_t76 = E00349F1E(_t112);
											_t112 = _t92;
											_t157 = _t76;
											if(_t76 == 0) {
												L29:
												_t23 = _t121 + 0x100; // 0x35e9ff
												E0035B02F(_t112, _t127, _t23, 0x10, 0xa);
												goto L30;
											} else {
												goto L28;
											}
										}
									}
								}
								L32:
								return _t39;
							}
						}
					}
				}
			}











































0x0036a454
0x0036a459
0x0036a45a
0x0036a45b
0x0036a45c
0x0036a45d
0x0036a45e
0x0036a463
0x0036a466
0x0036a468
0x0036a46b
0x0036a46b
0x0036a46e
0x0036a46e
0x0036a474
0x0036a477
0x0036a47a
0x0036a47a
0x0036a47d
0x0036a480
0x0036a486
0x0036a488
0x0036a48d
0x0036a497
0x0036a49c
0x0036a49f
0x0036a49f
0x0036a4a3
0x0036a4a7
0x0036a4f0
0x00000000
0x0036a4a9
0x0036a4ae
0x0036a4b7
0x0036a4b0
0x0036a4b0
0x0036a4b0
0x0036a4be
0x0036a4c2
0x0036a4cc
0x0036a4d1
0x0036a4d6
0x0036a4dc
0x0036a4e0
0x0036a4e9
0x0036a4e2
0x0036a4e2
0x0036a4e2
0x0036a4f5
0x0036a4f5
0x0036a4f5
0x0036a4d6
0x0036a4c2
0x0036a4fb
0x0036a60d
0x0036a60d
0x0036a60d
0x00000000
0x0036a501
0x0036a50e
0x0036a514
0x00000000
0x0036a544
0x0036a544
0x0036a549
0x0036a54b
0x0036a54b
0x0036a54d
0x0036a552
0x0036a608
0x0036a60a
0x00000000
0x0036a558
0x0036a558
0x0036a55b
0x0036a55b
0x0036a563
0x0036a566
0x0036a569
0x0036a569
0x0036a56c
0x0036a56f
0x0036a577
0x0036a57c
0x0036a583
0x0036a588
0x0036a58b
0x0036a58d
0x0036a616
0x0036a618
0x0036a619
0x0036a61a
0x0036a61b
0x0036a61c
0x0036a61d
0x0036a622
0x0036a626
0x0036a62e
0x0036a635
0x0036a638
0x0036a639
0x0036a63d
0x0036a643
0x0036a64b
0x0036a65a
0x0036a666
0x0036a677
0x0036a67d
0x0036a67f
0x0036a690
0x0036a697
0x0036a699
0x0036a69c
0x0036a6a2
0x0036a6a4
0x0036a6a6
0x0036a6a6
0x0036a6a9
0x0036a6ac
0x0036a6ac
0x0036a6a4
0x0036a6b6
0x0036a681
0x0036a681
0x0036a683
0x0036a6be
0x0036a6c9
0x0036a593
0x0036a59c
0x0036a5a1
0x0036a5a3
0x00000000
0x0036a5a5
0x0036a5a7
0x0036a5a7
0x0036a5b3
0x0036a5c1
0x00000000
0x0036a5c3
0x0036a5c3
0x0036a5c6
0x0036a5cc
0x0036a5cf
0x0036a5df
0x0036a5e4
0x0036a5f2
0x00000000
0x00000000
0x00000000
0x00000000
0x0036a5d1
0x0036a5d1
0x0036a5d4
0x0036a5da
0x0036a5db
0x0036a5dd
0x0036a5f4
0x0036a5f8
0x0036a600
0x00000000
0x00000000
0x00000000
0x00000000
0x0036a5dd
0x0036a5cf
0x0036a5c1
0x0036a60f
0x0036a615
0x0036a615
0x0036a58d
0x0036a552
0x0036a514

APIs
    • Part of subcall function 0036098D: GetLastError.KERNEL32(?,00000000,0034D338,00000000,?,?,00367A5E,?,00000020,?,?,?,0035D143,?,UTF-8,00000005), ref: 00360991
    • Part of subcall function 0036098D: _free.LIBCMT ref: 003609C4
    • Part of subcall function 0036098D: SetLastError.KERNEL32(00000000,00000020,?,?,?,0035D143,?,UTF-8,00000005,?,0019E626,00000000,00356348,?,?,0019E626), ref: 00360A05
    • Part of subcall function 0036098D: _abort.LIBCMT ref: 00360A0B
  • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,0035E8FF,?,?,?,?,0035E356,?,00000004), ref: 0036A536
  • _wcschr.LIBVCRUNTIME ref: 0036A5C6
  • _wcschr.LIBVCRUNTIME ref: 0036A5D4
  • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,0035E8FF,00000000,0035EA1F), ref: 0036A677
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
  • String ID:
  • API String ID: 4212172061-0
  • Opcode ID: 468b0a0f8bea7cc8b68166163a9dab0cba2ad640bc8c90d77c89baf29c28d135
  • Instruction ID: 6c64e1ce4b2254fac7aa143107bcb77ab54c9acf30ff0bdb76dfe671b1341b6e
  • Opcode Fuzzy Hash: 468b0a0f8bea7cc8b68166163a9dab0cba2ad640bc8c90d77c89baf29c28d135
  • Instruction Fuzzy Hash: 9061E931600A05AAD727AB65CC46BB773ECEF44700F15852AF905EF685EB70E940CFA6
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_select), ref: 00157D02
  • ?GetBindTabLayoutIndex@CButtonUI@DuiLib@@QAEHXZ.DUILIB ref: 00157D2B
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$BindButtonFindI@2@Index@LayoutManagerName@PaintV32@
  • String ID: device_select
  • API String ID: 1263535209-2564987867
  • Opcode ID: 2c44b1f28df1ed6e77852ff9dfb26d3135c013b774bac5ed2be549ce5dcb9db3
  • Instruction ID: 215edbe9f886e676cb50f9278935191ce2f53a9ab272ecebce649a84fbcb1098
  • Opcode Fuzzy Hash: 2c44b1f28df1ed6e77852ff9dfb26d3135c013b774bac5ed2be549ce5dcb9db3
  • Instruction Fuzzy Hash: CBF0BD34908108EFCB04CB94E945BA8B7F5BB48321F2582E9E8295B295DB31AE41DF80
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_select), ref: 00157D62
  • ?GetBindTabLayoutName@CButtonUI@DuiLib@@QAEPB_WXZ.DUILIB ref: 00157D8A
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@Name@$BindButtonFindI@2@LayoutManagerPaintV32@
  • String ID: device_select
  • API String ID: 1256000667-2564987867
  • Opcode ID: 99d940fefdf41da7aba4240e4dbeb236f0c2bf87631e90617ec0b10442ab93af
  • Instruction ID: cacf3f8bf3ad8e826801d604d42928a859628b061c1b3a70b3d1dbc890918832
  • Opcode Fuzzy Hash: 99d940fefdf41da7aba4240e4dbeb236f0c2bf87631e90617ec0b10442ab93af
  • Instruction Fuzzy Hash: 6AF0BD74A08108EFCB04CB94E945BA9B7F6FB48311F2482EDE8199B255DB319E44DF80
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 75%
			E0034D49D(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				intOrPtr _v808;
				char _v812;
				signed int _t40;
				char* _t47;
				intOrPtr _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t70;
				signed int _t72;
				signed int _t74;

				_t70 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_t61 = __ebx;
				_t72 = _t74;
				_t40 =  *0x414f64; // 0x48591883
				_t41 = _t40 ^ _t72;
				_v8 = _t40 ^ _t72;
				_push(__edi);
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00345BC3(_t41);
					_pop(_t62);
				}
				E00349980(_t67,  &_v804, 0, 0x50);
				E00349980(_t67,  &_v724, 0, 0x2cc);
				_v812 =  &_v804;
				_t47 =  &_v724;
				_v808 = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t70;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t25 =  &_v0; // 0x4
				_t49 = _t25;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				_t36 =  &_v812; // -808
				if(UnhandledExceptionFilter(_t36) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E00345BC3(_t57);
				}
				return E00344CC8(_v8 ^ _t72);
			}






































0x0034d49d
0x0034d49d
0x0034d49d
0x0034d49d
0x0034d4a0
0x0034d4a8
0x0034d4ad
0x0034d4af
0x0034d4b6
0x0034d4b7
0x0034d4b9
0x0034d4bc
0x0034d4c1
0x0034d4c1
0x0034d4cd
0x0034d4e0
0x0034d4ee
0x0034d4f4
0x0034d4fa
0x0034d500
0x0034d506
0x0034d50c
0x0034d512
0x0034d518
0x0034d51e
0x0034d524
0x0034d52b
0x0034d532
0x0034d539
0x0034d540
0x0034d547
0x0034d54e
0x0034d54f
0x0034d558
0x0034d55e
0x0034d55e
0x0034d561
0x0034d567
0x0034d574
0x0034d57d
0x0034d586
0x0034d58f
0x0034d59d
0x0034d59f
0x0034d5a5
0x0034d5b4
0x0034d5c0
0x0034d5c3
0x0034d5c8
0x0034d5d7

APIs
  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,FFFFFFFF), ref: 0034D595
  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,FFFFFFFF), ref: 0034D59F
  • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,FFFFFFFF), ref: 0034D5AC
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ExceptionFilterUnhandled$DebuggerPresent
  • String ID:
  • API String ID: 3906539128-0
  • Opcode ID: 82ea29618dc73ba56ac5acefc5548f474bd33d7f3bf2d5e3a95be2c6368aa5ce
  • Instruction ID: 5e1b64f26691ec3564939565b84243a279a5ca07a0be2cb53b2006b06482b4ea
  • Opcode Fuzzy Hash: 82ea29618dc73ba56ac5acefc5548f474bd33d7f3bf2d5e3a95be2c6368aa5ce
  • Instruction Fuzzy Hash: EB31B574901318ABCB22DF64D889BDDB7F8AF48710F5041EAE41CAB251EB70AF858F54
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00359CE3(int _a4) {
				void* _t14;
				void* _t16;

				if(E003613B7(_t14, _t16) != 0 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E00359D68(_t14, _t16, _a4);
				ExitProcess(_a4);
			}





0x00359cef
0x00359d0b
0x00359d0b
0x00359d14
0x00359d1d

APIs
  • GetCurrentProcess.KERNEL32(00000000,?,00359CB9,00000000,00409048,0000000C,00359E10,00000000,00000002,00000000), ref: 00359D04
  • TerminateProcess.KERNEL32(00000000,?,00359CB9,00000000,00409048,0000000C,00359E10,00000000,00000002,00000000), ref: 00359D0B
  • ExitProcess.KERNEL32 ref: 00359D1D
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Process$CurrentExitTerminate
  • String ID:
  • API String ID: 1703294689-0
  • Opcode ID: cb9a1e86b079384259d717c8de60c4204a83c5c99398eb4005e346acbb0c547e
  • Instruction ID: 84d589dacf373740765bfa40e56f6abb64db02d7e9f20848d35ca2bc6c8f6310
  • Opcode Fuzzy Hash: cb9a1e86b079384259d717c8de60c4204a83c5c99398eb4005e346acbb0c547e
  • Instruction Fuzzy Hash: 61E09232000288ABCF136B94DD49B993BBDEB50782F154056FC058A532DB35D946DB80
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,0035E356,?,00000004), ref: 00361007
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: InfoLocale
  • String ID: GetLocaleInfoEx
  • API String ID: 2299586839-2904428671
  • Opcode ID: b9b9e0e0d3faa98ebf0101da7fe45a4407ebc922015bffe4b7e72e1117cd38f6
  • Instruction ID: dc66580ff3ad1e4f1da11549d2dd50d28eea9c26b47328fbc8cfb17065cec178
  • Opcode Fuzzy Hash: b9b9e0e0d3faa98ebf0101da7fe45a4407ebc922015bffe4b7e72e1117cd38f6
  • Instruction Fuzzy Hash: 4AF0F031A00318BBCB13AF60DC02EAF7F69EB48B11F048155FC046A291DFB18E209BD1
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 90%
			E00354360(signed int* _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int* _v80;
				char _v540;
				signed int _v544;
				signed int _t197;
				signed int _t198;
				signed int* _t200;
				signed int _t201;
				signed int _t204;
				signed int _t206;
				signed int _t208;
				signed int _t209;
				signed int _t213;
				signed int _t219;
				intOrPtr _t225;
				void* _t228;
				signed int _t230;
				signed int _t247;
				signed int _t250;
				void* _t253;
				signed int _t256;
				signed int* _t263;
				signed int _t266;
				signed int _t267;
				void* _t268;
				intOrPtr* _t269;
				signed int _t275;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int* _t282;
				signed int* _t286;
				signed int _t287;
				signed int _t288;
				intOrPtr _t290;
				void* _t294;
				signed char _t300;
				signed int _t303;
				signed int _t311;
				signed int _t314;
				signed int _t315;
				signed int _t317;
				signed int _t319;
				signed int _t321;
				intOrPtr* _t322;
				signed int _t326;
				signed int _t330;
				signed int* _t336;
				signed int _t338;
				signed int _t339;
				signed int _t341;
				void* _t342;
				signed int _t344;
				signed int _t346;
				signed int _t349;
				signed int _t350;
				signed int* _t352;
				signed int _t357;
				signed int _t359;
				void* _t363;
				signed int _t367;
				signed int _t368;
				signed int _t370;
				signed int* _t376;
				signed int* _t377;
				signed int* _t378;
				signed int* _t381;

				_t263 = _a4;
				_t197 =  *_t263;
				if(_t197 != 0) {
					_t336 = _a8;
					_t275 =  *_t336;
					__eflags = _t275;
					if(_t275 != 0) {
						_t3 = _t197 - 1; // -1
						_t357 = _t3;
						_t4 = _t275 - 1; // -1
						_t198 = _t4;
						_v16 = _t357;
						__eflags = _t198;
						if(_t198 != 0) {
							__eflags = _t198 - _t357;
							if(_t198 > _t357) {
								L24:
								__eflags = 0;
								return 0;
							} else {
								_t46 = _t198 + 1; // 0x0
								_t314 = _t357 - _t198;
								_v60 = _t46;
								_t277 = _t357;
								__eflags = _t357 - _t314;
								if(_t357 < _t314) {
									L22:
									_t314 = _t314 + 1;
									__eflags = _t314;
								} else {
									_t376 =  &(_t263[_t357 + 1]);
									_t349 =  &(( &(_t336[_t277 - _t314]))[1]);
									__eflags = _t349;
									while(1) {
										__eflags =  *_t349 -  *_t376;
										if( *_t349 !=  *_t376) {
											break;
										}
										_t277 = _t277 - 1;
										_t349 = _t349 - 4;
										_t376 = _t376 - 4;
										__eflags = _t277 - _t314;
										if(_t277 >= _t314) {
											continue;
										} else {
											goto L22;
										}
										goto L23;
									}
									_t377 = _a8;
									_t54 = (_t277 - _t314) * 4; // 0xfc23b5a
									__eflags =  *((intOrPtr*)(_t377 + _t54 + 4)) -  *((intOrPtr*)(_t263 + 4 + _t277 * 4));
									if( *((intOrPtr*)(_t377 + _t54 + 4)) <  *((intOrPtr*)(_t263 + 4 + _t277 * 4))) {
										goto L22;
									}
								}
								L23:
								__eflags = _t314;
								if(__eflags != 0) {
									_t338 = _v60;
									_t200 = _a8;
									_t359 =  *(_t200 + _t338 * 4);
									_t64 = _t338 * 4; // 0xfffe69b6
									_t201 =  *((intOrPtr*)(_t200 + _t64 - 4));
									_v36 = _t201;
									asm("bsr eax, esi");
									_v56 = _t359;
									if(__eflags == 0) {
										_t278 = 0x20;
									} else {
										_t278 = 0x1f - _t201;
									}
									_v40 = _t278;
									_v64 = 0x20 - _t278;
									__eflags = _t278;
									if(_t278 != 0) {
										_t300 = _v40;
										_v36 = _v36 << _t300;
										_v56 = _t359 << _t300 | _v36 >> _v64;
										__eflags = _t338 - 2;
										if(_t338 > 2) {
											_t79 = _t338 * 4; // 0xe850ffff
											_t81 =  &_v36;
											 *_t81 = _v36 |  *(_a8 + _t79 - 8) >> _v64;
											__eflags =  *_t81;
										}
									}
									_v76 = 0;
									_t315 = _t314 + 0xffffffff;
									__eflags = _t315;
									_v32 = _t315;
									if(_t315 < 0) {
										_t339 = 0;
										__eflags = 0;
									} else {
										_t85 =  &(_t263[1]); // 0x4
										_v20 =  &(_t85[_t315]);
										_t206 = _t315 + _t338;
										_t90 = _t263 - 4; // -4
										_v12 = _t206;
										_t286 = _t90 + _t206 * 4;
										_v80 = _t286;
										do {
											__eflags = _t206 - _v16;
											if(_t206 > _v16) {
												_t207 = 0;
												__eflags = 0;
											} else {
												_t207 = _t286[2];
											}
											__eflags = _v40;
											_t319 = _t286[1];
											_t287 =  *_t286;
											_v52 = _t207;
											_v44 = 0;
											_v8 = _t207;
											_v24 = _t287;
											if(_v40 > 0) {
												_t326 = _v8;
												_t344 = _t287 >> _v64;
												_t230 = E00345870(_t319, _v40, _t326);
												_t287 = _v40;
												_t207 = _t326;
												_t319 = _t344 | _t230;
												_t367 = _v24 << _t287;
												__eflags = _v12 - 3;
												_v8 = _t326;
												_v24 = _t367;
												if(_v12 >= 3) {
													_t287 = _v64;
													_t368 = _t367 |  *(_t263 + (_v60 + _v32) * 4 - 8) >> _t287;
													__eflags = _t368;
													_t207 = _v8;
													_v24 = _t368;
												}
											}
											_t208 = E0036F8D0(_t319, _t207, _v56, 0);
											_v44 = _t263;
											_t266 = _t208;
											_v44 = 0;
											_t209 = _t319;
											_v8 = _t266;
											_v28 = _t209;
											_t341 = _t287;
											_v72 = _t266;
											_v68 = _t209;
											__eflags = _t209;
											if(_t209 != 0) {
												L41:
												_t267 = _t266 + 1;
												asm("adc eax, 0xffffffff");
												_t341 = _t341 + E003458F0(_t267, _t209, _v56, 0);
												asm("adc esi, edx");
												_t266 = _t267 | 0xffffffff;
												_t209 = 0;
												__eflags = 0;
												_v44 = 0;
												_v8 = _t266;
												_v72 = _t266;
												_v28 = 0;
												_v68 = 0;
											} else {
												__eflags = _t266 - 0xffffffff;
												if(_t266 > 0xffffffff) {
													goto L41;
												}
											}
											__eflags = 0;
											if(0 <= 0) {
												if(0 < 0) {
													goto L45;
												} else {
													__eflags = _t341 - 0xffffffff;
													if(_t341 <= 0xffffffff) {
														while(1) {
															L45:
															_v8 = _v24;
															_t228 = E003458F0(_v36, 0, _t266, _t209);
															__eflags = _t319 - _t341;
															if(__eflags < 0) {
																break;
															}
															if(__eflags > 0) {
																L48:
																_t209 = _v28;
																_t266 = _t266 + 0xffffffff;
																_v72 = _t266;
																asm("adc eax, 0xffffffff");
																_t341 = _t341 + _v56;
																__eflags = _t341;
																_v28 = _t209;
																asm("adc dword [ebp-0x28], 0x0");
																_v68 = _t209;
																if(_t341 == 0) {
																	__eflags = _t341 - 0xffffffff;
																	if(_t341 <= 0xffffffff) {
																		continue;
																	} else {
																	}
																}
															} else {
																__eflags = _t228 - _v8;
																if(_t228 <= _v8) {
																	break;
																} else {
																	goto L48;
																}
															}
															L52:
															_v8 = _t266;
															goto L53;
														}
														_t209 = _v28;
														goto L52;
													}
												}
											}
											L53:
											__eflags = _t209;
											if(_t209 != 0) {
												L55:
												_t288 = _v60;
												_t342 = 0;
												_t363 = 0;
												__eflags = _t288;
												if(_t288 != 0) {
													_t269 = _v20;
													_t219 =  &(_a8[1]);
													__eflags = _t219;
													_v24 = _t219;
													_v16 = _t288;
													do {
														_v44 =  *_t219;
														_t225 =  *_t269;
														_t294 = _t342 + _v72 * _v44;
														asm("adc esi, edx");
														_t342 = _t363;
														_t363 = 0;
														__eflags = _t225 - _t294;
														if(_t225 < _t294) {
															_t342 = _t342 + 1;
															asm("adc esi, esi");
														}
														 *_t269 = _t225 - _t294;
														_t269 = _t269 + 4;
														_t219 = _v24 + 4;
														_t164 =  &_v16;
														 *_t164 = _v16 - 1;
														__eflags =  *_t164;
														_v24 = _t219;
													} while ( *_t164 != 0);
													_t266 = _v8;
													_t288 = _v60;
												}
												__eflags = 0 - _t363;
												if(__eflags <= 0) {
													if(__eflags < 0) {
														L64:
														__eflags = _t288;
														if(_t288 != 0) {
															_t346 = _t288;
															_t322 = _v20;
															_t370 =  &(_a8[1]);
															__eflags = _t370;
															_t268 = 0;
															do {
																_t290 =  *_t322;
																_t172 = _t370 + 4; // 0xa6a5959
																_t370 = _t172;
																_t322 = _t322 + 4;
																asm("adc eax, eax");
																 *((intOrPtr*)(_t322 - 4)) = _t290 +  *((intOrPtr*)(_t370 - 4)) + _t268;
																asm("adc eax, 0x0");
																_t268 = 0;
																_t346 = _t346 - 1;
																__eflags = _t346;
															} while (_t346 != 0);
															_t266 = _v8;
														}
														_t266 = _t266 + 0xffffffff;
														asm("adc dword [ebp-0x18], 0xffffffff");
													} else {
														__eflags = _v52 - _t342;
														if(_v52 < _t342) {
															goto L64;
														}
													}
												}
												_t213 = _v12 - 1;
												__eflags = _t213;
												_v16 = _t213;
											} else {
												__eflags = _t266;
												if(_t266 != 0) {
													goto L55;
												}
											}
											_t339 = 0 + _t266;
											asm("adc esi, 0x0");
											_v20 = _v20 - 4;
											_t321 = _v32 - 1;
											_t263 = _a4;
											_t286 = _v80 - 4;
											_t206 = _v12 - 1;
											_v76 = _t339;
											_v32 = _t321;
											_v80 = _t286;
											_v12 = _t206;
											__eflags = _t321;
										} while (_t321 >= 0);
									}
									_t317 = _v16 + 1;
									_t204 = _t317;
									__eflags = _t204 -  *_t263;
									if(_t204 <  *_t263) {
										_t191 = _t204 + 1; // 0x36d9ac
										_t282 =  &(_t263[_t191]);
										do {
											 *_t282 = 0;
											_t194 =  &(_t282[1]); // 0x91850fc2
											_t282 = _t194;
											_t204 = _t204 + 1;
											__eflags = _t204 -  *_t263;
										} while (_t204 <  *_t263);
									}
									 *_t263 = _t317;
									__eflags = _t317;
									if(_t317 != 0) {
										while(1) {
											_t279 =  *_t263;
											__eflags = _t263[_t279];
											if(_t263[_t279] != 0) {
												goto L79;
											}
											_t280 = _t279 + 0xffffffff;
											__eflags = _t280;
											 *_t263 = _t280;
											if(_t280 != 0) {
												continue;
											}
											goto L79;
										}
									}
									L79:
									return _t339;
								} else {
									goto L24;
								}
							}
						} else {
							_t6 =  &(_t336[1]); // 0xfc23b5a
							_t303 =  *_t6;
							_v44 = _t303;
							__eflags = _t303 - 1;
							if(_t303 != 1) {
								__eflags = _t357;
								if(_t357 != 0) {
									_t350 = 0;
									_v12 = 0;
									_v8 = 0;
									_v20 = 0;
									__eflags = _t357 - 0xffffffff;
									if(_t357 != 0xffffffff) {
										_t250 = _v16 + 1;
										__eflags = _t250;
										_v32 = _t250;
										_t381 =  &(_t263[_t357 + 1]);
										do {
											_t253 = E0036F8D0( *_t381, _t350, _t303, 0);
											_v68 = _t311;
											_t381 = _t381 - 4;
											_v20 = _t263;
											_t350 = _t303;
											_t311 = 0 + _t253;
											asm("adc ecx, 0x0");
											_v12 = _t311;
											_t34 =  &_v32;
											 *_t34 = _v32 - 1;
											__eflags =  *_t34;
											_v8 = _v12;
											_t303 = _v44;
										} while ( *_t34 != 0);
										_t263 = _a4;
									}
									_v544 = 0;
									_t41 =  &(_t263[1]); // 0x4
									_t378 = _t41;
									 *_t263 = 0;
									E00354838(_t378, 0x1cc,  &_v540, 0);
									_t247 = _v20;
									__eflags = 0 - _t247;
									 *_t378 = _t350;
									_t263[2] = _t247;
									asm("sbb ecx, ecx");
									__eflags =  ~0x00000000;
									 *_t263 = 0xbadbae;
									return _v12;
								} else {
									_t14 =  &(_t263[1]); // 0x4
									_t352 = _t14;
									_v544 = 0;
									 *_t263 = 0;
									E00354838(_t352, 0x1cc,  &_v540, 0);
									_t256 = _t263[1];
									_t330 = _t256 % _v44;
									__eflags = 0 - _t330;
									 *_t352 = _t330;
									asm("sbb ecx, ecx");
									__eflags = 0;
									 *_t263 =  ~0x00000000;
									return _t256 / _v44;
								}
							} else {
								_t9 =  &(_t263[1]); // 0x4
								_v544 = _t198;
								 *_t263 = _t198;
								E00354838(_t9, 0x1cc,  &_v540, _t198);
								__eflags = 0;
								return _t263[1];
							}
						}
					} else {
						__eflags = 0;
						return 0;
					}
				} else {
					return _t197;
				}
			}























































































0x0035436c
0x0035436f
0x00354373
0x0035437d
0x00354380
0x00354382
0x00354384
0x00354391
0x00354391
0x00354394
0x00354394
0x00354397
0x0035439a
0x0035439c
0x003544cf
0x003544d1
0x0035451a
0x0035451e
0x00354524
0x003544d3
0x003544d5
0x003544d8
0x003544da
0x003544dd
0x003544df
0x003544e1
0x00354515
0x00354515
0x00354515
0x003544e3
0x003544e8
0x003544ee
0x003544ee
0x003544f1
0x003544f3
0x003544f5
0x00000000
0x00000000
0x003544f7
0x003544f8
0x003544fb
0x003544fe
0x00354500
0x00000000
0x00354502
0x00000000
0x00354502
0x00000000
0x00354500
0x00354504
0x0035450b
0x0035450f
0x00354513
0x00000000
0x00000000
0x00354513
0x00354516
0x00354516
0x00354518
0x00354525
0x00354528
0x0035452b
0x0035452e
0x0035452e
0x00354532
0x00354535
0x00354538
0x0035453b
0x00354546
0x0035453d
0x00354542
0x00354542
0x00354550
0x00354555
0x00354558
0x0035455a
0x00354564
0x00354567
0x0035456e
0x00354571
0x00354574
0x0035457c
0x00354582
0x00354582
0x00354582
0x00354582
0x00354574
0x00354587
0x0035458e
0x0035458e
0x00354591
0x00354594
0x003547c6
0x003547c6
0x0035459a
0x0035459a
0x003545a0
0x003545a3
0x003545a6
0x003545a9
0x003545ac
0x003545af
0x003545b2
0x003545b2
0x003545b5
0x003545bc
0x003545bc
0x003545b7
0x003545b7
0x003545b7
0x003545be
0x003545c2
0x003545c5
0x003545c7
0x003545ca
0x003545d1
0x003545d4
0x003545d7
0x003545e2
0x003545e5
0x003545ea
0x003545ef
0x003545f6
0x003545fb
0x003545fd
0x003545ff
0x00354603
0x00354606
0x00354609
0x00354611
0x0035461a
0x0035461a
0x0035461c
0x0035461f
0x0035461f
0x00354609
0x00354629
0x0035462e
0x00354633
0x00354635
0x00354638
0x0035463a
0x0035463d
0x00354640
0x00354642
0x00354645
0x00354648
0x0035464a
0x00354651
0x00354656
0x00354659
0x00354663
0x00354665
0x00354667
0x0035466a
0x0035466a
0x0035466c
0x0035466f
0x00354672
0x00354675
0x00354678
0x0035464c
0x0035464c
0x0035464f
0x00000000
0x00000000
0x0035464f
0x0035467b
0x0035467d
0x0035467f
0x00000000
0x00354681
0x00354681
0x00354684
0x00354686
0x00354686
0x00354694
0x00354697
0x0035469c
0x0035469e
0x00000000
0x00000000
0x003546a0
0x003546a7
0x003546a7
0x003546aa
0x003546ad
0x003546b0
0x003546b3
0x003546b3
0x003546b6
0x003546b9
0x003546bd
0x003546c0
0x003546c2
0x003546c5
0x00000000
0x00000000
0x003546c7
0x003546c5
0x003546a2
0x003546a2
0x003546a5
0x00000000
0x00000000
0x00000000
0x00000000
0x003546a5
0x003546cc
0x003546cc
0x00000000
0x003546cc
0x003546c9
0x00000000
0x003546c9
0x00354684
0x0035467f
0x003546cf
0x003546cf
0x003546d1
0x003546db
0x003546db
0x003546de
0x003546e0
0x003546e2
0x003546e4
0x003546e9
0x003546ec
0x003546ec
0x003546ef
0x003546f2
0x003546f5
0x003546f7
0x0035470c
0x0035470e
0x00354710
0x00354712
0x00354714
0x00354716
0x00354718
0x0035471a
0x0035471d
0x0035471d
0x00354721
0x00354723
0x00354729
0x0035472c
0x0035472c
0x0035472c
0x00354730
0x00354730
0x00354735
0x00354738
0x00354738
0x0035473d
0x0035473f
0x00354741
0x00354748
0x00354748
0x0035474a
0x0035474f
0x00354751
0x00354754
0x00354754
0x00354757
0x00354760
0x00354760
0x00354762
0x00354762
0x00354767
0x0035476d
0x00354771
0x00354774
0x00354777
0x00354779
0x00354779
0x00354779
0x0035477e
0x0035477e
0x00354781
0x00354784
0x00354743
0x00354743
0x00354746
0x00000000
0x00000000
0x00354746
0x00354741
0x0035478b
0x0035478b
0x0035478c
0x003546d3
0x003546d3
0x003546d5
0x00000000
0x00000000
0x003546d5
0x0035479c
0x003547a1
0x003547a4
0x003547a8
0x003547a9
0x003547ac
0x003547af
0x003547b0
0x003547b3
0x003547b6
0x003547b9
0x003547bc
0x003547bc
0x003547c4
0x003547cb
0x003547cc
0x003547ce
0x003547d0
0x003547d2
0x003547d5
0x003547e0
0x003547e0
0x003547e6
0x003547e6
0x003547e9
0x003547ea
0x003547ea
0x003547e0
0x003547ee
0x003547f0
0x003547f2
0x003547f4
0x003547f4
0x003547f6
0x003547fa
0x00000000
0x00000000
0x003547fc
0x003547fc
0x003547ff
0x00354801
0x00000000
0x00000000
0x00000000
0x00354801
0x003547f4
0x00354803
0x0035480d
0x00000000
0x00000000
0x00000000
0x00354518
0x003543a2
0x003543a2
0x003543a2
0x003543a5
0x003543a8
0x003543ab
0x003543dc
0x003543de
0x00354429
0x0035442b
0x00354432
0x00354439
0x0035443c
0x0035443f
0x00354445
0x00354445
0x00354446
0x00354449
0x00354450
0x00354459
0x0035445e
0x00354461
0x00354466
0x00354469
0x0035446b
0x00354470
0x00354473
0x00354476
0x00354476
0x00354476
0x0035447a
0x0035447d
0x0035447d
0x00354482
0x00354482
0x0035448d
0x00354498
0x00354498
0x0035449b
0x003544a7
0x003544ac
0x003544b7
0x003544b9
0x003544bb
0x003544c1
0x003544c6
0x003544c8
0x003544ce
0x003543e0
0x003543ec
0x003543ec
0x003543ef
0x003543ff
0x00354405
0x0035440c
0x0035440e
0x00354416
0x00354418
0x0035441a
0x0035441f
0x00354422
0x00354428
0x00354428
0x003543ad
0x003543b0
0x003543b4
0x003543ba
0x003543c9
0x003543d3
0x003543db
0x003543db
0x003543ab
0x00354386
0x00354389
0x0035438f
0x0035438f
0x00354375
0x0035437b
0x0035437b

Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: b3bc1c15130d0d66157c74479ed2bbe38881ad10dc23679ec29cbd21b38578b5
  • Instruction ID: 37ed0821f8cb20589f9369bb99be1f85fc6c79d009eddda5a3d7f0acf6f96325
  • Opcode Fuzzy Hash: b3bc1c15130d0d66157c74479ed2bbe38881ad10dc23679ec29cbd21b38578b5
  • Instruction Fuzzy Hash: 02024D71E002199FDF19CFA9C880AADB7F5EF49319F258269D819EB354D730AD45CB80
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E0036512D(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed int _t195;
				signed int _t199;
				signed int _t202;
				void* _t203;
				void* _t206;
				signed int _t209;
				void* _t210;
				signed int _t225;
				unsigned int* _t240;
				signed char _t242;
				signed int* _t250;
				unsigned int* _t256;
				signed int* _t257;
				signed char _t259;
				long _t262;
				signed int* _t265;

				 *(_a4 + 4) = 0;
				_t262 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t242 = _a12;
				if((_t242 & 0x00000010) != 0) {
					_t262 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t242 & 0x00000002) != 0) {
					_t262 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t242 & 0x00000001) != 0) {
					_t262 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t242 & 0x00000004) != 0) {
					_t262 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t242 & 0x00000008) != 0) {
					_t262 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t265 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 +  *_t265) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t265 >> 5) ^  *(_a4 + 8)) & 1;
				_t259 = E003655FF(_a4);
				if((_t259 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t259 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t259 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t259 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t259 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t265 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffd | 1;
						L26:
						 *_t257 = _t225;
						L29:
						_t175 =  *_t265 & 0x00000300;
						if(_t175 == 0) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffeb | 0x00000008;
							L35:
							 *_t250 = _t178;
							L36:
							_t179 = _a4;
							_t254 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t254 = _a4;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t240;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t240 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t240;
							}
							E00365565(_t254);
							RaiseException(_t262, 0, 1,  &_a4);
							_t256 = _a4;
							if((_t256[2] & 0x00000010) != 0) {
								 *_t265 =  *_t265 & 0xfffffffe;
							}
							if((_t256[2] & 0x00000008) != 0) {
								 *_t265 =  *_t265 & 0xfffffffb;
							}
							if((_t256[2] & 0x00000004) != 0) {
								 *_t265 =  *_t265 & 0xfffffff7;
							}
							if((_t256[2] & 0x00000002) != 0) {
								 *_t265 =  *_t265 & 0xffffffef;
							}
							if((_t256[2] & 0x00000001) != 0) {
								 *_t265 =  *_t265 & 0xffffffdf;
							}
							_t195 =  *_t256 & 0x00000003;
							if(_t195 == 0) {
								 *_t265 =  *_t265 & 0xfffff3ff;
							} else {
								_t206 = _t195 - 1;
								if(_t206 == 0) {
									_t209 =  *_t265 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t265 = _t209;
									L58:
									_t199 =  *_t256 >> 0x00000002 & 0x00000007;
									if(_t199 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t265 = _t202;
										L65:
										if(_a28 == 0) {
											 *_t240 = _t256[0x14];
										} else {
											 *_t240 = _t256[0x14];
										}
										return _t202;
									}
									_t203 = _t199 - 1;
									if(_t203 == 0) {
										_t202 =  *_t265 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t202 = _t203 - 1;
									if(_t202 == 0) {
										 *_t265 =  *_t265 & 0xfffff3ff;
									}
									goto L65;
								}
								_t210 = _t206 - 1;
								if(_t210 == 0) {
									_t209 =  *_t265 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t210 == 1) {
									 *_t265 =  *_t265 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t250 = _a4;
							_t178 =  *_t250 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t257 = _a4;
						_t225 =  *_t257 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}























0x0036513b
0x00365142
0x00365147
0x0036514d
0x00365150
0x00365156
0x0036515b
0x00365160
0x00365160
0x00365166
0x0036516b
0x00365170
0x00365170
0x00365177
0x0036517c
0x00365181
0x00365181
0x00365188
0x0036518d
0x00365192
0x00365192
0x00365199
0x0036519e
0x003651a3
0x003651a3
0x003651ab
0x003651bb
0x003651cd
0x003651df
0x003651f2
0x00365204
0x0036520c
0x00365211
0x00365216
0x00365216
0x0036521d
0x00365222
0x00365222
0x00365229
0x0036522e
0x0036522e
0x00365235
0x0036523a
0x0036523a
0x00365241
0x00365246
0x00365246
0x00365250
0x00365252
0x0036528c
0x00365254
0x00365259
0x0036527d
0x00365285
0x00365279
0x00365279
0x0036528f
0x00365296
0x00365298
0x003652ba
0x003652c2
0x003652c5
0x003652c5
0x003652c7
0x003652c7
0x003652d2
0x003652d8
0x003652dd
0x003652e4
0x0036531e
0x00365329
0x0036532f
0x00365332
0x00365335
0x00365341
0x00365349
0x003652e6
0x003652e9
0x003652f5
0x003652fb
0x00365301
0x00365304
0x0036530d
0x0036530d
0x0036534c
0x0036535a
0x00365360
0x00365367
0x00365369
0x00365369
0x00365370
0x00365372
0x00365372
0x00365379
0x0036537b
0x0036537b
0x00365382
0x00365384
0x00365384
0x0036538b
0x0036538d
0x0036538d
0x0036539a
0x0036539d
0x003653d4
0x0036539f
0x0036539f
0x003653a2
0x003653cd
0x003653c2
0x003653c2
0x003653d6
0x003653de
0x003653e1
0x00365400
0x00365405
0x00365405
0x00365407
0x0036540c
0x00365418
0x0036540e
0x00365411
0x00365411
0x0036541d
0x0036541d
0x003653e3
0x003653e6
0x003653f5
0x00000000
0x003653f5
0x003653e8
0x003653eb
0x003653ed
0x003653ed
0x00000000
0x003653eb
0x003653a4
0x003653a7
0x003653bd
0x00000000
0x003653bd
0x003653ac
0x003653ae
0x003653ae
0x003653ac
0x00000000
0x0036539d
0x0036529f
0x003652ad
0x003652b5
0x00000000
0x003652b5
0x003652a3
0x003652a8
0x003652a8
0x00000000
0x003652a3
0x00365260
0x0036526e
0x00365276
0x00000000
0x00365276
0x00365264
0x00365269
0x00365269
0x00365264

APIs
  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00365128,?,?,00000008,?,?,0036E7E6,00000000), ref: 0036535A
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ExceptionRaise
  • String ID:
  • API String ID: 3997070919-0
  • Opcode ID: 895d8f96c07cb0602eba3d7820ccebb1bc4932195566062263b6e3261ea688ba
  • Instruction ID: 455b32996c47b8fe0e94bc955b61a869a805132f32d66670d1f52af4e1722878
  • Opcode Fuzzy Hash: 895d8f96c07cb0602eba3d7820ccebb1bc4932195566062263b6e3261ea688ba
  • Instruction Fuzzy Hash: 0DB18135610A08DFD716CF28C48AB657BE0FF05364F26C668E89ACF2A5C375E991CB40
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 91%
			E0036A717(void* __ecx, void* __edx, signed int* _a4) {
				void* __ebx;
				void* __ebp;
				intOrPtr _t26;
				intOrPtr _t29;
				signed int _t32;
				signed char _t33;
				signed char _t34;
				void* _t36;
				intOrPtr* _t39;
				intOrPtr* _t42;
				signed int _t48;
				void* _t51;
				void* _t52;
				signed int* _t53;
				void* _t54;
				signed int _t62;

				_t54 = E0036098D(_t36, __ecx, __edx);
				_t48 = 2;
				_t39 =  *((intOrPtr*)(_t54 + 0x50));
				_t51 = _t39 + 2;
				do {
					_t26 =  *_t39;
					_t39 = _t39 + _t48;
				} while (_t26 != 0);
				_t42 =  *((intOrPtr*)(_t54 + 0x54));
				 *(_t54 + 0x60) = 0 | _t39 - _t51 >> 0x00000001 == 0x00000003;
				_t52 = _t42 + 2;
				do {
					_t29 =  *_t42;
					_t42 = _t42 + _t48;
				} while (_t29 != 0);
				_t53 = _a4;
				 *(_t54 + 0x64) = 0 | _t42 - _t52 >> 0x00000001 == 0x00000003;
				_t53[1] = 0;
				if( *(_t54 + 0x60) == 0) {
					_t48 = E0036A813( *((intOrPtr*)(_t54 + 0x50)));
				}
				 *(_t54 + 0x5c) = _t48;
				_t32 = EnumSystemLocalesW(0x36a83f, 1);
				_t62 =  *_t53 & 0x00000007;
				asm("bt ecx, 0x9");
				_t33 = _t32 & 0xffffff00 | _t62 > 0x00000000;
				asm("bt ecx, 0x8");
				_t34 = _t33 & 0xffffff00 | _t62 > 0x00000000;
				if((_t34 & (_t48 & 0xffffff00 | _t62 != 0x00000000) & _t33) == 0) {
					 *_t53 = 0;
					return _t34;
				}
				return _t34;
			}



















0x0036a724
0x0036a72a
0x0036a72b
0x0036a72e
0x0036a731
0x0036a731
0x0036a734
0x0036a736
0x0036a744
0x0036a74a
0x0036a74d
0x0036a750
0x0036a750
0x0036a753
0x0036a755
0x0036a75e
0x0036a769
0x0036a76c
0x0036a772
0x0036a77d
0x0036a77d
0x0036a786
0x0036a789
0x0036a791
0x0036a797
0x0036a79b
0x0036a7a0
0x0036a7a4
0x0036a7a9
0x0036a7ab
0x00000000
0x0036a7ab
0x0036a7b1

APIs
    • Part of subcall function 0036098D: GetLastError.KERNEL32(?,00000000,0034D338,00000000,?,?,00367A5E,?,00000020,?,?,?,0035D143,?,UTF-8,00000005), ref: 00360991
    • Part of subcall function 0036098D: _free.LIBCMT ref: 003609C4
    • Part of subcall function 0036098D: SetLastError.KERNEL32(00000000,00000020,?,?,?,0035D143,?,UTF-8,00000005,?,0019E626,00000000,00356348,?,?,0019E626), ref: 00360A05
    • Part of subcall function 0036098D: _abort.LIBCMT ref: 00360A0B
  • EnumSystemLocalesW.KERNEL32(0036A83F,00000001,00000000,?,0035E8F8,?,0036AE6C,00000000,?,?,?), ref: 0036A789
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast$EnumLocalesSystem_abort_free
  • String ID:
  • API String ID: 1084509184-0
  • Opcode ID: 976eab04db1259764d61c432328d419042eda62f879426e087f1c81b7a7a7115
  • Instruction ID: e5dc1a2633b4844904e3d9dcf1c7f9ed948f1520b754df0493ceef77057dc3ad
  • Opcode Fuzzy Hash: 976eab04db1259764d61c432328d419042eda62f879426e087f1c81b7a7a7115
  • Instruction Fuzzy Hash: 5E114C372007015FDB189F78C8916BABBA2FF80358B15842DE94757744D771B903CB40
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E0036A7B2(void* __ecx, void* __edx, signed char* _a4) {
				void* __ebx;
				void* __ebp;
				intOrPtr _t11;
				signed int _t13;
				signed char* _t15;
				void* _t17;
				intOrPtr* _t20;
				intOrPtr _t25;
				void* _t26;
				void* _t27;

				_t27 = E0036098D(_t17, __ecx, __edx);
				_t25 = 2;
				_t20 =  *((intOrPtr*)(_t27 + 0x50));
				_t26 = _t20 + 2;
				do {
					_t11 =  *_t20;
					_t20 = _t20 + _t25;
				} while (_t11 != 0);
				_t13 = 0 | _t20 - _t26 >> 0x00000001 == 0x00000003;
				 *(_t27 + 0x60) = _t13;
				if(_t13 == 0) {
					_t25 = E0036A813( *((intOrPtr*)(_t27 + 0x50)));
				}
				 *((intOrPtr*)(_t27 + 0x5c)) = _t25;
				EnumSystemLocalesW(0x36aa8f, 1);
				_t15 = _a4;
				if(( *_t15 & 0x00000004) == 0) {
					 *_t15 = 0;
					return _t15;
				}
				return _t15;
			}













0x0036a7bf
0x0036a7c5
0x0036a7c6
0x0036a7c9
0x0036a7cc
0x0036a7cc
0x0036a7cf
0x0036a7d1
0x0036a7df
0x0036a7e2
0x0036a7e7
0x0036a7f2
0x0036a7f2
0x0036a7fb
0x0036a7fe
0x0036a804
0x0036a80a
0x0036a80c
0x00000000
0x0036a80c
0x0036a812

APIs
    • Part of subcall function 0036098D: GetLastError.KERNEL32(?,00000000,0034D338,00000000,?,?,00367A5E,?,00000020,?,?,?,0035D143,?,UTF-8,00000005), ref: 00360991
    • Part of subcall function 0036098D: _free.LIBCMT ref: 003609C4
    • Part of subcall function 0036098D: SetLastError.KERNEL32(00000000,00000020,?,?,?,0035D143,?,UTF-8,00000005,?,0019E626,00000000,00356348,?,?,0019E626), ref: 00360A05
    • Part of subcall function 0036098D: _abort.LIBCMT ref: 00360A0B
  • EnumSystemLocalesW.KERNEL32(0036AA8F,00000001,00000000,?,0035E8F8,?,0036AE30,0035E8F8,?,?,?,?,?,0035E8F8,?,?), ref: 0036A7FE
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast$EnumLocalesSystem_abort_free
  • String ID:
  • API String ID: 1084509184-0
  • Opcode ID: 7b827a61336b851842f15941174ad46cbd6a383a2c0bd0e7bdd3532998637508
  • Instruction ID: 2aeabe92733bb7de0c60419ea086d888b47d4f2e33f578ee5885abe8ce94ec4a
  • Opcode Fuzzy Hash: 7b827a61336b851842f15941174ad46cbd6a383a2c0bd0e7bdd3532998637508
  • Instruction Fuzzy Hash: EBF022322007055FDB266F79C881A7ABB95EF80728B05842DF9069B644D771AC02CB40
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 66%
			E00360B7C(void* __eflags) {
				int _t15;
				void* _t28;

				_push(0xc);
				_push(0x409210);
				E00345640();
				 *(_t28 - 0x1c) =  *(_t28 - 0x1c) & 0x00000000;
				E0035F9AB( *((intOrPtr*)( *((intOrPtr*)(_t28 + 8)))));
				 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
				 *0x422218 = E00360C28( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t28 + 0xc)))))));
				_t15 = EnumSystemLocalesW(0x360b36, 1);
				_push(0x20);
				asm("ror eax, cl");
				 *0x422218 = 0 ^  *0x414f64;
				 *(_t28 - 0x1c) = _t15;
				 *(_t28 - 4) = 0xfffffffe;
				E00360BF4();
				return E00345686();
			}





0x00360b7c
0x00360b7e
0x00360b83
0x00360b88
0x00360b91
0x00360b97
0x00360ba8
0x00360bb4
0x00360bc4
0x00360bcb
0x00360bd3
0x00360bd8
0x00360bdb
0x00360be2
0x00360bee

APIs
    • Part of subcall function 0035F9AB: EnterCriticalSection.KERNEL32(-00422008,?,0035F426,00000000,00409150,0000000C), ref: 0035F9BA
  • EnumSystemLocalesW.KERNEL32(00360B36,00000001,00409210,0000000C), ref: 00360BB4
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: CriticalEnterEnumLocalesSectionSystem
  • String ID:
  • API String ID: 1272433827-0
  • Opcode ID: d9a908cf71040158887fc595a1c918e81eb94b777f4d0e4c05045c28b1c15765
  • Instruction ID: 01721b26a042d9ee6b98eda438dbd9931d21d315976c12802f324c8aa096ef3a
  • Opcode Fuzzy Hash: d9a908cf71040158887fc595a1c918e81eb94b777f4d0e4c05045c28b1c15765
  • Instruction Fuzzy Hash: B6F04F32A50300EFDB15EFA8D946B9D37E0AB48720F508569F410DF2A2C7B58941CB49
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E0036A6CC(void* __ecx, void* __edx, signed char* _a4) {
				void* __ebp;
				intOrPtr _t9;
				signed char* _t13;
				void* _t14;
				intOrPtr* _t16;
				void* _t20;
				void* _t22;

				_t20 = E0036098D(_t14, __ecx, __edx);
				_t16 =  *((intOrPtr*)(_t20 + 0x54));
				_t22 = _t16 + 2;
				do {
					_t9 =  *_t16;
					_t16 = _t16 + 2;
				} while (_t9 != 0);
				 *(_t20 + 0x64) = 0 | _t16 - _t22 >> 0x00000001 == 0x00000003;
				EnumSystemLocalesW(0x36a623, 1);
				_t13 = _a4;
				if(( *_t13 & 0x00000004) == 0) {
					 *_t13 = 0;
					return _t13;
				}
				return _t13;
			}










0x0036a6d8
0x0036a6dc
0x0036a6df
0x0036a6e2
0x0036a6e2
0x0036a6e5
0x0036a6e8
0x0036a700
0x0036a703
0x0036a709
0x0036a70f
0x0036a711
0x00000000
0x0036a711
0x0036a716

APIs
    • Part of subcall function 0036098D: GetLastError.KERNEL32(?,00000000,0034D338,00000000,?,?,00367A5E,?,00000020,?,?,?,0035D143,?,UTF-8,00000005), ref: 00360991
    • Part of subcall function 0036098D: _free.LIBCMT ref: 003609C4
    • Part of subcall function 0036098D: SetLastError.KERNEL32(00000000,00000020,?,?,?,0035D143,?,UTF-8,00000005,?,0019E626,00000000,00356348,?,?,0019E626), ref: 00360A05
    • Part of subcall function 0036098D: _abort.LIBCMT ref: 00360A0B
  • EnumSystemLocalesW.KERNEL32(0036A623,00000001,00000000,?,?,0036AE8E,0035E8F8,?,?,?,?,?,0035E8F8,?,?,?), ref: 0036A703
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast$EnumLocalesSystem_abort_free
  • String ID:
  • API String ID: 1084509184-0
  • Opcode ID: cbb3d6241dada5e9cfe499cc17c01b6eabc3837c23977db64bd03e26627a9b48
  • Instruction ID: 233c5cc274f8ee6a68d7d9bd676f22c1ec3d9add16cf7991246991b41856ccb2
  • Opcode Fuzzy Hash: cbb3d6241dada5e9cfe499cc17c01b6eabc3837c23977db64bd03e26627a9b48
  • Instruction Fuzzy Hash: 09F0553A70020557CB169F35D8457AABFA4EFC1710F0B8099EA098B250C3B19C42CB90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 88%
			E0034EFF0(void* __ecx) {
				char _v6;
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t49;
				signed int _t50;
				void* _t51;
				signed char _t54;
				signed char _t56;
				signed int _t57;
				signed int _t58;
				signed char _t67;
				signed char _t69;
				signed char _t71;
				signed char _t80;
				signed char _t82;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed char _t92;
				void* _t95;
				intOrPtr _t100;
				unsigned int _t102;
				signed char _t104;
				void* _t112;
				unsigned int _t113;
				void* _t114;
				signed int _t115;
				signed int* _t116;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t124;
				void* _t125;

				_push(__ecx);
				_t119 = __ecx;
				_t92 = 1;
				_t49 =  *((char*)(__ecx + 0x31));
				_t124 = _t49 - 0x64;
				if(_t124 > 0) {
					__eflags = _t49 - 0x70;
					if(__eflags > 0) {
						_t50 = _t49 - 0x73;
						__eflags = _t50;
						if(_t50 == 0) {
							L9:
							_t51 = E0034FBDE(_t119);
							L10:
							if(_t51 != 0) {
								__eflags =  *((char*)(_t119 + 0x30));
								if( *((char*)(_t119 + 0x30)) == 0) {
									_t113 =  *(_t119 + 0x20);
									_push(_t114);
									_v8 = 0;
									_t115 = 0;
									_v6 = 0;
									_t54 = _t113 >> 4;
									__eflags = _t92 & _t54;
									if((_t92 & _t54) == 0) {
										L46:
										_t100 =  *((intOrPtr*)(_t119 + 0x31));
										__eflags = _t100 - 0x78;
										if(_t100 == 0x78) {
											L48:
											_t56 = _t113 >> 5;
											__eflags = _t92 & _t56;
											if((_t92 & _t56) != 0) {
												L50:
												__eflags = _t100 - 0x61;
												if(_t100 == 0x61) {
													L53:
													_t57 = 1;
													L54:
													__eflags = _t92;
													if(_t92 != 0) {
														L56:
														 *((char*)(_t121 + _t115 - 4)) = 0x30;
														__eflags = _t100 - 0x58;
														if(_t100 == 0x58) {
															L59:
															_t58 = 1;
															L60:
															__eflags = _t58;
															 *((char*)(_t121 + _t115 - 3)) = ((_t58 & 0xffffff00 | _t58 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
															_t115 = _t115 + 2;
															__eflags = _t115;
															L61:
															_t95 =  *((intOrPtr*)(_t119 + 0x24)) -  *((intOrPtr*)(_t119 + 0x38)) - _t115;
															__eflags = _t113 & 0x0000000c;
															if((_t113 & 0x0000000c) == 0) {
																E0034E29D(_t119 + 0x448, 0x20, _t95, _t119 + 0x18);
																_t122 = _t122 + 0x10;
															}
															E0034FEE0(_t119 + 0x448,  &_v8, _t115, _t119 + 0x18,  *((intOrPtr*)(_t119 + 0xc)));
															_t102 =  *(_t119 + 0x20);
															_t116 = _t119 + 0x18;
															_t67 = _t102 >> 3;
															__eflags = _t67 & 0x00000001;
															if((_t67 & 0x00000001) != 0) {
																_t104 = _t102 >> 2;
																__eflags = _t104 & 0x00000001;
																if((_t104 & 0x00000001) == 0) {
																	E0034E29D(_t119 + 0x448, 0x30, _t95, _t116);
																	_t122 = _t122 + 0x10;
																}
															}
															E0034FDAE(_t95, _t119, _t116, _t119, 0);
															__eflags =  *_t116;
															if( *_t116 >= 0) {
																_t71 =  *(_t119 + 0x20) >> 2;
																__eflags = _t71 & 0x00000001;
																if((_t71 & 0x00000001) != 0) {
																	E0034E29D(_t119 + 0x448, 0x20, _t95, _t116);
																}
															}
															_t69 = 1;
															L70:
															return _t69;
														}
														__eflags = _t100 - 0x41;
														if(_t100 == 0x41) {
															goto L59;
														}
														_t58 = 0;
														goto L60;
													}
													__eflags = _t57;
													if(_t57 == 0) {
														goto L61;
													}
													goto L56;
												}
												__eflags = _t100 - 0x41;
												if(_t100 == 0x41) {
													goto L53;
												}
												_t57 = 0;
												goto L54;
											}
											L49:
											_t92 = 0;
											__eflags = 0;
											goto L50;
										}
										__eflags = _t100 - 0x58;
										if(_t100 != 0x58) {
											goto L49;
										}
										goto L48;
									}
									_t80 = _t113 >> 6;
									__eflags = _t92 & _t80;
									if((_t92 & _t80) == 0) {
										__eflags = _t92 & _t113;
										if((_t92 & _t113) == 0) {
											_t82 = _t113 >> 1;
											__eflags = _t92 & _t82;
											if((_t92 & _t82) == 0) {
												goto L46;
											}
											_v8 = 0x20;
											L45:
											_t115 = _t92;
											goto L46;
										}
										_v8 = 0x2b;
										goto L45;
									}
									_v8 = 0x2d;
									goto L45;
								}
								_t69 = _t92;
								goto L70;
							}
							L11:
							_t69 = 0;
							goto L70;
						}
						_t84 = _t50;
						__eflags = _t84;
						if(__eflags == 0) {
							L28:
							_push(0);
							_push(0xa);
							L29:
							_t51 = E0034F9E9(_t119, _t114, __eflags);
							goto L10;
						}
						__eflags = _t84 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t51 = E0034FBC6(__ecx);
						goto L10;
					}
					__eflags = _t49 - 0x67;
					if(_t49 <= 0x67) {
						L30:
						_t51 = E0034F5F5(_t92, _t119, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x69;
					if(_t49 == 0x69) {
						L27:
						_t2 = _t119 + 0x20;
						 *_t2 =  *(_t119 + 0x20) | 0x00000010;
						__eflags =  *_t2;
						goto L28;
					}
					__eflags = _t49 - 0x6e;
					if(_t49 == 0x6e) {
						_t51 = E0034FB33(__ecx, _t112);
						goto L10;
					}
					__eflags = _t49 - 0x6f;
					if(_t49 != 0x6f) {
						goto L11;
					}
					_t51 = E0034FBA7(__ecx);
					goto L10;
				}
				if(_t124 == 0) {
					goto L27;
				}
				_t125 = _t49 - 0x58;
				if(_t125 > 0) {
					_t86 = _t49 - 0x5a;
					__eflags = _t86;
					if(_t86 == 0) {
						_t51 = E0034F52F(__ecx);
						goto L10;
					}
					_t87 = _t86 - 7;
					__eflags = _t87;
					if(_t87 == 0) {
						goto L30;
					}
					__eflags = _t87;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t51 = E0034F8C1(_t92, _t119, __eflags, 0);
					goto L10;
				}
				if(_t125 == 0) {
					_push(1);
					goto L13;
				}
				if(_t49 == 0x41) {
					goto L30;
				}
				if(_t49 == 0x43) {
					goto L17;
				}
				if(_t49 <= 0x44) {
					goto L11;
				}
				if(_t49 <= 0x47) {
					goto L30;
				}
				if(_t49 != 0x53) {
					goto L11;
				}
				goto L9;
			}






































0x0034eff5
0x0034eff8
0x0034effc
0x0034efff
0x0034f003
0x0034f006
0x0034f074
0x0034f077
0x0034f0c6
0x0034f0c6
0x0034f0c9
0x0034f036
0x0034f038
0x0034f03d
0x0034f03f
0x0034f0e4
0x0034f0e8
0x0034f0f1
0x0034f0f6
0x0034f0f7
0x0034f0fb
0x0034f0fd
0x0034f102
0x0034f105
0x0034f107
0x0034f130
0x0034f130
0x0034f133
0x0034f136
0x0034f13d
0x0034f13f
0x0034f142
0x0034f144
0x0034f148
0x0034f148
0x0034f14b
0x0034f156
0x0034f156
0x0034f158
0x0034f158
0x0034f15a
0x0034f160
0x0034f160
0x0034f165
0x0034f168
0x0034f173
0x0034f173
0x0034f175
0x0034f175
0x0034f180
0x0034f184
0x0034f184
0x0034f187
0x0034f18d
0x0034f18f
0x0034f192
0x0034f1a2
0x0034f1a7
0x0034f1a7
0x0034f1bc
0x0034f1c1
0x0034f1c4
0x0034f1c9
0x0034f1cc
0x0034f1ce
0x0034f1d0
0x0034f1d3
0x0034f1d6
0x0034f1e3
0x0034f1e8
0x0034f1e8
0x0034f1d6
0x0034f1ef
0x0034f1f4
0x0034f1f7
0x0034f1fc
0x0034f1ff
0x0034f201
0x0034f20e
0x0034f213
0x0034f201
0x0034f216
0x0034f219
0x0034f21e
0x0034f21e
0x0034f16a
0x0034f16d
0x00000000
0x00000000
0x0034f16f
0x00000000
0x0034f16f
0x0034f15c
0x0034f15e
0x00000000
0x00000000
0x00000000
0x0034f15e
0x0034f14d
0x0034f150
0x00000000
0x00000000
0x0034f152
0x00000000
0x0034f152
0x0034f146
0x0034f146
0x0034f146
0x00000000
0x0034f146
0x0034f138
0x0034f13b
0x00000000
0x00000000
0x00000000
0x0034f13b
0x0034f10b
0x0034f10e
0x0034f110
0x0034f118
0x0034f11a
0x0034f124
0x0034f126
0x0034f128
0x00000000
0x00000000
0x0034f12a
0x0034f12e
0x0034f12e
0x00000000
0x0034f12e
0x0034f11c
0x00000000
0x0034f11c
0x0034f112
0x00000000
0x0034f112
0x0034f0ea
0x00000000
0x0034f0ea
0x0034f045
0x0034f045
0x00000000
0x0034f045
0x0034f0d0
0x0034f0d0
0x0034f0d3
0x0034f0a5
0x0034f0a5
0x0034f0a6
0x0034f0a8
0x0034f0aa
0x00000000
0x0034f0aa
0x0034f0d5
0x0034f0d8
0x00000000
0x00000000
0x0034f0de
0x0034f04d
0x0034f04d
0x00000000
0x0034f04d
0x0034f079
0x0034f0bc
0x00000000
0x0034f0bc
0x0034f07b
0x0034f07e
0x0034f0b1
0x0034f0b3
0x00000000
0x0034f0b3
0x0034f080
0x0034f083
0x0034f0a1
0x0034f0a1
0x0034f0a1
0x0034f0a1
0x00000000
0x0034f0a1
0x0034f085
0x0034f088
0x0034f09a
0x00000000
0x0034f09a
0x0034f08a
0x0034f08d
0x00000000
0x00000000
0x0034f091
0x00000000
0x0034f091
0x0034f008
0x00000000
0x00000000
0x0034f00e
0x0034f011
0x0034f051
0x0034f051
0x0034f054
0x0034f06d
0x00000000
0x0034f06d
0x0034f056
0x0034f056
0x0034f059
0x00000000
0x00000000
0x0034f05c
0x0034f05f
0x00000000
0x00000000
0x0034f061
0x0034f064
0x00000000
0x0034f064
0x0034f013
0x0034f04c
0x00000000
0x0034f04c
0x0034f018
0x00000000
0x00000000
0x0034f021
0x00000000
0x00000000
0x0034f026
0x00000000
0x00000000
0x0034f02b
0x00000000
0x00000000
0x0034f034
0x00000000
0x00000000
0x00000000

Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID: 0
  • API String ID: 0-4108050209
  • Opcode ID: 3502884033f333171cc44c52fa7edd7ba3bc56472306bf322e2f9cb9de3014fd
  • Instruction ID: d2e4c373c1bc21e0de7da0bd992cbd560652283f430299f3c216e7475b97f80f
  • Opcode Fuzzy Hash: 3502884033f333171cc44c52fa7edd7ba3bc56472306bf322e2f9cb9de3014fd
  • Instruction Fuzzy Hash: D151AA71600A499FDF378968C956BBF37C9AB92344F1D093AD882CF683C605FD468356
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 83%
			E0034F21F(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _t52;
				signed int _t54;
				signed int _t55;
				void* _t56;
				signed char _t60;
				signed char _t62;
				signed int _t64;
				void* _t65;
				signed int _t66;
				signed char _t75;
				signed char _t78;
				void* _t86;
				void* _t88;
				signed char _t90;
				signed char _t92;
				signed int _t93;
				signed int _t96;
				signed int _t98;
				signed int _t99;
				signed int _t103;
				signed int* _t104;
				void* _t106;
				signed int _t112;
				unsigned int _t114;
				signed char _t116;
				void* _t124;
				unsigned int _t125;
				void* _t126;
				signed int _t127;
				short _t128;
				void* _t131;
				void* _t133;
				void* _t135;
				signed int _t136;
				void* _t137;
				void* _t139;
				void* _t140;

				_t126 = __edi;
				_t52 =  *0x414f64; // 0x48591883
				_v8 = _t52 ^ _t136;
				_t135 = __ecx;
				_t103 = 0;
				_t124 = 0x41;
				_t54 =  *(__ecx + 0x32) & 0x0000ffff;
				_t106 = 0x58;
				_t139 = _t54 - 0x64;
				if(_t139 > 0) {
					__eflags = _t54 - 0x70;
					if(__eflags > 0) {
						_t55 = _t54 - 0x73;
						__eflags = _t55;
						if(_t55 == 0) {
							L9:
							_t56 = E0034FC51(_t135);
							L10:
							if(_t56 != 0) {
								__eflags =  *((intOrPtr*)(_t135 + 0x30)) - _t103;
								if( *((intOrPtr*)(_t135 + 0x30)) != _t103) {
									L71:
									L72:
									return E00344CC8(_v8 ^ _t136);
								}
								_t125 =  *(_t135 + 0x20);
								_push(_t126);
								_v16 = _t103;
								_t60 = _t125 >> 4;
								_v12 = _t103;
								_t127 = 0x20;
								__eflags = 1 & _t60;
								if((1 & _t60) == 0) {
									L46:
									_t112 =  *(_t135 + 0x32) & 0x0000ffff;
									__eflags = _t112 - 0x78;
									if(_t112 == 0x78) {
										L48:
										_t62 = _t125 >> 5;
										__eflags = _t62 & 0x00000001;
										if((_t62 & 0x00000001) == 0) {
											L50:
											__eflags = 0;
											L51:
											__eflags = _t112 - 0x61;
											if(_t112 == 0x61) {
												L54:
												_t64 = 1;
												L55:
												_t128 = 0x30;
												__eflags = _t64;
												if(_t64 != 0) {
													L57:
													_t65 = 0x58;
													 *((short*)(_t136 + _t103 * 2 - 0xc)) = _t128;
													__eflags = _t112 - _t65;
													if(_t112 == _t65) {
														L60:
														_t66 = 1;
														L61:
														__eflags = _t66;
														asm("cbw");
														 *((short*)(_t136 + _t103 * 2 - 0xa)) = ((_t66 & 0xffffff00 | _t66 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x78;
														_t103 = _t103 + 2;
														__eflags = _t103;
														L62:
														_t131 =  *((intOrPtr*)(_t135 + 0x24)) -  *((intOrPtr*)(_t135 + 0x38)) - _t103;
														__eflags = _t125 & 0x0000000c;
														if((_t125 & 0x0000000c) == 0) {
															E0034E2C9(_t135 + 0x448, 0x20, _t131, _t135 + 0x18);
															_t137 = _t137 + 0x10;
														}
														E0034FF73(_t135 + 0x448,  &_v16, _t103, _t135 + 0x18,  *((intOrPtr*)(_t135 + 0xc)));
														_t114 =  *(_t135 + 0x20);
														_t104 = _t135 + 0x18;
														_t75 = _t114 >> 3;
														__eflags = _t75 & 0x00000001;
														if((_t75 & 0x00000001) != 0) {
															_t116 = _t114 >> 2;
															__eflags = _t116 & 0x00000001;
															if((_t116 & 0x00000001) == 0) {
																E0034E2C9(_t135 + 0x448, 0x30, _t131, _t104);
																_t137 = _t137 + 0x10;
															}
														}
														E0034FE55(_t135, 0);
														__eflags =  *_t104;
														if( *_t104 >= 0) {
															_t78 =  *(_t135 + 0x20) >> 2;
															__eflags = _t78 & 0x00000001;
															if((_t78 & 0x00000001) != 0) {
																E0034E2C9(_t135 + 0x448, 0x20, _t131, _t104);
															}
														}
														goto L71;
													}
													_t86 = 0x41;
													__eflags = _t112 - _t86;
													if(_t112 == _t86) {
														goto L60;
													}
													_t66 = 0;
													goto L61;
												}
												__eflags = _t64;
												if(_t64 == 0) {
													goto L62;
												}
												goto L57;
											}
											_t133 = 0x41;
											__eflags = _t112 - _t133;
											if(_t112 == _t133) {
												goto L54;
											}
											_t64 = 0;
											goto L55;
										}
										goto L51;
									}
									_t88 = 0x58;
									__eflags = _t112 - _t88;
									if(_t112 != _t88) {
										goto L50;
									}
									goto L48;
								}
								_t90 = _t125 >> 6;
								__eflags = 1 & _t90;
								if((1 & _t90) == 0) {
									__eflags = 1 & _t125;
									if((1 & _t125) == 0) {
										_t92 = _t125 >> 1;
										__eflags = 1 & _t92;
										if((1 & _t92) == 0) {
											goto L46;
										}
										_v16 = _t127;
										L45:
										_t103 = 1;
										goto L46;
									}
									_push(0x2b);
									L40:
									_pop(_t93);
									_v16 = _t93;
									goto L45;
								}
								_push(0x2d);
								goto L40;
							}
							L11:
							goto L72;
						}
						_t96 = _t55;
						__eflags = _t96;
						if(__eflags == 0) {
							L28:
							_push(_t103);
							_push(0xa);
							L29:
							_t56 = E0034F9E9(_t135, _t126, __eflags);
							goto L10;
						}
						__eflags = _t96 - 3;
						if(__eflags != 0) {
							goto L11;
						}
						_push(0);
						L13:
						_push(0x10);
						goto L29;
					}
					if(__eflags == 0) {
						_t56 = E0034FBC6(__ecx);
						goto L10;
					}
					__eflags = _t54 - 0x67;
					if(_t54 <= 0x67) {
						L30:
						_t56 = E0034F74F(_t103, _t135);
						goto L10;
					}
					__eflags = _t54 - 0x69;
					if(_t54 == 0x69) {
						L27:
						_t3 = _t135 + 0x20;
						 *_t3 =  *(_t135 + 0x20) | 0x00000010;
						__eflags =  *_t3;
						goto L28;
					}
					__eflags = _t54 - 0x6e;
					if(_t54 == 0x6e) {
						_t56 = E0034FB33(__ecx, _t124);
						goto L10;
					}
					__eflags = _t54 - 0x6f;
					if(_t54 != 0x6f) {
						goto L11;
					}
					_t56 = E0034FBA7(__ecx);
					goto L10;
				}
				if(_t139 == 0) {
					goto L27;
				}
				_t140 = _t54 - _t106;
				if(_t140 > 0) {
					_t98 = _t54 - 0x5a;
					__eflags = _t98;
					if(_t98 == 0) {
						_t56 = E0034F592(__ecx);
						goto L10;
					}
					_t99 = _t98 - 7;
					__eflags = _t99;
					if(_t99 == 0) {
						goto L30;
					}
					__eflags = _t99;
					if(__eflags != 0) {
						goto L11;
					}
					L17:
					_t56 = E0034F951(_t135, __eflags, _t103);
					goto L10;
				}
				if(_t140 == 0) {
					_push(1);
					goto L13;
				}
				if(_t54 == _t124) {
					goto L30;
				}
				if(_t54 == 0x43) {
					goto L17;
				}
				if(_t54 <= 0x44) {
					goto L11;
				}
				if(_t54 <= 0x47) {
					goto L30;
				}
				if(_t54 != 0x53) {
					goto L11;
				}
				goto L9;
			}











































0x0034f21f
0x0034f227
0x0034f22e
0x0034f233
0x0034f235
0x0034f239
0x0034f23c
0x0034f240
0x0034f241
0x0034f244
0x0034f2b1
0x0034f2b4
0x0034f303
0x0034f303
0x0034f306
0x0034f272
0x0034f274
0x0034f279
0x0034f27b
0x0034f321
0x0034f324
0x0034f46a
0x0034f46c
0x0034f47b
0x0034f47b
0x0034f32a
0x0034f32f
0x0034f332
0x0034f335
0x0034f339
0x0034f33f
0x0034f340
0x0034f342
0x0034f36c
0x0034f36c
0x0034f370
0x0034f373
0x0034f37d
0x0034f37f
0x0034f382
0x0034f384
0x0034f38a
0x0034f38a
0x0034f38c
0x0034f38c
0x0034f38f
0x0034f39d
0x0034f39d
0x0034f39f
0x0034f3a1
0x0034f3a2
0x0034f3a4
0x0034f3aa
0x0034f3ac
0x0034f3ad
0x0034f3b2
0x0034f3b5
0x0034f3c3
0x0034f3c3
0x0034f3c5
0x0034f3c5
0x0034f3d0
0x0034f3d2
0x0034f3d7
0x0034f3d7
0x0034f3da
0x0034f3e0
0x0034f3e2
0x0034f3e5
0x0034f3f5
0x0034f3fa
0x0034f3fa
0x0034f40f
0x0034f414
0x0034f417
0x0034f41c
0x0034f41f
0x0034f421
0x0034f423
0x0034f426
0x0034f429
0x0034f436
0x0034f43b
0x0034f43b
0x0034f429
0x0034f442
0x0034f447
0x0034f44a
0x0034f44f
0x0034f452
0x0034f454
0x0034f461
0x0034f466
0x0034f454
0x00000000
0x0034f469
0x0034f3b9
0x0034f3ba
0x0034f3bd
0x00000000
0x00000000
0x0034f3bf
0x00000000
0x0034f3bf
0x0034f3a6
0x0034f3a8
0x00000000
0x00000000
0x00000000
0x0034f3a8
0x0034f393
0x0034f394
0x0034f397
0x00000000
0x00000000
0x0034f399
0x00000000
0x0034f399
0x00000000
0x0034f386
0x0034f377
0x0034f378
0x0034f37b
0x00000000
0x00000000
0x00000000
0x0034f37b
0x0034f346
0x0034f349
0x0034f34b
0x0034f356
0x0034f358
0x0034f360
0x0034f362
0x0034f364
0x00000000
0x00000000
0x0034f366
0x0034f36a
0x0034f36a
0x00000000
0x0034f36a
0x0034f35a
0x0034f34f
0x0034f34f
0x0034f350
0x00000000
0x0034f350
0x0034f34d
0x00000000
0x0034f34d
0x0034f281
0x00000000
0x0034f281
0x0034f30d
0x0034f30d
0x0034f310
0x0034f2e2
0x0034f2e2
0x0034f2e3
0x0034f2e5
0x0034f2e7
0x00000000
0x0034f2e7
0x0034f312
0x0034f315
0x00000000
0x00000000
0x0034f31b
0x0034f28a
0x0034f28a
0x00000000
0x0034f28a
0x0034f2b6
0x0034f2f9
0x00000000
0x0034f2f9
0x0034f2b8
0x0034f2bb
0x0034f2ee
0x0034f2f0
0x00000000
0x0034f2f0
0x0034f2bd
0x0034f2c0
0x0034f2de
0x0034f2de
0x0034f2de
0x0034f2de
0x00000000
0x0034f2de
0x0034f2c2
0x0034f2c5
0x0034f2d7
0x00000000
0x0034f2d7
0x0034f2c7
0x0034f2ca
0x00000000
0x00000000
0x0034f2ce
0x00000000
0x0034f2ce
0x0034f246
0x00000000
0x00000000
0x0034f24c
0x0034f24e
0x0034f28e
0x0034f28e
0x0034f291
0x0034f2aa
0x00000000
0x0034f2aa
0x0034f293
0x0034f293
0x0034f296
0x00000000
0x00000000
0x0034f299
0x0034f29c
0x00000000
0x00000000
0x0034f29e
0x0034f2a1
0x00000000
0x0034f2a1
0x0034f250
0x0034f288
0x00000000
0x0034f288
0x0034f254
0x00000000
0x00000000
0x0034f25d
0x00000000
0x00000000
0x0034f262
0x00000000
0x00000000
0x0034f267
0x00000000
0x00000000
0x0034f270
0x00000000
0x00000000
0x00000000

Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d6063fa6bde40fbdc8498602ceec6d3de7e1d44d0108d2eed70bf651d7259e0d
  • Instruction ID: 9fe5dbfc46c07eeb58a853cd1801e7e314a0fcbe93867282c6c92da2019b4320
  • Opcode Fuzzy Hash: d6063fa6bde40fbdc8498602ceec6d3de7e1d44d0108d2eed70bf651d7259e0d
  • Instruction Fuzzy Hash: 0D61653D6007086EDE7B5E688896BBE33D8EB06744F2D093AE842DF691D681FD428715
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_select), ref: 0015747C
  • ?SetSelectedImage@COptionUI@DuiLib@@QAEXPB_W@Z.DUILIB(common/device_ico/unknow_device_selected.png), ref: 001574EB
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_synchro_selected.png), ref: 00157541
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_synchro_normal.png), ref: 00157555
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_selected.png), ref: 00157569
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_normal.png), ref: 0015757D
  • ?SetSelectedImage@COptionUI@DuiLib@@QAEXPB_W@Z.DUILIB(common/device_ico/kb_device_selected.png), ref: 001575B7
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/kb_device_synchro_selected.png), ref: 0015760D
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/kb_device_synchro_normal.png), ref: 00157621
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/kb_device_selected.png), ref: 00157635
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/kb_device_normal.png), ref: 00157649
  • ?SetSelectedImage@COptionUI@DuiLib@@QAEXPB_W@Z.DUILIB(common/device_ico/ms_device_selected.png), ref: 00157683
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/ms_device_synchro_selected.png), ref: 001576D9
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/ms_device_synchro_normal.png), ref: 001576ED
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/ms_device_selected.png), ref: 00157701
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/ms_device_normal.png), ref: 00157715
  • ?SetSelectedImage@COptionUI@DuiLib@@QAEXPB_W@Z.DUILIB(common/device_ico/hard_mp_device_selected.png), ref: 0015775F
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/hard_mp_device_synchro_selected.png), ref: 001577B5
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/hard_mp_device_synchro_normal.png), ref: 001577C9
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/hard_mp_device_selected.png), ref: 001577DD
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/hard_mp_device_normal.png), ref: 001577F1
  • ?SetSelectedImage@COptionUI@DuiLib@@QAEXPB_W@Z.DUILIB(common/device_ico/unknow_device_selected.png), ref: 00157B6B
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_synchro_selected.png), ref: 00157BC1
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_synchro_normal.png), ref: 00157BD5
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_selected.png), ref: 00157BE9
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_normal.png), ref: 00157BFD
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@V01@$Image@OptionSelected$Control$FindI@2@ManagerName@PaintV32@
  • String ID: common/device_ico/hard_mp_device_normal.png$common/device_ico/hard_mp_device_selected.png$common/device_ico/hard_mp_device_synchro_normal.png$common/device_ico/hard_mp_device_synchro_selected.png$common/device_ico/kb_device_normal.png$common/device_ico/kb_device_selected.png$common/device_ico/kb_device_synchro_normal.png$common/device_ico/kb_device_synchro_selected.png$common/device_ico/ms_device_normal.png$common/device_ico/ms_device_selected.png$common/device_ico/ms_device_synchro_normal.png$common/device_ico/ms_device_synchro_selected.png$common/device_ico/soft_mp_device_normal.png$common/device_ico/soft_mp_device_selected.png$common/device_ico/soft_mp_device_synchro_normal.png$common/device_ico/soft_mp_device_synchro_selected.png$common/device_ico/unknow_device_normal.png$common/device_ico/unknow_device_selected.png$common/device_ico/unknow_device_synchro_normal.png$common/device_ico/unknow_device_synchro_selected.png$device_select$hard_mp_device_name_text$kb_device_name_text$ms_device_name_text$soft_mp_device_name_text$unknow_device_name_text
  • API String ID: 1757596289-3612865239
  • Opcode ID: da7e36d5c4948ca5a843280fc216d2aa5be8edaf2c26bd42693b8e970bdd46b7
  • Instruction ID: 426cc10916b3f3f7d11f08f133e491e2f2339d4f3f39caa56b1a38b646698042
  • Opcode Fuzzy Hash: da7e36d5c4948ca5a843280fc216d2aa5be8edaf2c26bd42693b8e970bdd46b7
  • Instruction Fuzzy Hash: 21E19634604205EFD709DB94D995FECB3B2FB89300F2482ADE9569B395CB71AE41DB80
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_layout), ref: 0015FDA6
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_function_combo), ref: 0015FDC4
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,key_butt_keydefalut), ref: 0015FDE2
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,key_butt_keysave), ref: 0015FE00
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,key_butt_keycancel), ref: 0015FE1E
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,key_butt_prosave), ref: 0015FE3C
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,function_switch_tablayout), ref: 0015FE5A
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mousekey_combo), ref: 0015FE78
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mouseswing_combo), ref: 0015FE96
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mouseswing_num_edit), ref: 0015FEB4
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mouseswing_delay_edit), ref: 0015FED2
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mouseswing_speed_edit), ref: 0015FEF0
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mousewheel_combo), ref: 0015FF0E
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mousewheel_num_edit), ref: 0015FF2C
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mousewheel_delay_edit), ref: 0015FF4A
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mousewheel_speed_edit), ref: 0015FF68
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mousedpi_combo), ref: 0015FF86
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mousefire_interval_edit), ref: 0015FFA4
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_mousefire_num_edit), ref: 0015FFC2
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_keyboard_text_edit), ref: 0015FFE0
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_media_combo), ref: 0015FFFE
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_system_combo), ref: 0016001C
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_macro_combo), ref: 0016003A
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_macro_over_combo), ref: 00160058
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_macro_cycle_layout), ref: 00160076
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_macro_cycle_edit), ref: 00160094
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_gunkey_combo), ref: 001600B2
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,keyset_combokey_combo), ref: 001600D0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Control$FindI@2@Lib@@ManagerName@PaintV32@
  • String ID: function_switch_tablayout$key_butt_keycancel$key_butt_keydefalut$key_butt_keysave$key_butt_prosave$keyset_combokey_combo$keyset_function_combo$keyset_gunkey_combo$keyset_keyboard_text_edit$keyset_layout$keyset_macro_combo$keyset_macro_cycle_edit$keyset_macro_cycle_layout$keyset_macro_over_combo$keyset_media_combo$keyset_mousedpi_combo$keyset_mousefire_interval_edit$keyset_mousefire_num_edit$keyset_mousekey_combo$keyset_mouseswing_combo$keyset_mouseswing_delay_edit$keyset_mouseswing_num_edit$keyset_mouseswing_speed_edit$keyset_mousewheel_combo$keyset_mousewheel_delay_edit$keyset_mousewheel_num_edit$keyset_mousewheel_speed_edit$keyset_system_combo
  • API String ID: 1102601444-1622877907
  • Opcode ID: 7a45a6f7fb8d35d3d988c84047f72b07f95f81be95ee054080214885610066ee
  • Instruction ID: 11fcce9a5bdd850c03631fdcdd860aa45347ea90d0b1b6ded832a9017d512c8d
  • Opcode Fuzzy Hash: 7a45a6f7fb8d35d3d988c84047f72b07f95f81be95ee054080214885610066ee
  • Instruction Fuzzy Hash: 0CB14478A00104FFDB45DF94DA95EADB7F6FB48300B2842A9E9469B351DB31AE41DF80
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(ACROX,000000FF,48591883,?,003761CE,000000FF), ref: 001525DC
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(VS11K17A,000000FF,?,003761CE,000000FF), ref: 001525F5
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D3F6C,000000FF,?,003761CE,000000FF), ref: 0015260B
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D3F74,000000FF,?,003761CE,000000FF), ref: 00152621
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D3F7C,000000FF,?,003761CE,000000FF), ref: 00152637
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(ACROX,000000FF,?,003761CE,000000FF), ref: 0015266E
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(VS11K16A,000000FF,?,003761CE,000000FF), ref: 00152684
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D3FA0,000000FF,?,003761CE,000000FF), ref: 0015269A
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D3FA8,000000FF,?,003761CE,000000FF), ref: 001526B0
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D3FB0,000000FF,?,003761CE,000000FF), ref: 001526C6
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(ACROX,000000FF,?,003761CE,000000FF), ref: 001526FA
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(VS11K34A,000000FF,?,003761CE,000000FF), ref: 00152710
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(AK873,000000FF,?,003761CE,000000FF), ref: 00152726
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(AK873,000000FF,?,003761CE,000000FF), ref: 0015273C
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D3FEC,000000FF,?,003761CE,000000FF), ref: 00152752
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(ACROX,000000FF,?,003761CE,000000FF), ref: 00152786
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(ALL,000000FF,?,003761CE,000000FF), ref: 0015279C
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(AK873,000000FF,?,003761CE,000000FF), ref: 001527B2
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(AK873,000000FF,?,003761CE,000000FF), ref: 001527C8
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(V1.0.0.0,000000FF,?,003761CE,000000FF), ref: 001527DE
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$__onexit
  • String ID: $CB$49B$<:B$ACROX$ACROX$ACROX$ACROX$AK873$AK873$AK873$AK873$ALL$D;B$V1.0.0.0$VS11K16A$VS11K17A$VS11K34A$X<B$`=B$t>B$|?B$=B
  • API String ID: 2284767783-2473668537
  • Opcode ID: c551c71a58ac0b5aa2c4d33719b1ca65fff55845841927741d51892fe00fb698
  • Instruction ID: 97b4b32708b76a29d1a37e17cd409cc991fe5a61c417c5bb5c5d777bbd9fa9cf
  • Opcode Fuzzy Hash: c551c71a58ac0b5aa2c4d33719b1ca65fff55845841927741d51892fe00fb698
  • Instruction Fuzzy Hash: 0B518E7070D396EBCB128B58BC0D7987A749789735F6483DAF431663E1CBBC0A449B16
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(XML\CustomControlXML\DeviceOption.xml,000000FF,48591883,?,00376072,000000FF), ref: 0015212E
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(tab_header_device,000000FF,?,00376072,000000FF), ref: 00152147
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(device_power_switch,000000FF,?,00376072,000000FF), ref: 0015215D
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(mouse,000000FF,?,00376072,000000FF), ref: 00152173
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(XML\CustomControlXML\DeviceOption.xml,000000FF,?,00376072,000000FF), ref: 001521DC
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(tab_header_device,000000FF,?,00376072,000000FF), ref: 001521F2
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(device_power_switch,000000FF,?,00376072,000000FF), ref: 00152208
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(keyboard,000000FF,?,00376072,000000FF), ref: 0015221E
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(XML\CustomControlXML\DeviceOption.xml,000000FF,?,00376072,000000FF), ref: 00152284
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(tab_header_device,000000FF,?,00376072,000000FF), ref: 0015229A
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(device_power_switch,000000FF,?,00376072,000000FF), ref: 001522B0
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(MousePad,000000FF,?,00376072,000000FF), ref: 001522C6
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(XML\CustomControlXML\DeviceOption.xml,000000FF,?,00376072,000000FF), ref: 0015232C
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(tab_header_device,000000FF,?,00376072,000000FF), ref: 00152342
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(device_power_switch,000000FF,?,00376072,000000FF), ref: 00152358
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D3DE0,000000FF,?,00376072,000000FF), ref: 0015236E
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$__onexit
  • String ID: $4B$8.B$@/B$MousePad$XML\CustomControlXML\DeviceOption.xml$XML\CustomControlXML\DeviceOption.xml$XML\CustomControlXML\DeviceOption.xml$XML\CustomControlXML\DeviceOption.xml$device_power_switch$device_power_switch$device_power_switch$device_power_switch$h0B$keyboard$mouse$p1B$tab_header_device$tab_header_device$tab_header_device$tab_header_device$0B
  • API String ID: 2284767783-3037768626
  • Opcode ID: 676f51b33366c4ea07503b83c204da458a3c63dcd2188a08fb510bf9327b90e3
  • Instruction ID: 50de9980cc60e00f1ee67bc3a255cf92ed1143913b9d61f272935941649dfda4
  • Opcode Fuzzy Hash: 676f51b33366c4ea07503b83c204da458a3c63dcd2188a08fb510bf9327b90e3
  • Instruction Fuzzy Hash: 7F516B70709351EBD7229F54ED0C7987A74A74533AFA043AAE421273E1CBFD0B099B29
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E0015E810(intOrPtr __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _t130;
				void* _t132;
				void* _t138;
				void* _t145;
				void* _t154;
				void* _t162;
				void* _t167;
				void* _t175;
				void* _t180;
				void* _t186;
				void* _t193;
				void* _t201;
				void* _t207;
				signed int _t278;

				_v8 = __ecx;
				E0015EF70(_v8, __eflags, _a4);
				E0015EF70(_a12, __eflags, _a16);
				_a8 = E0015EEC0(_v8, __eflags, _a4, _a8);
				_a20 = E0015EEC0(_a12, __eflags, _a16, _a20);
				if((_t278 | 0xffffffff) - _a20 <=  *((intOrPtr*)(E0015EF30(_v8))) - _a8) {
					E0015F060(_v8);
				}
				_v12 =  *((intOrPtr*)(E0015EF30(_v8))) - _a8 - _a4;
				_v16 =  *((intOrPtr*)(E0015EF30(_v8))) + _a20 - _a8;
				_t130 = E0015EF30(_v8);
				_t296 =  *_t130 - _v16;
				if( *_t130 < _v16) {
					E0015F4B0(_v8, _t296, _v16, 0);
				}
				if(_a20 != _a8) {
					__eflags = _v8 - _a12;
					if(_v8 == _a12) {
						__eflags = _a20 - _a8;
						if(_a20 >= _a8) {
							__eflags = _a16 - _a4;
							if(_a16 > _a4) {
								__eflags = _a4 + _a8 - _a16;
								if(_a4 + _a8 > _a16) {
									_t132 = E0015F5B0(_v8);
									E0015EFA0(_v8, E0015F5B0(_v8) + _a4, _t132 + _a16, _a8);
									_t138 = E0015F5B0(_v8);
									E0015EFA0(_v8, E0015F5B0(_v8) + _a4 + _a20, _t138 + _a4 + _a8, _v12);
									_t145 = E0015F5B0(_v8);
									__eflags = E0015F5B0(_v8) + _a4 + _a8;
									E0015EFA0(_v8, E0015F5B0(_v8) + _a4 + _a8, _t145 + _a16 + _a20, _a20 - _a8);
								} else {
									_t154 = E0015F5B0(_v8);
									E0015EFA0(_v8, E0015F5B0(_v8) + _a4 + _a20, _t154 + _a4 + _a8, _v12);
									_t162 = E0015F5B0(_v8);
									E0015EFA0(_v8, E0015F5B0(_v8) + _a4, _t162 + _a16 + _a20 - _a8, _a20);
								}
							} else {
								_t167 = E0015F5B0(_v8);
								E0015EFA0(_v8, E0015F5B0(_v8) + _a4 + _a20, _t167 + _a4 + _a8, _v12);
								_t175 = E0015F5B0(_v8);
								E0015EFA0(_v8, E0015F5B0(_v8) + _a4, _t175 + _a16, _a20);
							}
						} else {
							_t180 = E0015F5B0(_v8);
							E0015EFA0(_v8, E0015F5B0(_v8) + _a4, _t180 + _a16, _a20);
							_t186 = E0015F5B0(_v8);
							E0015EFA0(_v8, E0015F5B0(_v8) + _a4 + _a20, _t186 + _a4 + _a8, _v12);
						}
					} else {
						_t193 = E0015F5B0(_v8);
						E0015EFA0(_v8, E0015F5B0(_v8) + _a4 + _a20, _t193 + _a4 + _a8, _v12);
						_t201 = E0015F5B0(_a12);
						E0015F7B0(_v8, E0015F5B0(_v8) + _a4, _t201 + _a16, _a20);
					}
				} else {
					_t207 = E0015F5B0(_a12);
					E0015EFA0(_v8, E0015F5B0(_v8) + _a4, _t207 + _a16, _a20);
				}
				E0015F910(_v8, _v16);
				return _v8;
			}




















0x0015e817
0x0015e821
0x0015e82d
0x0015e842
0x0015e855
0x0015e86d
0x0015e872
0x0015e872
0x0015e887
0x0015e89a
0x0015e8a0
0x0015e8a7
0x0015e8aa
0x0015e8b5
0x0015e8b5
0x0015e8c0
0x0015e8ee
0x0015e8f1
0x0015e949
0x0015e94c
0x0015e9a4
0x0015e9a7
0x0015ea02
0x0015ea05
0x0015ea66
0x0015ea7b
0x0015ea8a
0x0015eaa5
0x0015eab7
0x0015eace
0x0015ead2
0x0015ea07
0x0015ea0e
0x0015ea29
0x0015ea38
0x0015ea55
0x0015ea5a
0x0015e9a9
0x0015e9b0
0x0015e9cb
0x0015e9da
0x0015e9ef
0x0015e9f4
0x0015e94e
0x0015e955
0x0015e96a
0x0015e979
0x0015e994
0x0015e999
0x0015e8f3
0x0015e8fa
0x0015e915
0x0015e924
0x0015e939
0x0015e93e
0x0015e8c2
0x0015e8c9
0x0015e8de
0x0015e8e3
0x0015eae1
0x0015eaed

APIs
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E8C9
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E8D5
  • char_traits.LIBCPMTD ref: 0015E8DE
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E8FA
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E909
  • char_traits.LIBCPMTD ref: 0015E915
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E924
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E930
  • char_traits.LIBCPMTD ref: 0015E939
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E955
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E961
  • char_traits.LIBCPMTD ref: 0015E96A
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E979
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E988
  • char_traits.LIBCPMTD ref: 0015E994
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Base::Concurrency::details::ContextIdentityQueueWork$char_traits
  • String ID:
  • API String ID: 1941806930-0
  • Opcode ID: 757b4ab78f6024e401b0883e5e54b1f78814763c8ac3e3c7111aef1347a2a1fa
  • Instruction ID: 4b4054ab7687877ee1a7b1fde4c8290f0f2c2f2600fbec25dcf2bf97c8cc5898
  • Opcode Fuzzy Hash: 757b4ab78f6024e401b0883e5e54b1f78814763c8ac3e3c7111aef1347a2a1fa
  • Instruction Fuzzy Hash: F1A1D876D1000CEFCB08EF94D992D9E77B5AF68345B148068FD299B252EB30AF55CB90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 62%
			E0015C9E0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v44;
				char _v68;
				char _v200;
				char _v332;
				char _v464;
				char _v596;
				char _v728;
				intOrPtr _v732;
				intOrPtr _v736;
				intOrPtr _v740;
				intOrPtr _v744;
				intOrPtr _v748;
				char* _v752;
				intOrPtr _v756;
				intOrPtr _v760;
				intOrPtr _v764;
				intOrPtr _v768;
				intOrPtr _v772;
				intOrPtr _v776;
				char _v800;
				intOrPtr _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _v816;
				intOrPtr _v820;
				intOrPtr _v824;
				intOrPtr _v828;
				intOrPtr _v832;
				intOrPtr _v836;
				intOrPtr _v840;
				intOrPtr _v844;
				intOrPtr _v848;
				intOrPtr _v852;
				intOrPtr _v856;
				char _v880;
				signed int _t136;
				signed int _t137;
				intOrPtr _t139;
				void* _t146;
				void* _t153;
				char* _t161;
				void* _t168;
				void* _t172;
				intOrPtr _t173;
				void* _t178;
				void* _t182;
				void* _t186;
				void* _t191;
				void* _t198;
				void* _t299;
				void* _t300;
				signed int _t301;
				void* _t302;
				void* _t303;
				intOrPtr _t304;
				intOrPtr _t305;
				intOrPtr _t307;
				intOrPtr _t308;
				intOrPtr _t309;
				void* _t314;

				_t314 = __fp0;
				_t300 = __esi;
				_t299 = __edi;
				_t198 = __ebx;
				_push(0xffffffff);
				_push(0x37179e);
				_push( *[fs:0x0]);
				_t303 = _t302 - 0x360;
				_t136 =  *0x414f64; // 0x48591883
				_t137 = _t136 ^ _t301;
				_v20 = _t137;
				_push(_t137);
				 *[fs:0x0] =  &_v16;
				_v732 = __ecx;
				_t139 = _v732;
				if( *((intOrPtr*)(_t139 + 0xab8)) == 0) {
					__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v732, L"device_profile_combo");
					 *((intOrPtr*)(_v732 + 0xab8)) = _t139;
				}
				if( *((intOrPtr*)(_v732 + 0xab8)) != 0) {
					__imp__??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z();
					_v8 = 0;
					_t304 = _t303 - 0x18;
					_v852 = _t304;
					_v848 = E0019E920(_t198, _v732 + 0xa98, _t299, _t300, __eflags, _t304,  &_v332);
					E00207520(_v732 + 0xa80,  &_v332);
					_t146 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v732 + 0xab8)) + 0x840)) + 8))))();
					E00208830(_v732 + 0xa80, "profilelist");
					L00207760(_t198, E00208830(E00208290(_t198, _t299, _t300, _t146), "profileUUID"), _t299, _t300, _t314,  &_v44);
					_v8 = 1;
					_t153 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v732 + 0xab8)) + 0x840)) + 8))))();
					E00208830(_v732 + 0xa80, "profilelist");
					L00207760(_t198, E00208830(E00208290(_t198, _t299, _t300, _t153), "profilename"), _t299, _t300, _t314,  &_v68);
					_v8 = 2;
					__imp__??0CDuiString@DuiLib@@QAE@XZ();
					_v8 = 3;
					_t305 = _t304 - 0x18;
					_v844 = _t305;
					_v840 = E0015F670(_t305,  &_v44);
					_v736 = E00198100(__eflags,  &_v728, L"ProfileList.ini");
					_v740 = _v736;
					_v8 = 4;
					__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z(_v740);
					_v8 = 3;
					__imp__??1CDuiString@DuiLib@@QAE@XZ();
					_t161 =  &_v200;
					__imp__??HCDuiString@DuiLib@@QBE?AV01@ABV01@@Z( &_v464, _t161);
					_v744 = _t161;
					_v748 = _v744;
					_v8 = 5;
					__imp__??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z(L".Json");
					_v752 =  &_v596;
					_v756 = _v752;
					_v8 = 6;
					__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
					_v8 = 5;
					__imp__??1CDuiString@DuiLib@@QAE@XZ();
					_v8 = 3;
					__imp__??1CDuiString@DuiLib@@QAE@XZ();
					E0019E920(_t198, _v732 + 0xa98, _t299, _t300, __eflags,  &_v800, _v732 + 0x974);
					_v8 = 7;
					_t307 = _t305 + 0x1c - 0x18;
					_v836 = _t307;
					_v760 = E00207140(_t307, _t300,  &_v68);
					_v856 = _v760;
					_v8 = 8;
					_t168 = E00208830( &_v800, "profilename");
					_v8 = 7;
					E00207520(_t168, _v756);
					_t308 = _t307 - 0x18;
					_v804 = _t308;
					_v764 = E00207140(_t308, _t300,  &_v44);
					_v808 = _v764;
					_v8 = 9;
					_t172 = E00208830( &_v800, "profileUUID");
					_v8 = 7;
					_t173 = E00207520(_t172,  &_v596);
					_v768 =  *((intOrPtr*)(_v732 + 0x868));
					__eflags = _v768 - 7;
					if(_v768 == 7) {
						__eflags = _v732 + 0xa98;
						E0019E920(_t198, _v732 + 0xa98, _t299, _t300, _v732 + 0xa98,  &_v880,  &_v200);
						_v8 = 0xa;
						E00208830( &_v880, "Device");
						_t178 = E00208830(E00208290(_t198, _t299, _t300, 0), "CustomEQNameInfo");
						_t309 = _t308 - 0x18;
						_v812 = _t309;
						_v772 = E00207200(_t178);
						_v816 = _v772;
						_v8 = 0xb;
						E00208830( &_v800, "Device");
						_t182 = E00208830(E00208290(_t198, _t299, _t300, 0), "CustomEQNameInfo");
						_v8 = 0xa;
						E00207520(_t182);
						E00208830( &_v880, "Device");
						_t186 = E00208830(E00208290(_t198, _t299, _t300, 0), "CustomEQHzValueInfo");
						_t308 = _t309 - 0x18;
						_v820 = _t308;
						_v776 = E00207200(_t186);
						_v824 = _v776;
						_v8 = 0xc;
						E00208830( &_v800, "Device");
						_t191 = E00208830(E00208290(_t198, _t299, _t300, 0), "CustomEQHzValueInfo");
						_v8 = 0xa;
						E00207520(_t191);
						_v8 = 7;
						_t173 = E002073E0( &_v880);
					}
					_v828 = _t308 - 0x84;
					__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z( &_v200,  &_v800);
					_v832 = _t173;
					__eflags = _v732 + 0xa98;
					L0019E820(_t198, _v732 + 0xa98, _t299, _t300, _v732 + 0xa98);
					_v8 = 3;
					E002073E0( &_v800);
					_v8 = 2;
					__imp__??1CDuiString@DuiLib@@QAE@XZ();
					_v8 = 1;
					E0015FA10();
					_v8 = 0;
					E0015FA10();
					_v8 = 0xffffffff;
					__imp__??1CDuiString@DuiLib@@QAE@XZ();
				}
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t301);
			}


































































0x0015c9e0
0x0015c9e0
0x0015c9e0
0x0015c9e0
0x0015c9e3
0x0015c9e5
0x0015c9f0
0x0015c9f1
0x0015c9f7
0x0015c9fc
0x0015c9fe
0x0015ca01
0x0015ca05
0x0015ca0b
0x0015ca11
0x0015ca1e
0x0015ca35
0x0015ca41
0x0015ca41
0x0015ca54
0x0015ca73
0x0015ca79
0x0015ca80
0x0015ca85
0x0015caa4
0x0015cab6
0x0015caeb
0x0015caff
0x0015cb14
0x0015cb19
0x0015cb4d
0x0015cb61
0x0015cb76
0x0015cb7b
0x0015cb85
0x0015cb8b
0x0015cb8f
0x0015cb94
0x0015cba3
0x0015cbb8
0x0015cbc4
0x0015cbca
0x0015cbdb
0x0015cbe1
0x0015cbeb
0x0015cbf1
0x0015cc0b
0x0015cc11
0x0015cc1d
0x0015cc23
0x0015cc39
0x0015cc3f
0x0015cc4b
0x0015cc51
0x0015cc62
0x0015cc68
0x0015cc72
0x0015cc78
0x0015cc82
0x0015cca7
0x0015ccac
0x0015ccb0
0x0015ccb5
0x0015ccc4
0x0015ccd0
0x0015ccd6
0x0015cce5
0x0015ccea
0x0015ccf0
0x0015ccf5
0x0015ccfa
0x0015cd09
0x0015cd15
0x0015cd1b
0x0015cd2a
0x0015cd2f
0x0015cd35
0x0015cd46
0x0015cd4c
0x0015cd53
0x0015cd6e
0x0015cd74
0x0015cd79
0x0015cd8f
0x0015cd9d
0x0015cda2
0x0015cda7
0x0015cdb3
0x0015cdbf
0x0015cdc5
0x0015cddb
0x0015cde9
0x0015cdee
0x0015cdf4
0x0015ce0b
0x0015ce19
0x0015ce1e
0x0015ce23
0x0015ce2f
0x0015ce3b
0x0015ce41
0x0015ce57
0x0015ce65
0x0015ce6a
0x0015ce70
0x0015ce75
0x0015ce7f
0x0015ce7f
0x0015ce93
0x0015cea0
0x0015cea6
0x0015ceb2
0x0015ceb8
0x0015cebd
0x0015cec7
0x0015cecc
0x0015ced6
0x0015cedc
0x0015cee3
0x0015cee8
0x0015ceef
0x0015cef4
0x0015cf01
0x0015cf01
0x0015cf0a
0x0015cf1f

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_profile_combo), ref: 0015CA35
  • ??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z.DUILIB(?,ProfileList.ini), ref: 0015CA73
    • Part of subcall function 0019E920: ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(00158AFA), ref: 0019E9A1
    • Part of subcall function 0019E920: ?GetData@CDuiString@DuiLib@@QBEPB_WXZ.DUILIB(?), ref: 0019E9D8
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB(profilelist,00000000,?,?,?,?,?,?,?,48591883), ref: 0015CB85
    • Part of subcall function 00198100: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0019814E
    • Part of subcall function 00198100: _DebugHeapAllocator.LIBCPMTD ref: 00198186
    • Part of subcall function 00198100: ??0CDuiString@DuiLib@@QAE@XZ.DUILIB(?,?,48591883), ref: 001981A0
    • Part of subcall function 00198100: ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(00000000,?,48591883), ref: 001981BC
    • Part of subcall function 00198100: ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?,?,48591883), ref: 001981CC
    • Part of subcall function 00198100: ??1CDuiString@DuiLib@@QAE@XZ.DUILIB(?,48591883), ref: 001981EB
  • ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z.DUILIB(?), ref: 0015CBDB
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015CBEB
  • ??HCDuiString@DuiLib@@QBE?AV01@ABV01@@Z.DUILIB(?,?), ref: 0015CC0B
  • ??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z.DUILIB(?,.Json), ref: 0015CC39
  • ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z.DUILIB(?), ref: 0015CC62
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015CC72
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015CC82
    • Part of subcall function 00207140: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00207190
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?), ref: 0015CEA0
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015CED6
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015CF01
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$V01@V01@@$Control$AllocatorBase::Concurrency::details::Container_base12Container_base12::~_ContextData@DebugFindHeapI@2@IdentityManagerName@PaintQueueV32@Workstd::_
  • String ID: .Json$CustomEQHzValueInfo$CustomEQHzValueInfo$CustomEQNameInfo$CustomEQNameInfo$Device$Device$Device$Device$ProfileList.ini$device_profile_combo$profileUUID$profileUUID$profilelist$profilelist$profilename$profilename
  • API String ID: 4119391704-236367980
  • Opcode ID: e7b713f7bbdd271786ba86fedb52dc7042c1e8f3a199ceeb25c519e1d6568be4
  • Instruction ID: fadabd129af7142e5d63ac08dfb7741ca55676181587a3d7bbf53c13bd7dbe1c
  • Opcode Fuzzy Hash: e7b713f7bbdd271786ba86fedb52dc7042c1e8f3a199ceeb25c519e1d6568be4
  • Instruction Fuzzy Hash: EFE14930E103589BCB15EB64CC59BEEBBB4AB45304F4481E9E50AA7292DF342F84CF91
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 68%
			E00164C00(intOrPtr* __ecx, signed int _a4) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr* _v32;
				intOrPtr* _v36;
				intOrPtr* _v40;
				intOrPtr* _v44;
				intOrPtr* _v48;
				signed int _v52;
				intOrPtr* _v56;
				intOrPtr* _v60;
				intOrPtr* _v64;
				intOrPtr* _v68;
				intOrPtr* _t611;
				intOrPtr* _t612;
				intOrPtr* _t613;
				intOrPtr* _t614;
				intOrPtr* _t615;
				intOrPtr* _t616;
				intOrPtr* _t617;
				intOrPtr* _t618;
				intOrPtr* _t619;

				_v36 = __ecx;
				_t611 = _v36;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t611, L"deng_7color_check");
				_v16 = _t611;
				_t612 = _v36;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v36, L"lighteffect_layout");
				_v12 = _t612;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v36, L"deng_color_layout");
				_v20 = _t612;
				_t613 = _v36;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t613, L"colorpallet_layout");
				_v24 = _t613;
				_t614 = _v36;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v36, L"deng_light_layout");
				_v28 = _t614;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v36, L"deng_speed_layout");
				_v8 = _t614;
				_t615 = _v36;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t615, L"deng_fx_layout");
				_v32 = _t615;
				_t616 = _v36;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v36, L"lightcustom_layout");
				_v56 = _t616;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v36, L"light_combo_ZZCCmodeSelectLayout");
				_v60 = _t616;
				_t617 = _v36;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t617, L"light_color_layout");
				_v40 = _t617;
				_t618 = _v36;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v36, L"light_combo_AudiomodeSelectLayout");
				_v64 = _t618;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v36, L"light_color_tablayout");
				_v68 = _t618;
				_t619 = _v36;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t619, L"deng_FXL_check");
				_v44 = _t619;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v36, L"deng_FXR_check");
				_v48 = _v36;
				 *((intOrPtr*)( *((intOrPtr*)( *_v56 + 0x118))))(0);
				E00164A90(_v36, 0);
				 *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x124))))(1);
				 *((intOrPtr*)( *((intOrPtr*)( *_v8 + 0x118))))(1);
				 *((intOrPtr*)( *((intOrPtr*)( *_v60 + 0x118))))(0);
				 *((intOrPtr*)( *((intOrPtr*)( *_v40 + 0x124))))(1);
				 *((intOrPtr*)( *((intOrPtr*)( *_v44 + 0x2c))))(L"light_set_right_to_left_text");
				 *((intOrPtr*)( *((intOrPtr*)( *_v48 + 0x2c))))(L"light_set_left_to_right_text");
				 *((intOrPtr*)( *((intOrPtr*)( *_v64 + 0x118))))(0);
				 *((intOrPtr*)( *((intOrPtr*)( *_v68 + 0x230))))(0);
				_v52 = _a4;
				_v52 = _v52 - 1;
				if(_v52 > 0x1d) {
					L23:
					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x124))))(1);
					 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x124))))(0);
					return  *((intOrPtr*)( *((intOrPtr*)( *_v8 + 0x124))))(0);
				}
				switch( *((intOrPtr*)(_v52 * 4 +  &M00165AC4))) {
					case 0:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 1:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 2:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(L"light_set_clockwise_text");
						__ecx = _v44;
						__edx =  *_v44;
						__ecx = _v44;
						 *((intOrPtr*)(__edx + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x2c))))();
						_push(L"light_set_anticlockwise_text");
						__ecx = _v48;
						__edx =  *_v48;
						__ecx = _v48;
						 *((intOrPtr*)(__edx + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x2c))))();
						return  *((intOrPtr*)(__edx + 0x2c));
					case 3:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v40;
						__edx =  *_v40;
						__ecx = _v40;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v36;
						return E00164A90(_v36, 0);
					case 4:
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x124))))();
						_push(0);
						 *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v8 + 0x124))))();
						return E00164A90(_v36, 0);
					case 5:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v36;
						return E00164A90(_v36, 1);
					case 6:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 7:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 8:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 9:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v40;
						__edx =  *_v40;
						__ecx = _v40;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(L"light_set_down_to_up_text");
						__ecx = _v44;
						__edx =  *_v44;
						__ecx = _v44;
						 *((intOrPtr*)(__edx + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x2c))))();
						_push(L"light_set_up_to_down_text");
						__ecx = _v48;
						__edx =  *_v48;
						__ecx = _v48;
						 *((intOrPtr*)(__edx + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x2c))))();
						return  *((intOrPtr*)(__edx + 0x2c));
					case 0xa:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 0xb:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x118)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x118))))();
						_push(1);
						__ecx = _v60;
						__edx =  *_v60;
						__ecx = _v60;
						 *((intOrPtr*)(__edx + 0x118)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x118))))();
						_push(0);
						__ecx = _v40;
						__edx =  *_v40;
						__ecx = _v40;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 0xc:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v40;
						__edx =  *_v40;
						__ecx = _v40;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(L"light_set_outside_to_inside_text");
						__ecx = _v44;
						__edx =  *_v44;
						__ecx = _v44;
						 *((intOrPtr*)(__edx + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x2c))))();
						_push(L"light_set_inside_to_outside_text");
						__ecx = _v48;
						__edx =  *_v48;
						__ecx = _v48;
						 *((intOrPtr*)(__edx + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x2c))))();
						return  *((intOrPtr*)(__edx + 0x2c));
					case 0xd:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v56;
						__edx =  *_v56;
						__ecx = _v56;
						 *((intOrPtr*)(__edx + 0x118)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x118))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x118)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x118))))();
						return  *((intOrPtr*)(__edx + 0x118));
					case 0xe:
						goto L23;
					case 0xf:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(L"light_set_up_to_down_text");
						__ecx = _v44;
						__edx =  *_v44;
						__ecx = _v44;
						 *((intOrPtr*)(__edx + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x2c))))();
						_push(L"light_set_down_to_up_text");
						__ecx = _v48;
						__edx =  *_v48;
						__ecx = _v48;
						 *((intOrPtr*)(__edx + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x2c))))();
						return  *((intOrPtr*)(__edx + 0x2c));
					case 0x10:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(L"light_set_clockwise_text");
						__ecx = _v44;
						__edx =  *_v44;
						__ecx = _v44;
						 *((intOrPtr*)(__edx + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x2c))))();
						_push(L"light_set_anticlockwise_text");
						__ecx = _v48;
						__edx =  *_v48;
						__ecx = _v48;
						 *((intOrPtr*)(__edx + 0x2c)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x2c))))();
						return  *((intOrPtr*)(__edx + 0x2c));
					case 0x11:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v40;
						__edx =  *_v40;
						__ecx = _v40;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 0x12:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 0x13:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v36;
						return E00164A90(_v36, 1);
					case 0x14:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x118)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x118))))();
						_push(1);
						__ecx = _v64;
						__edx =  *_v64;
						__ecx = _v64;
						 *((intOrPtr*)(__edx + 0x118)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x118))))();
						_push(1);
						__ecx = _v68;
						__edx =  *_v68;
						__ecx = _v68;
						 *((intOrPtr*)(__edx + 0x230)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x230))))();
						return  *((intOrPtr*)(__edx + 0x230));
					case 0x15:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v8;
						__edx =  *_v8;
						__ecx = _v8;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v40;
						__edx =  *_v40;
						__ecx = _v40;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
				}
			}




























0x00164c06
0x00164c0e
0x00164c18
0x00164c1e
0x00164c2a
0x00164c30
0x00164c36
0x00164c48
0x00164c4e
0x00164c56
0x00164c60
0x00164c66
0x00164c72
0x00164c78
0x00164c7e
0x00164c90
0x00164c96
0x00164c9e
0x00164ca8
0x00164cae
0x00164cba
0x00164cc0
0x00164cc6
0x00164cd8
0x00164cde
0x00164ce6
0x00164cf0
0x00164cf6
0x00164d02
0x00164d08
0x00164d0e
0x00164d20
0x00164d26
0x00164d2e
0x00164d38
0x00164d3e
0x00164d50
0x00164d56
0x00164d69
0x00164d70
0x00164d85
0x00164d97
0x00164da9
0x00164dbb
0x00164dcd
0x00164ddf
0x00164df1
0x00164e03
0x00164e08
0x00164e11
0x00164e18
0x00165a3e
0x00165a4e
0x00165a60
0x00165a72
0x00165a84
0x00165a96
0x00165aa8
0x00000000
0x00165aba
0x00164e21
0x00000000
0x001651e3
0x001651e5
0x001651e8
0x001651ea
0x001651f3
0x001651f5
0x001651f7
0x001651fa
0x001651fc
0x00165205
0x00165207
0x00165209
0x0016520c
0x0016520e
0x00165217
0x00165219
0x0016521b
0x0016521e
0x00165220
0x00165229
0x0016522b
0x0016522d
0x00165230
0x00165232
0x0016523b
0x0016523d
0x0016523f
0x00165242
0x00165244
0x0016524d
0x00000000
0x00000000
0x001657db
0x001657dd
0x001657e0
0x001657e2
0x001657eb
0x001657ed
0x001657ef
0x001657f2
0x001657f4
0x001657fd
0x001657ff
0x00165801
0x00165804
0x00165806
0x0016580f
0x00165811
0x00165813
0x00165816
0x00165818
0x00165821
0x00165823
0x00165825
0x00165828
0x0016582a
0x00165833
0x00165835
0x00165837
0x0016583a
0x0016583c
0x00165845
0x00000000
0x00000000
0x00165551
0x00165553
0x00165556
0x00165558
0x00165561
0x00165563
0x00165565
0x00165568
0x0016556a
0x00165573
0x00165575
0x00165577
0x0016557a
0x0016557c
0x00165585
0x00165587
0x00165589
0x0016558c
0x0016558e
0x00165597
0x00165599
0x0016559b
0x0016559e
0x001655a0
0x001655a9
0x001655ab
0x001655ad
0x001655b0
0x001655b2
0x001655bb
0x001655bd
0x001655c2
0x001655c5
0x001655c7
0x001655cd
0x001655cf
0x001655d4
0x001655d7
0x001655d9
0x001655df
0x00000000
0x00000000
0x0016530d
0x0016530f
0x00165312
0x00165314
0x0016531d
0x0016531f
0x00165321
0x00165324
0x00165326
0x0016532f
0x00165331
0x00165333
0x00165336
0x00165338
0x00165341
0x00165343
0x00165345
0x00165348
0x0016534a
0x00165353
0x00165355
0x00165357
0x0016535a
0x0016535c
0x00165365
0x00165367
0x00165369
0x0016536c
0x0016536e
0x00165377
0x00165379
0x0016537b
0x0016537e
0x00165380
0x00165389
0x0016538b
0x0016538d
0x00165390
0x00165392
0x0016539b
0x0016539f
0x00000000
0x00000000
0x00164e28
0x00164e38
0x00164e3a
0x00164e4a
0x00164e4c
0x00164e5c
0x00164e5e
0x00164e6e
0x00164e70
0x00164e80
0x00164e82
0x00164e92
0x00164e94
0x00164ea4
0x00000000
0x00000000
0x00164eb5
0x00164eb7
0x00164eba
0x00164ebc
0x00164ec5
0x00164ec7
0x00164ec9
0x00164ecc
0x00164ece
0x00164ed7
0x00164ed9
0x00164edb
0x00164ede
0x00164ee0
0x00164ee9
0x00164eeb
0x00164eed
0x00164ef0
0x00164ef2
0x00164efb
0x00164efd
0x00164eff
0x00164f02
0x00164f04
0x00164f0d
0x00164f0f
0x00164f11
0x00164f14
0x00164f16
0x00164f1f
0x00164f21
0x00164f23
0x00164f26
0x00164f28
0x00164f31
0x00164f35
0x00000000
0x00000000
0x00164f42
0x00164f44
0x00164f47
0x00164f49
0x00164f52
0x00164f54
0x00164f56
0x00164f59
0x00164f5b
0x00164f64
0x00164f66
0x00164f68
0x00164f6b
0x00164f6d
0x00164f76
0x00164f78
0x00164f7a
0x00164f7d
0x00164f7f
0x00164f88
0x00164f8a
0x00164f8c
0x00164f8f
0x00164f91
0x00164f9a
0x00164f9c
0x00164f9e
0x00164fa1
0x00164fa3
0x00164fac
0x00164fae
0x00164fb0
0x00164fb3
0x00164fb5
0x00164fbe
0x00000000
0x00000000
0x00165048
0x0016504a
0x0016504d
0x0016504f
0x00165058
0x0016505a
0x0016505c
0x0016505f
0x00165061
0x0016506a
0x0016506c
0x0016506e
0x00165071
0x00165073
0x0016507c
0x0016507e
0x00165080
0x00165083
0x00165085
0x0016508e
0x00165090
0x00165092
0x00165095
0x00165097
0x001650a0
0x001650a2
0x001650a4
0x001650a7
0x001650a9
0x001650b2
0x001650b4
0x001650b6
0x001650b9
0x001650bb
0x001650c4
0x00000000
0x00000000
0x00164fc5
0x00164fc7
0x00164fca
0x00164fcc
0x00164fd5
0x00164fd7
0x00164fd9
0x00164fdc
0x00164fde
0x00164fe7
0x00164fe9
0x00164feb
0x00164fee
0x00164ff0
0x00164ff9
0x00164ffb
0x00164ffd
0x00165000
0x00165002
0x0016500b
0x0016500d
0x0016500f
0x00165012
0x00165014
0x0016501d
0x0016501f
0x00165021
0x00165024
0x00165026
0x0016502f
0x00165031
0x00165033
0x00165036
0x00165038
0x00165041
0x00000000
0x00000000
0x00165254
0x00165256
0x00165259
0x0016525b
0x00165264
0x00165266
0x00165268
0x0016526b
0x0016526d
0x00165276
0x00165278
0x0016527a
0x0016527d
0x0016527f
0x00165288
0x0016528a
0x0016528c
0x0016528f
0x00165291
0x0016529a
0x0016529c
0x0016529e
0x001652a1
0x001652a3
0x001652ac
0x001652ae
0x001652b0
0x001652b3
0x001652b5
0x001652be
0x001652c0
0x001652c2
0x001652c5
0x001652c7
0x001652d0
0x001652d2
0x001652d4
0x001652d7
0x001652d9
0x001652e2
0x001652e4
0x001652e9
0x001652ec
0x001652ee
0x001652f4
0x001652f6
0x001652fb
0x001652fe
0x00165300
0x00165306
0x00000000
0x00000000
0x001650cb
0x001650cd
0x001650d0
0x001650d2
0x001650db
0x001650dd
0x001650df
0x001650e2
0x001650e4
0x001650ed
0x001650ef
0x001650f1
0x001650f4
0x001650f6
0x001650ff
0x00165101
0x00165103
0x00165106
0x00165108
0x00165111
0x00165113
0x00165115
0x00165118
0x0016511a
0x00165123
0x00165125
0x00165127
0x0016512a
0x0016512c
0x00165135
0x00165137
0x00165139
0x0016513c
0x0016513e
0x00165147
0x00000000
0x00000000
0x0016584c
0x0016584e
0x00165851
0x00165853
0x0016585c
0x0016585e
0x00165860
0x00165863
0x00165865
0x0016586e
0x00165870
0x00165872
0x00165875
0x00165877
0x00165880
0x00165882
0x00165884
0x00165887
0x00165889
0x00165892
0x00165894
0x00165896
0x00165899
0x0016589b
0x001658a4
0x001658a6
0x001658a8
0x001658ab
0x001658ad
0x001658b6
0x001658b8
0x001658ba
0x001658bd
0x001658bf
0x001658c8
0x001658ca
0x001658cc
0x001658cf
0x001658d1
0x001658da
0x001658dc
0x001658de
0x001658e1
0x001658e3
0x001658ec
0x001658ee
0x001658f0
0x001658f3
0x001658f5
0x001658fe
0x00000000
0x00000000
0x00165722
0x00165724
0x00165727
0x00165729
0x00165732
0x00165734
0x00165736
0x00165739
0x0016573b
0x00165744
0x00165746
0x00165748
0x0016574b
0x0016574d
0x00165756
0x00165758
0x0016575a
0x0016575d
0x0016575f
0x00165768
0x0016576a
0x0016576c
0x0016576f
0x00165771
0x0016577a
0x0016577c
0x0016577e
0x00165781
0x00165783
0x0016578c
0x0016578e
0x00165790
0x00165793
0x00165795
0x0016579e
0x001657a0
0x001657a2
0x001657a5
0x001657a7
0x001657b0
0x001657b2
0x001657b7
0x001657ba
0x001657bc
0x001657c2
0x001657c4
0x001657c9
0x001657cc
0x001657ce
0x001657d4
0x00000000
0x00000000
0x001655e6
0x001655e8
0x001655eb
0x001655ed
0x001655f6
0x001655f8
0x001655fa
0x001655fd
0x001655ff
0x00165608
0x0016560a
0x0016560c
0x0016560f
0x00165611
0x0016561a
0x0016561c
0x0016561e
0x00165621
0x00165623
0x0016562c
0x0016562e
0x00165630
0x00165633
0x00165635
0x0016563e
0x00165640
0x00165642
0x00165645
0x00165647
0x00165650
0x00165652
0x00165654
0x00165657
0x00165659
0x00165662
0x00165664
0x00165666
0x00165669
0x0016566b
0x00165674
0x00165676
0x00165678
0x0016567b
0x0016567d
0x00165686
0x00000000
0x00000000
0x00000000
0x00000000
0x0016568d
0x0016568f
0x00165692
0x00165694
0x0016569d
0x0016569f
0x001656a1
0x001656a4
0x001656a6
0x001656af
0x001656b1
0x001656b3
0x001656b6
0x001656b8
0x001656c1
0x001656c3
0x001656c5
0x001656c8
0x001656ca
0x001656d3
0x001656d5
0x001656d7
0x001656da
0x001656dc
0x001656e5
0x001656e7
0x001656e9
0x001656ec
0x001656ee
0x001656f7
0x001656f9
0x001656fe
0x00165701
0x00165703
0x00165709
0x0016570b
0x00165710
0x00165713
0x00165715
0x0016571b
0x00000000
0x00000000
0x0016514e
0x00165150
0x00165153
0x00165155
0x0016515e
0x00165160
0x00165162
0x00165165
0x00165167
0x00165170
0x00165172
0x00165174
0x00165177
0x00165179
0x00165182
0x00165184
0x00165186
0x00165189
0x0016518b
0x00165194
0x00165196
0x00165198
0x0016519b
0x0016519d
0x001651a6
0x001651a8
0x001651aa
0x001651ad
0x001651af
0x001651b8
0x001651ba
0x001651bf
0x001651c2
0x001651c4
0x001651ca
0x001651cc
0x001651d1
0x001651d4
0x001651d6
0x001651dc
0x00000000
0x00000000
0x001653ac
0x001653ae
0x001653b1
0x001653b3
0x001653bc
0x001653be
0x001653c0
0x001653c3
0x001653c5
0x001653ce
0x001653d0
0x001653d2
0x001653d5
0x001653d7
0x001653e0
0x001653e2
0x001653e4
0x001653e7
0x001653e9
0x001653f2
0x001653f4
0x001653f6
0x001653f9
0x001653fb
0x00165404
0x00165406
0x00165408
0x0016540b
0x0016540d
0x00165416
0x00165418
0x0016541a
0x0016541d
0x0016541f
0x00165428
0x0016542a
0x0016542c
0x0016542f
0x00165431
0x0016543a
0x00000000
0x00000000
0x00165441
0x00165443
0x00165446
0x00165448
0x00165451
0x00165453
0x00165455
0x00165458
0x0016545a
0x00165463
0x00165465
0x00165467
0x0016546a
0x0016546c
0x00165475
0x00165477
0x00165479
0x0016547c
0x0016547e
0x00165487
0x00165489
0x0016548b
0x0016548e
0x00165490
0x00165499
0x0016549b
0x0016549d
0x001654a0
0x001654a2
0x001654ab
0x001654ad
0x001654af
0x001654b2
0x001654b4
0x001654bd
0x00000000
0x00000000
0x001654c4
0x001654c6
0x001654c9
0x001654cb
0x001654d4
0x001654d6
0x001654d8
0x001654db
0x001654dd
0x001654e6
0x001654e8
0x001654ea
0x001654ed
0x001654ef
0x001654f8
0x001654fa
0x001654fc
0x001654ff
0x00165501
0x0016550a
0x0016550c
0x0016550e
0x00165511
0x00165513
0x0016551c
0x0016551e
0x00165520
0x00165523
0x00165525
0x0016552e
0x00165530
0x00165532
0x00165535
0x00165537
0x00165540
0x00165544
0x00000000
0x00000000
0x00165905
0x00165907
0x0016590a
0x0016590c
0x00165915
0x00165917
0x00165919
0x0016591c
0x0016591e
0x00165927
0x00165929
0x0016592b
0x0016592e
0x00165930
0x00165939
0x0016593b
0x0016593d
0x00165940
0x00165942
0x0016594b
0x0016594d
0x0016594f
0x00165952
0x00165954
0x0016595d
0x0016595f
0x00165961
0x00165964
0x00165966
0x0016596f
0x00165971
0x00165973
0x00165976
0x00165978
0x00165981
0x00165983
0x00165985
0x00165988
0x0016598a
0x00165993
0x00165995
0x00165997
0x0016599a
0x0016599c
0x001659a5
0x00000000
0x00000000
0x001659ac
0x001659ae
0x001659b1
0x001659b3
0x001659bc
0x001659be
0x001659c0
0x001659c3
0x001659c5
0x001659ce
0x001659d0
0x001659d2
0x001659d5
0x001659d7
0x001659e0
0x001659e2
0x001659e4
0x001659e7
0x001659e9
0x001659f2
0x001659f4
0x001659f6
0x001659f9
0x001659fb
0x00165a04
0x00165a06
0x00165a08
0x00165a0b
0x00165a0d
0x00165a16
0x00165a18
0x00165a1a
0x00165a1d
0x00165a1f
0x00165a28
0x00165a2a
0x00165a2c
0x00165a2f
0x00165a31
0x00165a3a
0x00000000
0x00000000

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_7color_check), ref: 00164C18
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,lighteffect_layout), ref: 00164C30
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_color_layout), ref: 00164C48
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,colorpallet_layout), ref: 00164C60
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_light_layout), ref: 00164C78
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_speed_layout), ref: 00164C90
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_fx_layout), ref: 00164CA8
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,lightcustom_layout), ref: 00164CC0
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,light_combo_ZZCCmodeSelectLayout), ref: 00164CD8
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,light_color_layout), ref: 00164CF0
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,light_combo_AudiomodeSelectLayout), ref: 00164D08
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,light_color_tablayout), ref: 00164D20
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_FXL_check), ref: 00164D38
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_FXR_check), ref: 00164D50
    • Part of subcall function 00164A90: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(00164D75,deng_same_mode), ref: 00164AB4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Control$FindI@2@Lib@@ManagerName@PaintV32@
  • String ID: colorpallet_layout$deng_7color_check$deng_FXL_check$deng_FXR_check$deng_color_layout$deng_fx_layout$deng_light_layout$deng_speed_layout$light_color_layout$light_color_tablayout$light_combo_AudiomodeSelectLayout$light_combo_ZZCCmodeSelectLayout$light_set_left_to_right_text$light_set_right_to_left_text$lightcustom_layout$lighteffect_layout
  • API String ID: 1102601444-2361324157
  • Opcode ID: 38b0f2e0a8e3177d3e0dd7ea641cb386aa7ed180dc3b8f4c2732c3cc38e29f36
  • Instruction ID: 02c52a2e62032d2d0b73521e605a956fe66629812381220160ab7c58bd1fe452
  • Opcode Fuzzy Hash: 38b0f2e0a8e3177d3e0dd7ea641cb386aa7ed180dc3b8f4c2732c3cc38e29f36
  • Instruction Fuzzy Hash: DEA18374A40218EFDB08DB94DD95EEDB7B2FB88700F144259E902AB3A1CA71AD41CF90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 22%
			E00160600(signed int __ecx, intOrPtr* _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v152;
				char _v284;
				char _v416;
				char _v548;
				char _v680;
				char _v812;
				char _v944;
				char _v1076;
				char _v1208;
				char _v1340;
				char _v1472;
				char _v1604;
				char _v1736;
				char _v1868;
				char _v2000;
				char _v2132;
				char _v2264;
				signed int _v2268;
				signed int _v2269;
				char _v2270;
				signed int _v2272;
				signed int _v2276;
				signed int _v2280;
				signed int _v2284;
				signed int _v2288;
				signed int _v2292;
				signed int _v2296;
				signed int _v2300;
				signed int _v2304;
				signed int _v2308;
				signed int _v2312;
				intOrPtr _v2316;
				signed int _v2320;
				intOrPtr* _v2324;
				signed int _v2328;
				intOrPtr _v2332;
				intOrPtr _v2336;
				intOrPtr _v2340;
				signed int _v2344;
				signed int _v2348;
				signed int _v2352;
				signed int _v2356;
				signed int _v2360;
				signed int _v2364;
				signed int _v2368;
				signed int _v2372;
				signed int _v2376;
				signed int _v2380;
				signed int _v2384;
				signed int _v2388;
				signed int _v2392;
				signed int _v2396;
				signed int _v2400;
				signed int _v2404;
				signed int _v2408;
				signed int _v2412;
				signed int _v2416;
				signed int _v2420;
				signed int _v2424;
				signed int _v2428;
				signed int _v2432;
				signed int _v2436;
				signed int _v2440;
				signed int _t370;
				signed int _t371;
				intOrPtr* _t385;
				intOrPtr* _t387;
				intOrPtr* _t389;
				intOrPtr* _t409;
				signed int _t427;

				_t370 =  *0x414f64; // 0x48591883
				_t371 = _t370 ^ _t427;
				_v20 = _t371;
				 *[fs:0x0] =  &_v16;
				_v2276 = __ecx;
				_v2320 = 0xffffffff;
				_v2320 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v2276 + 0x86c)) + 0x840)) + 8))))(_t371,  *[fs:0x0], 0x371aec, 0xffffffff);
				_v2324 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v2276 + 0x86c)) + 0x6f0))))))(_v2320);
				__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z( *((intOrPtr*)( *((intOrPtr*)( *_v2324 + 0x104))))());
				_v8 = 0;
				__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
				_v2440 = E0034D449( &_v680, _t382);
				_v2344 = _v2440;
				if(_v2344 > 0xb) {
					_t385 = _v2276 + 0x8e2;
					_v2272 =  *_t385;
					_v2268 =  *((intOrPtr*)(_t385 + 4));
					L39:
					_t387 = _v2276 + 0x8dc;
					 *_t387 = _v2272;
					 *((short*)(_t387 + 4)) = _v2268;
					_t389 = _v2276 + 0x8dc;
					_t409 = _a4;
					 *_t409 =  *_t389;
					 *((intOrPtr*)(_t409 + 4)) =  *((intOrPtr*)(_t389 + 4));
					 *((intOrPtr*)(_t409 + 8)) =  *((intOrPtr*)(_t389 + 8));
					_v8 = 0xffffffff;
					__imp__??1CDuiString@DuiLib@@QAE@XZ();
					 *[fs:0x0] = _v16;
					return E00344CC8(_v20 ^ _t427);
				}
				switch( *((intOrPtr*)(_v2344 * 4 +  &M001611C8))) {
					case 0:
						_t394 = _v2276 + 0x8e2;
						_v2272 =  *_t394;
						_v2268 =  *((intOrPtr*)(_t394 + 4));
						goto L39;
					case 1:
						__ecx = _v2276;
						_v2292 = E00162010(_v2276);
						__eax = _v2292 * 6;
						__cl =  *((intOrPtr*)(__eax + 0x415d7a));
						_v2270 =  *((intOrPtr*)(__eax + 0x415d7a));
						__edx = _v2292 * 6;
						__al =  *((intOrPtr*)(__edx + 0x415d7b));
						_v2269 =  *((intOrPtr*)(__edx + 0x415d7b));
						__ecx = _v2292 * 6;
						__dl =  *((intOrPtr*)(__ecx + 0x415d7c));
						_v2268 =  *((intOrPtr*)(__ecx + 0x415d7c));
						goto L39;
					case 2:
						_v2270 = 0x11;
						__ecx = _v2276;
						_v2340 = E00162070(_v2276);
						__ecx =  &_v284;
						__imp__??0CDuiString@DuiLib@@QAE@XZ();
						_v8 = 1;
						__eax =  &_v944;
						__ecx = _v2276;
						_v2436 = E001621E0(_v2276,  &_v944);
						__ecx = _v2436;
						_v2428 = _v2436;
						_v8 = 2;
						__edx = _v2428;
						_push(_v2428);
						__ecx =  &_v284;
						__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
						_v8 = 1;
						__ecx =  &_v944;
						__imp__??1CDuiString@DuiLib@@QAE@XZ();
						__ecx =  &_v284;
						__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
						_v2284 = __eax;
						_v2284 = _v2284 & 0x0000000f;
						_v2284 = _v2284 & 0x0000000f;
						_v2284 = _v2284 << 4;
						_v2284 = _v2284 << 4;
						_v2284 = _v2284 & 0x000000f0;
						_v2284 = _v2284 & 0x000000f0;
						__al = _v2284;
						_v2269 = __al;
						__ecx =  &_v2264;
						__ecx = _v2276;
						_v2424 = E001622A0(_v2276,  &_v2264);
						__edx = _v2424;
						_v2420 = _v2424;
						_v8 = 3;
						__eax = _v2420;
						_push(_v2420);
						__ecx =  &_v284;
						__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
						_v8 = 1;
						__ecx =  &_v2264;
						__imp__??1CDuiString@DuiLib@@QAE@XZ();
						__ecx =  &_v284;
						__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
						_v2284 = E0034D449( &_v284, _v2420);
						_v2284 = _v2284 & 0x0000000f;
						_v2284 = _v2284 & 0x0000000f;
						_v2269 & 0x000000ff = _v2269 & 0x000000ff | _v2284;
						_v2269 = __dl;
						if(_v2340 != 1) {
							if(_v2340 == 0) {
								__eax =  &_v1076;
								__ecx = _v2276;
								_v2408 = E00162120(_v2276,  &_v1076);
								__ecx = _v2408;
								_v2404 = _v2408;
								_v8 = 5;
								__edx = _v2404;
								_push(_v2404);
								__ecx =  &_v284;
								__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
								_v8 = 1;
								__ecx =  &_v1076;
								__imp__??1CDuiString@DuiLib@@QAE@XZ();
								__ecx =  &_v284;
								__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
								_v2284 = __eax;
								__al = _v2284;
								_v2268 = _v2284;
								_v2268 & 0x000000ff = _v2268 & 0x7f;
								_v2268 = __cl;
							}
						} else {
							_v2268 & 0x000000ff = _v2268 & 0x7f;
							_v2268 = __al;
							__ecx =  &_v2132;
							__ecx = _v2276;
							_v2416 = E00162120(_v2276,  &_v2132);
							__edx = _v2416;
							_v2412 = _v2416;
							_v8 = 4;
							__eax = _v2412;
							_push(_v2412);
							__ecx =  &_v284;
							__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
							_v8 = 1;
							__ecx =  &_v2132;
							__imp__??1CDuiString@DuiLib@@QAE@XZ();
							__ecx =  &_v284;
							__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
							_v2284 = E0034D449( &_v284, _v2412);
							__cl = _v2284;
							_v2268 = _v2284;
							_v2268 & 0x000000ff = _v2268 & 0x000000ff | 0x00000080;
							_v2268 = __dl;
						}
						_v8 = 0;
						__ecx =  &_v284;
						__imp__??1CDuiString@DuiLib@@QAE@XZ();
						goto L39;
					case 3:
						_v2270 = 0x12;
						__ecx = _v2276;
						_v2336 = E00162310(_v2276);
						__ecx =  &_v152;
						__imp__??0CDuiString@DuiLib@@QAE@XZ();
						_v8 = 6;
						__edx =  &_v2000;
						__ecx = _v2276;
						_v2400 = E00162480(_v2276,  &_v2000);
						__eax = _v2400;
						_v2396 = _v2400;
						_v8 = 7;
						__ecx = _v2396;
						_push(_v2396);
						__ecx =  &_v152;
						__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
						_v8 = 6;
						__ecx =  &_v2000;
						__imp__??1CDuiString@DuiLib@@QAE@XZ();
						__ecx =  &_v152;
						__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
						_v2280 = E0034D449( &_v152, _v2400);
						_v2280 = _v2280 & 0x0000000f;
						_v2280 = _v2280 & 0x0000000f;
						_v2280 = _v2280 << 4;
						_v2280 = _v2280 << 4;
						_v2280 = _v2280 & 0x000000f0;
						_v2280 = _v2280 & 0x000000f0;
						__dl = _v2280;
						_v2269 = __dl;
						__eax =  &_v1868;
						__ecx = _v2276;
						_v2392 = E00162540(_v2276,  &_v1868);
						__ecx = _v2392;
						_v2432 = _v2392;
						_v8 = 8;
						__edx = _v2432;
						_push(_v2432);
						__ecx =  &_v152;
						__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
						_v8 = 6;
						__ecx =  &_v1868;
						__imp__??1CDuiString@DuiLib@@QAE@XZ();
						__ecx =  &_v152;
						__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
						_v2280 = __eax;
						_v2280 = _v2280 & 0x0000000f;
						_v2280 = _v2280 & 0x0000000f;
						_v2269 & 0x000000ff = _v2269 & 0x000000ff | _v2280;
						_v2269 = __cl;
						if(_v2336 != 1) {
							if(_v2336 == 0) {
								__eax =  &_v1604;
								__ecx = _v2276;
								_v2356 = E001623C0(_v2276,  &_v1604);
								__ecx = _v2356;
								_v2360 = _v2356;
								_v8 = 0xa;
								__edx = _v2360;
								_push(_v2360);
								__ecx =  &_v152;
								__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
								_v8 = 6;
								__ecx =  &_v1604;
								__imp__??1CDuiString@DuiLib@@QAE@XZ();
								__ecx =  &_v152;
								__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
								_v2280 = __eax;
								__al = _v2280;
								_v2268 = _v2280;
								_v2268 & 0x000000ff = _v2268 & 0x7f;
								_v2268 = __cl;
							}
						} else {
							_v2268 & 0x000000ff = _v2268 & 0x7f;
							_v2268 = __dl;
							__eax =  &_v1736;
							__ecx = _v2276;
							_v2348 = E001623C0(_v2276,  &_v1736);
							__ecx = _v2348;
							_v2352 = _v2348;
							_v8 = 9;
							__edx = _v2352;
							_push(_v2352);
							__ecx =  &_v152;
							__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
							_v8 = 6;
							__ecx =  &_v1736;
							__imp__??1CDuiString@DuiLib@@QAE@XZ();
							__ecx =  &_v152;
							__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
							_v2280 = __eax;
							0x80 = 0x80 - _v2280;
							_v2280 = 0x80 - _v2280;
							__cl = _v2280;
							_v2268 = _v2280;
							_v2268 & 0x000000ff = _v2268 & 0x000000ff | 0x00000080;
							_v2268 = __dl;
						}
						_v8 = 0;
						__ecx =  &_v152;
						__imp__??1CDuiString@DuiLib@@QAE@XZ();
						goto L39;
					case 4:
						__ecx = _v2276;
						_v2296 = E001625B0(_v2276);
						__edx = _v2296 * 6;
						__al =  *((intOrPtr*)(__edx + 0x415d62));
						_v2270 =  *((intOrPtr*)(__edx + 0x415d62));
						__ecx = _v2296 * 6;
						__dl =  *((intOrPtr*)(__ecx + 0x415d63));
						_v2269 =  *((intOrPtr*)(__ecx + 0x415d63));
						__eax = _v2296 * 6;
						__cl =  *((intOrPtr*)(__eax + 0x415d64));
						_v2268 =  *((intOrPtr*)(__eax + 0x415d64));
						goto L39;
					case 5:
						_v2270 = 0x14;
						__ecx =  &_v416;
						__imp__??0CDuiString@DuiLib@@QAE@XZ();
						_v8 = 0xb;
						__edx =  &_v1472;
						__ecx = _v2276;
						_v2364 = E00162660(_v2276,  &_v1472);
						__eax = _v2364;
						_v2368 = _v2364;
						_v8 = 0xc;
						__ecx = _v2368;
						_push(_v2368);
						__ecx =  &_v416;
						__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
						_v8 = 0xb;
						__ecx =  &_v1472;
						__imp__??1CDuiString@DuiLib@@QAE@XZ();
						__ecx =  &_v416;
						__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
						_v2300 = E0034D449( &_v416, _v2364);
						__dl = _v2300;
						_v2269 = _v2300;
						__eax =  &_v1340;
						__ecx = _v2276;
						_v2372 = E00162120(_v2276,  &_v1340);
						__ecx = _v2372;
						_v2376 = _v2372;
						_v8 = 0xd;
						__edx = _v2376;
						_push(_v2376);
						__ecx =  &_v416;
						__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
						_v8 = 0xb;
						__ecx =  &_v1340;
						__imp__??1CDuiString@DuiLib@@QAE@XZ();
						__ecx =  &_v416;
						__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
						_v2300 = __eax;
						__al = _v2300;
						_v2268 = _v2300;
						_v8 = 0;
						__ecx =  &_v416;
						__imp__??1CDuiString@DuiLib@@QAE@XZ();
						goto L39;
					case 6:
						__ecx = _v2276;
						__ecx = _v2276 + 0x8dc;
						__edx =  *__ecx;
						_v2272 =  *__ecx;
						_v2268 =  *((intOrPtr*)(__ecx + 4));
						_v2270 = 0x20;
						__ecx = _v2276;
						_v2316 = E001630B0(_v2276);
						if(_v2316 != 0xffffffff) {
							if(_v2316 != 0) {
								_v2316 = _v2316 - 1;
								1 = 1 << __cl;
								_v2269 = __dl;
							} else {
								_v2269 = 0;
							}
						} else {
							_v2269 = 0;
						}
						__eax =  &_v812;
						__ecx = _v2276;
						__eax = E001627B0(_v2276,  &_v812);
						_v8 = 0xe;
						__ecx =  &_v812;
						__imp__?IsEmpty@CDuiString@DuiLib@@QBE_NXZ();
						__ecx = __al & 0x000000ff;
						if((__al & 0x000000ff) != 0) {
							_v2268 = 0;
						}
						_v8 = 0;
						__ecx =  &_v812;
						__imp__??1CDuiString@DuiLib@@QAE@XZ();
						goto L39;
					case 7:
						__ecx = _v2276;
						_v2308 = E00162820(_v2276);
						__edx = _v2308 * 6;
						__al =  *((intOrPtr*)(__edx + 0x415cf2));
						_v2270 =  *((intOrPtr*)(__edx + 0x415cf2));
						__ecx = _v2308 * 6;
						__dl =  *((intOrPtr*)(__ecx + 0x415cf3));
						_v2269 =  *((intOrPtr*)(__ecx + 0x415cf3));
						__eax = _v2308 * 6;
						__cl =  *((intOrPtr*)(__eax + 0x415cf4));
						_v2268 =  *((intOrPtr*)(__eax + 0x415cf4));
						goto L39;
					case 8:
						__ecx = _v2276;
						_v2312 = E00162880(_v2276);
						__edx = _v2312 * 6;
						__al =  *((intOrPtr*)(__edx + 0x415cda));
						_v2270 =  *((intOrPtr*)(__edx + 0x415cda));
						__ecx = _v2312 * 6;
						__dl =  *((intOrPtr*)(__ecx + 0x415cdb));
						_v2269 =  *((intOrPtr*)(__ecx + 0x415cdb));
						__eax = _v2312 * 6;
						__cl =  *((intOrPtr*)(__eax + 0x415cdc));
						_v2268 =  *((intOrPtr*)(__eax + 0x415cdc));
						goto L39;
					case 9:
						__ecx = _v2276;
						_v2288 = E001628E0(_v2276);
						__ecx = _v2276;
						_v2332 = E00162910(__ecx);
						__edx = _v2288;
						if(_v2288 > _v2332) {
							_v2288 = 0xffffffff;
						}
						if(_v2288 == 0xffffffff || _v2332 == 0) {
							__edx = _v2276;
							__edx = _v2276 + 0x8dc;
							__eax =  *__edx;
							_v2272 =  *__edx;
							_v2268 =  *((intOrPtr*)(__edx + 4));
						} else {
							__al = _v2288;
							_v2269 = __al;
							__ecx = _v2276;
							_v2328 = E00162970(__ecx);
							if(_v2328 != 4) {
								_v2270 = 0x70;
								__cl = _v2328;
								_v2268 = _v2328;
							} else {
								_v2270 = 0x71;
								__ecx =  &_v548;
								__imp__??0CDuiString@DuiLib@@QAE@XZ();
								_v8 = 0xf;
								__ecx =  &_v1208;
								__ecx = _v2276;
								_v2380 = E00162A60(_v2276,  &_v1208);
								__edx = _v2380;
								_v2384 = _v2380;
								_v8 = 0x10;
								__eax = _v2384;
								_push(_v2384);
								__ecx =  &_v548;
								__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
								_v8 = 0xf;
								__ecx =  &_v1208;
								__imp__??1CDuiString@DuiLib@@QAE@XZ();
								__ecx =  &_v548;
								__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
								__eax = E0034D449( &_v548, _v2384);
								_v2268 = __al;
								_v8 = 0;
								__ecx =  &_v548;
								__imp__??1CDuiString@DuiLib@@QAE@XZ();
							}
						}
						goto L39;
					case 0xa:
						__ecx = _v2276;
						_v2388 = E00162AD0(__ecx);
						_v2270 = 0x72;
						__dl = _v2388;
						_v2269 = _v2388;
						_v2268 = 0;
						goto L39;
					case 0xb:
						__ecx = _v2276;
						_v2304 = E00162B30(_v2276);
						__edx = _v2304 * 6;
						__al =  *((intOrPtr*)(__edx + 0x41593a));
						_v2270 =  *((intOrPtr*)(__edx + 0x41593a));
						__ecx = _v2304 * 6;
						__dl =  *((intOrPtr*)(__ecx + 0x41593b));
						_v2269 =  *((intOrPtr*)(__ecx + 0x41593b));
						__eax = _v2304 * 6;
						__cl =  *((intOrPtr*)(__eax + 0x41593c));
						_v2268 =  *((intOrPtr*)(__eax + 0x41593c));
						goto L39;
				}
			}












































































0x00160617
0x0016061c
0x0016061e
0x00160625
0x0016062b
0x00160631
0x00160665
0x0016069a
0x001606bd
0x001606c3
0x001606d0
0x001606df
0x001606eb
0x001606f8
0x00161140
0x00161147
0x00161151
0x00161158
0x0016115e
0x00161169
0x00161172
0x0016117c
0x00161181
0x00161186
0x0016118b
0x00161191
0x00161194
0x001611a1
0x001611ad
0x001611c2
0x001611c2
0x00160704
0x00000000
0x00160711
0x00160718
0x00160722
0x00000000
0x00000000
0x0016072e
0x00160739
0x0016073f
0x00160746
0x0016074c
0x00160752
0x00160759
0x0016075f
0x00160765
0x0016076c
0x00160772
0x00000000
0x00000000
0x0016077d
0x00160784
0x0016078f
0x00160795
0x0016079b
0x001607a1
0x001607a5
0x001607ac
0x001607b7
0x001607bd
0x001607c3
0x001607c9
0x001607cd
0x001607d3
0x001607d4
0x001607da
0x001607e0
0x001607e4
0x001607ea
0x001607f0
0x001607f6
0x00160805
0x00160811
0x00160814
0x00160820
0x00160823
0x0016082f
0x00160835
0x0016083b
0x00160841
0x00160847
0x0016084e
0x00160859
0x0016085f
0x00160865
0x0016086b
0x0016086f
0x00160875
0x00160876
0x0016087c
0x00160882
0x00160886
0x0016088c
0x00160892
0x00160898
0x001608a7
0x001608b3
0x001608b6
0x001608c3
0x001608c9
0x001608d6
0x0016097d
0x00160983
0x0016098a
0x00160995
0x0016099b
0x001609a1
0x001609a7
0x001609ab
0x001609b1
0x001609b2
0x001609b8
0x001609be
0x001609c2
0x001609c8
0x001609ce
0x001609d4
0x001609e3
0x001609e9
0x001609ef
0x001609fc
0x001609ff
0x001609ff
0x001608dc
0x001608e3
0x001608e6
0x001608ec
0x001608f3
0x001608fe
0x00160904
0x0016090a
0x00160910
0x00160914
0x0016091a
0x0016091b
0x00160921
0x00160927
0x0016092b
0x00160931
0x00160937
0x0016093d
0x0016094c
0x00160952
0x00160958
0x00160965
0x0016096b
0x0016096b
0x00160a05
0x00160a09
0x00160a0f
0x00000000
0x00000000
0x00160a1a
0x00160a21
0x00160a2c
0x00160a32
0x00160a38
0x00160a3e
0x00160a42
0x00160a49
0x00160a54
0x00160a5a
0x00160a60
0x00160a66
0x00160a6a
0x00160a70
0x00160a71
0x00160a77
0x00160a7d
0x00160a81
0x00160a87
0x00160a8d
0x00160a93
0x00160aa2
0x00160aae
0x00160ab1
0x00160abd
0x00160ac0
0x00160acc
0x00160ad2
0x00160ad8
0x00160ade
0x00160ae4
0x00160aeb
0x00160af6
0x00160afc
0x00160b02
0x00160b08
0x00160b0c
0x00160b12
0x00160b13
0x00160b19
0x00160b1f
0x00160b23
0x00160b29
0x00160b2f
0x00160b35
0x00160b44
0x00160b50
0x00160b53
0x00160b60
0x00160b66
0x00160b73
0x00160c2b
0x00160c31
0x00160c38
0x00160c43
0x00160c49
0x00160c4f
0x00160c55
0x00160c59
0x00160c5f
0x00160c60
0x00160c66
0x00160c6c
0x00160c70
0x00160c76
0x00160c7c
0x00160c82
0x00160c91
0x00160c97
0x00160c9d
0x00160caa
0x00160cad
0x00160cad
0x00160b79
0x00160b80
0x00160b83
0x00160b89
0x00160b90
0x00160b9b
0x00160ba1
0x00160ba7
0x00160bad
0x00160bb1
0x00160bb7
0x00160bb8
0x00160bbe
0x00160bc4
0x00160bc8
0x00160bce
0x00160bd4
0x00160bda
0x00160be9
0x00160bf4
0x00160bfa
0x00160c00
0x00160c06
0x00160c13
0x00160c19
0x00160c19
0x00160cb3
0x00160cb7
0x00160cbd
0x00000000
0x00000000
0x00160cc8
0x00160cd3
0x00160cd9
0x00160ce0
0x00160ce6
0x00160cec
0x00160cf3
0x00160cf9
0x00160cff
0x00160d06
0x00160d0c
0x00000000
0x00000000
0x00160d17
0x00160d1e
0x00160d24
0x00160d2a
0x00160d2e
0x00160d35
0x00160d40
0x00160d46
0x00160d4c
0x00160d52
0x00160d56
0x00160d5c
0x00160d5d
0x00160d63
0x00160d69
0x00160d6d
0x00160d73
0x00160d79
0x00160d7f
0x00160d8e
0x00160d94
0x00160d9a
0x00160da0
0x00160da7
0x00160db2
0x00160db8
0x00160dbe
0x00160dc4
0x00160dc8
0x00160dce
0x00160dcf
0x00160dd5
0x00160ddb
0x00160ddf
0x00160de5
0x00160deb
0x00160df1
0x00160e00
0x00160e06
0x00160e0c
0x00160e12
0x00160e16
0x00160e1c
0x00000000
0x00000000
0x00160e27
0x00160e2d
0x00160e33
0x00160e35
0x00160e3f
0x00160e46
0x00160e4d
0x00160e58
0x00160e65
0x00160e77
0x00160e88
0x00160e90
0x00160e92
0x00160e79
0x00160e79
0x00160e79
0x00160e67
0x00160e67
0x00160e67
0x00160e98
0x00160e9f
0x00160ea5
0x00160eaa
0x00160eae
0x00160eb4
0x00160eba
0x00160ebf
0x00160ec1
0x00160ec1
0x00160ec8
0x00160ecc
0x00160ed2
0x00000000
0x00000000
0x00160f2c
0x00160f37
0x00160f3d
0x00160f44
0x00160f4a
0x00160f50
0x00160f57
0x00160f5d
0x00160f63
0x00160f6a
0x00160f70
0x00000000
0x00000000
0x00160f7b
0x00160f86
0x00160f8c
0x00160f93
0x00160f99
0x00160f9f
0x00160fa6
0x00160fac
0x00160fb2
0x00160fb9
0x00160fbf
0x00000000
0x00000000
0x00160fca
0x00160fd5
0x00160fdb
0x00160fe6
0x00160fec
0x00160ff8
0x00160ffa
0x00160ffa
0x0016100b
0x001610ec
0x001610f2
0x001610f8
0x001610fa
0x00161104
0x0016101e
0x0016101e
0x00161024
0x0016102a
0x00161035
0x00161042
0x001610d7
0x001610de
0x001610e4
0x00161048
0x00161048
0x0016104f
0x00161055
0x0016105b
0x0016105f
0x00161066
0x00161071
0x00161077
0x0016107d
0x00161083
0x00161087
0x0016108d
0x0016108e
0x00161094
0x0016109a
0x0016109e
0x001610a4
0x001610aa
0x001610b0
0x001610b7
0x001610bf
0x001610c5
0x001610c9
0x001610cf
0x001610cf
0x001610ea
0x00000000
0x00000000
0x0016110d
0x00161118
0x0016111e
0x00161125
0x0016112b
0x00161131
0x00000000
0x00000000
0x00160edd
0x00160ee8
0x00160eee
0x00160ef5
0x00160efb
0x00160f01
0x00160f08
0x00160f0e
0x00160f14
0x00160f1b
0x00160f21
0x00000000
0x00000000

APIs
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(00000000), ref: 001606BD
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 001606D0
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0016079B
  • ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z.DUILIB(?,?), ref: 001607DA
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 001607EA
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 001607F6
  • ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z.DUILIB(?,?), ref: 0016087C
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0016088C
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 00160898
  • ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z.DUILIB(?,?), ref: 00160921
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00160931
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 0016093D
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00160A38
  • ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z.DUILIB(?,?), ref: 00160A77
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00160A87
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 00160A93
  • ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z.DUILIB(?,?), ref: 00160B19
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00160B29
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 00160B35
  • ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z.DUILIB(?,?), ref: 00160BBE
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00160BCE
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 00160BDA
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 001611A1
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$V01@@$V01@
  • String ID:
  • API String ID: 2241132566-0
  • Opcode ID: 85ee687c248eca8265403ce9a57aa924d77d604f84d569c4bbe9d2bf7970caa1
  • Instruction ID: 5e14c15bd3b456fe1a30d5c1f75f63395942244094bed0fdb1219de41b63bd97
  • Opcode Fuzzy Hash: 85ee687c248eca8265403ce9a57aa924d77d604f84d569c4bbe9d2bf7970caa1
  • Instruction Fuzzy Hash: 6322E4708052A9CFDB65DB24CD58BEDBBB5BB59300F0881DAD08DA7292DA305F84DF81
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 40%
			E001637E0(intOrPtr __ecx, char _a4, char _a16, intOrPtr _a28, intOrPtr _a32) {
				char _v8;
				char _v16;
				signed int _v20;
				void* _v152;
				intOrPtr _v156;
				signed char _v157;
				intOrPtr* _v164;
				char _v168;
				intOrPtr* _v172;
				intOrPtr* _v176;
				intOrPtr* _v180;
				signed int _t116;
				signed int _t117;
				intOrPtr _t119;
				intOrPtr _t127;
				intOrPtr _t133;
				intOrPtr* _t137;
				void* _t141;
				void* _t143;
				intOrPtr* _t148;
				intOrPtr _t162;
				intOrPtr _t203;
				intOrPtr _t213;
				intOrPtr _t214;
				signed int _t229;
				void* _t230;
				void* _t231;

				_push(0xffffffff);
				_push(0x371ca1);
				_push( *[fs:0x0]);
				_t231 = _t230 - 0xa4;
				_t116 =  *0x414f64; // 0x48591883
				_t117 = _t116 ^ _t229;
				_v20 = _t117;
				_push(_t117);
				 *[fs:0x0] =  &_v16;
				_v156 = __ecx;
				_v8 = 1;
				_t119 = _v156;
				if( *((intOrPtr*)(_t119 + 0x86c)) == 0) {
					__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v156, L"light_combo_modeSelect");
					 *((intOrPtr*)(_v156 + 0x86c)) = _t119;
				}
				if( *((intOrPtr*)(_v156 + 0x86c)) != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v156 + 0x86c)) + 0x6f0)) + 0x20))))();
					_v168 = 0;
					while(1) {
						__eflags = _v168 - E00163230( &_a4, __eflags);
						if(__eflags >= 0) {
							break;
						}
						_t137 = E00214952(__eflags, 0x708);
						_t231 = _t231 + 4;
						_v172 = _t137;
						_v8 = 2;
						__eflags = _v172;
						if(_v172 == 0) {
							_v176 = 0;
						} else {
							__imp__??0CListLabelElementUI@DuiLib@@QAE@XZ();
							 *_v172 = 0x3e09fc;
							_v176 = _v172;
						}
						_v180 = _v176;
						_v8 = 1;
						_v164 = _v180;
						__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z(E001631F0( &_a4, _v168));
						_v8 = 3;
						_t141 =  *((intOrPtr*)( *((intOrPtr*)( *_v164 + 0x88))))(0x1e);
						__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
						_t143 =  *((intOrPtr*)( *((intOrPtr*)( *_v164 + 0x2c))))(_t141);
						__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
						 *((intOrPtr*)( *((intOrPtr*)( *_v164 + 0x108))))(_t143);
						 *((intOrPtr*)( *((intOrPtr*)( *_v164 + 0x34))))(1);
						_t148 = E00167B90( &_a16, _v168);
						__eflags =  *_t148;
						if( *_t148 == 0) {
							_v157 = 0;
						} else {
							_v157 = 1;
						}
						 *((intOrPtr*)( *((intOrPtr*)( *_v164 + 0x118))))(_v157 & 0x000000ff);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v156 + 0x86c)) + 0x6f0)) + 0x10))))(_v164);
						_v8 = 1;
						__imp__??1CDuiString@DuiLib@@QAE@XZ();
						_t203 = _v168 + 1;
						__eflags = _t203;
						_v168 = _t203;
					}
					_t162 = _v156;
					__eflags =  *((intOrPtr*)(_t162 + 0x870));
					if( *((intOrPtr*)(_t162 + 0x870)) == 0) {
						__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v156, L"deng_light_slider");
						 *((intOrPtr*)(_v156 + 0x870)) = _v156;
					}
					_t213 = _v156;
					__eflags =  *((intOrPtr*)(_t213 + 0x870));
					if( *((intOrPtr*)(_t213 + 0x870)) != 0) {
						__imp__?SetMaxValue@CProgressUI@DuiLib@@QAEXH@Z(_a28);
						_t214 = _v156;
						__eflags =  *((intOrPtr*)(_t214 + 0x874));
						if( *((intOrPtr*)(_t214 + 0x874)) == 0) {
							_t133 = _v156;
							__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t133, L"deng_speed_slider");
							 *((intOrPtr*)(_v156 + 0x874)) = _t133;
						}
						_t127 = _v156;
						__eflags =  *((intOrPtr*)(_t127 + 0x874));
						if( *((intOrPtr*)(_t127 + 0x874)) != 0) {
							__imp__?SetMaxValue@CProgressUI@DuiLib@@QAEXH@Z(_a32);
							_v8 = 0;
							E001634E0();
							_v8 = 0xffffffff;
							E00167BB0();
						} else {
							_v8 = 0;
							E001634E0();
							_v8 = 0xffffffff;
							E00167BB0();
						}
					} else {
						_v8 = 0;
						E001634E0();
						_v8 = 0xffffffff;
						E00167BB0();
					}
					goto L23;
				} else {
					_v8 = 0;
					E001634E0();
					_v8 = 0xffffffff;
					E00167BB0();
					L23:
					 *[fs:0x0] = _v16;
					return E00344CC8(_v20 ^ _t229);
				}
			}






























0x001637e3
0x001637e5
0x001637f0
0x001637f1
0x001637f7
0x001637fc
0x001637fe
0x00163801
0x00163805
0x0016380b
0x00163811
0x00163818
0x00163825
0x0016383c
0x00163848
0x00163848
0x0016385b
0x001638a5
0x001638a7
0x001638c2
0x001638ca
0x001638d0
0x00000000
0x00000000
0x001638db
0x001638e0
0x001638e3
0x001638e9
0x001638ed
0x001638f4
0x0016391c
0x001638f6
0x001638fc
0x00163908
0x00163914
0x00163914
0x0016392c
0x00163932
0x0016393c
0x00163958
0x0016395e
0x00163978
0x00163980
0x00163998
0x001639a0
0x001639bb
0x001639d0
0x001639dc
0x001639e1
0x001639e4
0x001639ef
0x001639e6
0x001639e6
0x001639e6
0x00163a12
0x00163a42
0x00163a44
0x00163a4e
0x001638b9
0x001638b9
0x001638bc
0x001638bc
0x00163a59
0x00163a5f
0x00163a66
0x00163a7d
0x00163a89
0x00163a89
0x00163a8f
0x00163a95
0x00163a9c
0x00163ace
0x00163ad4
0x00163ada
0x00163ae1
0x00163ae8
0x00163af8
0x00163b04
0x00163b04
0x00163b0a
0x00163b10
0x00163b17
0x00163b46
0x00163b4c
0x00163b53
0x00163b58
0x00163b62
0x00163b19
0x00163b19
0x00163b20
0x00163b25
0x00163b2f
0x00163b2f
0x00163a9e
0x00163a9e
0x00163aa5
0x00163aaa
0x00163ab4
0x00163ab4
0x00000000
0x0016385d
0x0016385d
0x00163864
0x00163869
0x00163873
0x00163b67
0x00163b6a
0x00163b7f
0x00163b7f

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,light_combo_modeSelect), ref: 0016383C
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00163864
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00163873
  • ??0CListLabelElementUI@DuiLib@@QAE@XZ.DUILIB ref: 001638FC
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(00000000,00000000), ref: 00163958
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 00163980
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 001639A0
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00163A4E
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_light_slider), ref: 00163A7D
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00163AA5
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00163AB4
  • ?SetMaxValue@CProgressUI@DuiLib@@QAEXH@Z.DUILIB(?), ref: 00163ACE
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_speed_slider), ref: 00163AF8
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00163B20
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00163B2F
  • ?SetMaxValue@CProgressUI@DuiLib@@QAEXH@Z.DUILIB(?), ref: 00163B46
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00163B53
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00163B62
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$Container_base12Container_base12::~_std::_$Control$String@$FindI@2@ManagerName@PaintV32@$ProgressValue@$ElementLabelListV01@@
  • String ID: deng_light_slider$deng_speed_slider$light_combo_modeSelect
  • API String ID: 2832046881-3921143621
  • Opcode ID: 5e46212e2644b8c9bbd08c03a651f3ff5b12e8d6e517452eebb1d85c7c5d45c2
  • Instruction ID: b91d61045282faec2a29f33240d69657c061531e4995b0186826d93471f7d11a
  • Opcode Fuzzy Hash: 5e46212e2644b8c9bbd08c03a651f3ff5b12e8d6e517452eebb1d85c7c5d45c2
  • Instruction Fuzzy Hash: D5B1D334A04218DFCB14DB24C995BA9B7B1BF49304F1482E9E45EAB392CB71AE85CF51
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(click,000000FF,48591883), ref: 00153CE1
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D9E38,000000FF), ref: 00153CFA
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(itemselect,000000FF), ref: 00153D5B
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D9E54,000000FF), ref: 00153D71
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(selectchanged,000000FF), ref: 00153DD0
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D9E74,000000FF), ref: 00153DE6
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(windowinit,000000FF), ref: 00153E45
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D9E90,000000FF), ref: 00153E5B
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(killfocus,000000FF), ref: 00153EB9
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D9EA8,000000FF), ref: 00153ECF
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(checkclick,000000FF), ref: 00153F2E
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D9EC4,000000FF), ref: 00153F44
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D9EC8,000000FF), ref: 00153FA3
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D9ECC,000000FF), ref: 00153FB9
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$__onexit
  • String ID: checkclick$click$itemselect$killfocus$selectchanged$windowinit
  • API String ID: 2284767783-977228687
  • Opcode ID: a77aca878bcf060a0633fdc41cb65cb50ec13078d0808c6c2715471d30e970a3
  • Instruction ID: 3d829524bf387bc7403cef8b9a50111cdaa3f6ef84cd25581a10d715affcc81d
  • Opcode Fuzzy Hash: a77aca878bcf060a0633fdc41cb65cb50ec13078d0808c6c2715471d30e970a3
  • Instruction Fuzzy Hash: 04A129B0A09359DFDB25CF98E85879DBBB1BB49324F60436AE425673E0C7740906CF58
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(XML\DeviceXml\mousedevice.xml,000000FF,48591883,?,003760DA,000000FF), ref: 00152446
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(acrox_light,000000FF,?,003760DA,000000FF), ref: 0015245F
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(XML\DeviceXml\keyboarddevice.xml,000000FF,?,003760DA,000000FF), ref: 001524A0
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(acrox_light,000000FF,?,003760DA,000000FF), ref: 001524B6
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(XML\DeviceXml\mousepaddevice.xml,000000FF,?,003760DA,000000FF), ref: 001524F4
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(acrox_light,000000FF,?,003760DA,000000FF), ref: 0015250A
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(XML\DeviceXml\hs6533device.xml,000000FF,?,003760DA,000000FF), ref: 00152548
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(acrox_light,000000FF,?,003760DA,000000FF), ref: 0015255E
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$__onexit
  • String ID: 8B$XML\DeviceXml\hs6533device.xml$XML\DeviceXml\keyboarddevice.xml$XML\DeviceXml\mousedevice.xml$XML\DeviceXml\mousepaddevice.xml$\5B$acrox_light$acrox_light$acrox_light$acrox_light$t6B
  • API String ID: 2284767783-1922759234
  • Opcode ID: 4dcdecda94b03b6ac5af2e9da75fba24cb5741c48ae3d7395e5a673c8833ad58
  • Instruction ID: 5be5b42275b90c7ef3d732d312381d1b7f0abd8300b9357c002190a09af1d453
  • Opcode Fuzzy Hash: 4dcdecda94b03b6ac5af2e9da75fba24cb5741c48ae3d7395e5a673c8833ad58
  • Instruction Fuzzy Hash: CD318DB1709342ABC7229F44EC0D7947AB4E745735FA083AAE031273E0CBBD0B459B05
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 44%
			E00157EC0(struct HWND__* __ecx, signed int _a4) {
				struct HWND__* _v8;
				signed int _v12;
				signed int _t191;

				_v8 = __ecx;
				_t191 = _a4;
				_v12 = _t191;
				_v12 = _v12 - 0x3e8;
				if(_v12 > 7) {
					L63:
					return _t191;
				}
				switch( *((intOrPtr*)(_v12 * 4 +  &M00158490))) {
					case 0:
						_push(0x3e8);
						__ecx = _v8;
						_push(_v8);
						__edx = _v8;
						__ecx =  *(_v8 + 0x44);
						__imp__?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z();
						__eax = _v8;
						if( *((intOrPtr*)(__eax + 0x87c)) == 0) {
							_push(L"device_select");
							__ecx = _v8;
							_push(_v8);
							__edx = _v8;
							__ecx =  *(_v8 + 0x44);
							__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z();
							__ecx = _v8;
							 *(_v8 + 0x87c) = __eax;
						}
						__edx = _v8;
						if( *(_v8 + 0x870) != 0) {
							__eax = _v8;
							__ecx =  *(__eax + 0x870);
							__edx = _v8;
							__eax =  *( *(__eax + 0x870));
							__ecx =  *(_v8 + 0x870);
							__edx =  *(__eax + 0x250);
							__eax =  *( *(__eax + 0x250))();
						}
						__eax = _v8;
						if( *(_v8 + 0x86c) != 0) {
							__ecx = _v8;
							if( *(_v8 + 0x87c) != 0) {
								__edx = _v8;
								__ecx =  *(_v8 + 0x87c);
								__imp__?IsSelected@COptionUI@DuiLib@@QBE_NXZ();
								__eax = __al & 0x000000ff;
								if((__al & 0x000000ff) != 0) {
									__ecx = _v8;
									__ecx =  *(_v8 + 0x870);
									if(E002041B0( *(_v8 + 0x870)) != 0) {
										__edx = _v8;
										__ecx =  *(_v8 + 0x86c);
										__imp__?Invalidate@CControlUI@DuiLib@@QAEXXZ();
									}
								}
							}
						}
						__eax = _v8;
						__ecx =  *(__eax + 0x870);
						__ecx =  &(( *(__eax + 0x870))[0x21f]);
						__eax = E00180890( &(( *(__eax + 0x870))[0x21f]));
						if(__eax != 0) {
							__ecx = _v8;
							__edx =  *(_v8 + 0x870);
							if( *((intOrPtr*)( *(_v8 + 0x870) + 0xec8)) == 0) {
								_push(5);
								_push(0x3e8);
								__edx = _v8;
								_push(_v8);
								__eax = _v8;
								__ecx =  *(__eax + 0x44);
								__imp__?SetTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@II@Z();
							} else {
								_push(0x32);
								_push(0x3e8);
								__eax = _v8;
								_push(__eax);
								_v8 =  *(_v8 + 0x44);
								__imp__?SetTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@II@Z();
							}
						}
						return __eax;
					case 1:
						_push(0x3e9);
						_push(_v8);
						__imp__?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z();
						if( *(_v8 + 0x870) == 0) {
							L13:
							_push(5);
							_push(0x3e8);
							_push(_v8);
							__imp__?SetTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@II@Z();
							if(E00204E40( *(_v8 + 0x870)) != 0 && E00180890( *(_v8 + 0x870) + 0x87c) != 0) {
								_push(0x32);
								_push(0x3ed);
								_push(_v8);
								__imp__?SetTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@II@Z();
							}
							_t195 =  *(_v8 + 0x870);
							if( *((intOrPtr*)(_t195 + 0xec8)) != 0) {
								_t195 = E00158620(_v8, 0x7d0);
							}
							return _t195;
						}
						if( *((intOrPtr*)( *(_v8 + 0x870) + 0xec8)) != 0 && E00180890( *(_v8 + 0x870) + 0x87c) != 0) {
							if( *((intOrPtr*)( *((intOrPtr*)( *( *(_v8 + 0x870)) + 0x270))))() == 0) {
								 *(_v8 + 0xb28) =  *(_v8 + 0xb28) + 1;
								if( *(_v8 + 0xb28) >= 0x14) {
									 *(_v8 + 0xb28) = 0;
								}
								if((E00158530(_v8) & 0x000000ff) != 0) {
									_push(0);
									 *((intOrPtr*)( *((intOrPtr*)( *_v8 + 0x118))))();
									_t217 = E002030D0( *(_v8 + 0x870));
									SendMessageW(E00202DD0( *(_v8 + 0x870)), 0xd03, _t217, 0);
								}
								_push(0xbb8);
								_push(0x3e9);
								_t213 = _v8;
								_push(_t213);
								__imp__?SetTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@II@Z();
								return _t213;
							}
							_t206 = E002030D0( *(_v8 + 0x870));
							SendMessageW(E00202DD0( *(_v8 + 0x870)), 0xd03, _t206, 1);
						}
						 *((intOrPtr*)( *((intOrPtr*)( *( *(_v8 + 0x870)) + 0x25c))))();
						 *(_v8 + 0xb28) = 0;
						goto L13;
					case 2:
						_push(0x3ea);
						__ecx = _v8;
						_push(_v8);
						__edx = _v8;
						__ecx =  *(_v8 + 0x44);
						__imp__?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z();
						__eax = _v8;
						if( *(__eax + 0x870) != 0) {
							__ecx = _v8;
							__edx =  *(__ecx + 0x870);
							__eax = _v8;
							__edx =  *( *(__ecx + 0x870));
							__ecx =  *(_v8 + 0x870);
							__eax =  *(__edx + 0x260);
							__eax =  *( *(__edx + 0x260))();
						}
						return __eax;
					case 3:
						_push(0x3eb);
						__ecx = _v8;
						_push(_v8);
						__edx = _v8;
						__ecx =  *(_v8 + 0x44);
						__imp__?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z();
						__eax = _v8;
						if( *(__eax + 0x870) != 0) {
							__ecx = _v8;
							__edx =  *(__ecx + 0x870);
							__eax = _v8;
							__edx =  *( *(__ecx + 0x870));
							__ecx =  *(_v8 + 0x870);
							__eax =  *(__edx + 0x264);
							__eax =  *( *(__edx + 0x264))();
						}
						return __eax;
					case 4:
						_push(0x3ec);
						__ecx = _v8;
						_push(_v8);
						__edx = _v8;
						__ecx =  *(_v8 + 0x44);
						__imp__?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z();
						__eax = _v8;
						if( *(__eax + 0x870) != 0) {
							__ecx = _v8;
							__edx =  *(__ecx + 0x870);
							__eax = _v8;
							__edx =  *( *(__ecx + 0x870));
							__ecx =  *(_v8 + 0x870);
							__eax =  *(__edx + 0x268);
							__eax =  *( *(__edx + 0x268))();
						}
						return __eax;
					case 5:
						_push(0x3ed);
						__ecx = _v8;
						_push(_v8);
						__edx = _v8;
						__ecx =  *(_v8 + 0x44);
						__imp__?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z();
						__eax = _v8;
						if( *(_v8 + 0x870) != 0) {
							__ecx = _v8;
							__edx =  *(__ecx + 0x870);
							__eax = _v8;
							__edx =  *( *(__ecx + 0x870));
							__ecx =  *(_v8 + 0x870);
							 *((intOrPtr*)(__edx + 0x26c)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x26c))))();
						}
						__ecx = _v8;
						__ecx =  *(_v8 + 0x870);
						__eax = E00204E40( *(_v8 + 0x870));
						if(__eax != 0) {
							_push(0x1388);
							_push(0x3ed);
							__edx = _v8;
							_push(_v8);
							__eax = _v8;
							__ecx =  *(__eax + 0x44);
							__imp__?SetTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@II@Z();
						}
						return __eax;
					case 6:
						goto L63;
					case 7:
						_push(0x3ef);
						__ecx = _v8;
						_push(_v8);
						__edx = _v8;
						__ecx =  *(_v8 + 0x44);
						__imp__?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z();
						__eax = _v8;
						if( *(_v8 + 0x870) != 0) {
							__ecx = _v8;
							__edx =  *(_v8 + 0x870);
							if( *((intOrPtr*)( *(_v8 + 0x870) + 0xec8)) == 0) {
								__eax = _v8;
								__ecx =  *(__eax + 0x870);
								__ecx =  &(( *(__eax + 0x870))[0x21f]);
								if(__eax != 0) {
									OutputDebugStringW(L"2.4gcesvdfherhue  12312423");
								}
							} else {
								__eax = _v8;
								__ecx =  *(__eax + 0x870);
								__edx = _v8;
								__eax =  *( *(__eax + 0x870));
								__ecx =  *(_v8 + 0x870);
								__edx =  *(__eax + 0x270);
								if(__eax != 0) {
									__ecx = _v8;
									__eax = E00158530(_v8);
									__edx = __al & 0x000000ff;
									if((__al & 0x000000ff) == 0) {
										__eax = _v8;
										__ecx =  *(_v8 + 0x870);
										__eax = E002030D0( *(_v8 + 0x870));
										__ecx = _v8;
										__ecx =  *(_v8 + 0x870);
										E00202DD0( *(_v8 + 0x870)) = SendMessageW(__eax, 0xd03, __eax, 1);
										__edx = _v8;
										__ecx =  *(_v8 + 0x870);
										if(E00204E40( *(_v8 + 0x870)) != 0) {
											__eax = _v8;
											__ecx =  *(__eax + 0x870);
											__edx = _v8;
											__eax =  *( *(__eax + 0x870));
											__ecx =  *(_v8 + 0x870);
											__edx =  *(__eax + 0x26c);
											__eax =  *( *(__eax + 0x26c))();
										}
										OutputDebugStringW(L"2.4gcesvdfherhue  12312423 123342341");
									}
								} else {
									__ecx = _v8;
									E00158530(_v8) = __al & 0x000000ff;
									if((__al & 0x000000ff) != 0) {
										__ecx = _v8;
										__edx =  *(_v8 + 0x870);
										if( *((intOrPtr*)( *(_v8 + 0x870) + 0xec8)) != 0) {
											__eax = _v8;
											__ecx =  *(_v8 + 0x870);
											__eax = E002030D0( *(_v8 + 0x870));
											__ecx = _v8;
											__ecx =  *(_v8 + 0x870);
											E00202DD0( *(_v8 + 0x870)) = SendMessageW(__eax, 0xd03, __eax, 0);
											OutputDebugStringW(L"2.4gcesvdfherhue");
										}
									}
								}
							}
						}
						__ecx = _v8;
						__edx =  *(_v8 + 0x870);
						if( *((intOrPtr*)( *(_v8 + 0x870) + 0xec8)) == 0) {
							goto L63;
						} else {
							__ecx = _v8;
							return E00158620(_v8, 0xbb8);
						}
				}
			}






0x00157ec6
0x00157ec9
0x00157ecc
0x00157ed8
0x00157edf
0x0015848c
0x0015848c
0x0015848c
0x00157ee8
0x00000000
0x001580d5
0x001580da
0x001580dd
0x001580de
0x001580e1
0x001580e4
0x001580ea
0x001580f4
0x001580f6
0x001580fb
0x001580fe
0x001580ff
0x00158102
0x00158105
0x0015810b
0x0015810e
0x0015810e
0x00158114
0x0015811e
0x00158120
0x00158123
0x00158129
0x0015812c
0x0015812e
0x00158134
0x0015813a
0x0015813a
0x0015813c
0x00158146
0x00158148
0x00158152
0x00158154
0x00158157
0x0015815d
0x00158163
0x00158168
0x0015816a
0x0015816d
0x0015817a
0x0015817c
0x0015817f
0x00158185
0x00158185
0x0015817a
0x00158168
0x00158152
0x0015818b
0x0015818e
0x00158194
0x0015819a
0x001581a1
0x001581a3
0x001581a6
0x001581b3
0x001581ce
0x001581d0
0x001581d5
0x001581d8
0x001581d9
0x001581dc
0x001581df
0x001581b5
0x001581b5
0x001581b7
0x001581bc
0x001581bf
0x001581c3
0x001581c6
0x001581c6
0x001581b3
0x00000000
0x00000000
0x00157eef
0x00157ef7
0x00157efe
0x00157f0e
0x00158059
0x00158059
0x0015805b
0x00158063
0x0015806a
0x00158080
0x0015809a
0x0015809c
0x001580a4
0x001580ab
0x001580ab
0x001580b4
0x001580c1
0x001580cb
0x001580cb
0x00000000
0x001580c1
0x00157f24
0x00157f64
0x00157f79
0x00157f89
0x00157f8e
0x00157f8e
0x00157fa5
0x00157fa7
0x00157fb7
0x00157fc4
0x00157fde
0x00157fde
0x00157fe4
0x00157fe9
0x00157fee
0x00157ff1
0x00157ff8
0x00000000
0x00157ff8
0x00158010
0x0015802a
0x0015802a
0x0015804a
0x0015804f
0x00000000
0x00000000
0x001581ea
0x001581ef
0x001581f2
0x001581f3
0x001581f6
0x001581f9
0x001581ff
0x00158209
0x0015820b
0x0015820e
0x00158214
0x00158217
0x00158219
0x0015821f
0x00158225
0x00158225
0x00000000
0x00000000
0x0015822c
0x00158231
0x00158234
0x00158235
0x00158238
0x0015823b
0x00158241
0x0015824b
0x0015824d
0x00158250
0x00158256
0x00158259
0x0015825b
0x00158261
0x00158267
0x00158267
0x00000000
0x00000000
0x0015826e
0x00158273
0x00158276
0x00158277
0x0015827a
0x0015827d
0x00158283
0x0015828d
0x0015828f
0x00158292
0x00158298
0x0015829b
0x0015829d
0x001582a3
0x001582a9
0x001582a9
0x00000000
0x00000000
0x001582b0
0x001582b5
0x001582b8
0x001582b9
0x001582bc
0x001582bf
0x001582c5
0x001582cf
0x001582d1
0x001582d4
0x001582da
0x001582dd
0x001582df
0x001582eb
0x001582eb
0x001582ed
0x001582f0
0x001582f6
0x001582fd
0x001582ff
0x00158304
0x00158309
0x0015830c
0x0015830d
0x00158310
0x00158313
0x00158313
0x00000000
0x00000000
0x00000000
0x00000000
0x0015831e
0x00158323
0x00158326
0x00158327
0x0015832a
0x0015832d
0x00158333
0x0015833d
0x00158343
0x00158346
0x00158353
0x00158447
0x0015844a
0x00158450
0x0015845d
0x00158464
0x00158464
0x00158359
0x00158359
0x0015835c
0x00158362
0x00158365
0x00158367
0x0015836d
0x00158377
0x001583d2
0x001583d5
0x001583da
0x001583df
0x001583e3
0x001583e6
0x001583ec
0x001583f7
0x001583fa
0x00158406
0x0015840c
0x0015840f
0x0015841c
0x0015841e
0x00158421
0x00158427
0x0015842a
0x0015842c
0x00158432
0x00158438
0x00158438
0x0015843f
0x0015843f
0x00158379
0x00158379
0x00158381
0x00158386
0x00158388
0x0015838b
0x00158398
0x0015839c
0x0015839f
0x001583a5
0x001583b0
0x001583b3
0x001583bf
0x001583ca
0x001583ca
0x00158398
0x001583d0
0x00158445
0x00158353
0x0015846a
0x0015846d
0x0015847a
0x00000000
0x0015847c
0x00158481
0x00000000
0x00158484
0x00000000

APIs
  • ?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z.DUILIB(?,000003E9), ref: 00157EFE
  • SendMessageW.USER32(00000000,00000D03,00000000,00000000), ref: 00157FDE
  • ?SetTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@II@Z.DUILIB(?,000003E9,00000BB8), ref: 00157FF8
  • ?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z.DUILIB(?,000003E8), ref: 001580E4
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_select), ref: 00158105
  • ?IsSelected@COptionUI@DuiLib@@QBE_NXZ.DUILIB ref: 0015815D
  • ?Invalidate@CControlUI@DuiLib@@QAEXXZ.DUILIB ref: 00158185
  • ?SetTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@II@Z.DUILIB(?,000003E8,00000032), ref: 001581C6
  • ?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z.DUILIB(?,000003EA), ref: 001581F9
  • ?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z.DUILIB(?,000003EB), ref: 0015823B
  • ?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z.DUILIB(?,000003EC), ref: 0015827D
  • ?KillTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@I@Z.DUILIB(?,000003ED), ref: 001582BF
  • ?SetTimer@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@II@Z.DUILIB(?,000003ED,00001388), ref: 00158313
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$I@2@ManagerPaint$Timer@$Kill$FindInvalidate@MessageName@OptionSelected@SendV32@
  • String ID: device_select
  • API String ID: 1421821606-2564987867
  • Opcode ID: ee22b3db0e9ad3fd4713c50e048274586da177405c1c072fa5ec91f42e2ff8b3
  • Instruction ID: 335a0e9911ae877a8aee9cb08e911b25a93c95198a3e00f4184e2b6424584a5e
  • Opcode Fuzzy Hash: ee22b3db0e9ad3fd4713c50e048274586da177405c1c072fa5ec91f42e2ff8b3
  • Instruction Fuzzy Hash: 8CD1B934604204EFD709DB54C995FADB7B6BB88301F2842A8E9496B395DF31EE46DF80
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 39%
			E00161200(signed int __ecx, void* __esi, void* __eflags, signed int _a4, signed char _a6, signed int _a7, signed int _a8) {
				signed int _v8;
				char _v16;
				signed int _v20;
				char _v152;
				char _v284;
				char _v416;
				char _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				char* _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				intOrPtr _v700;
				signed int _v704;
				signed int _v708;
				signed int _v712;
				signed int _v716;
				char* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int _t311;
				signed int _t312;
				signed int _t344;

				_push(0xffffffff);
				_push(0x371b50);
				_push( *[fs:0x0]);
				_t311 =  *0x414f64; // 0x48591883
				_t312 = _t311 ^ _t344;
				_v20 = _t312;
				_push(_t312);
				 *[fs:0x0] =  &_v16;
				_v552 = __ecx;
				_v604 = 0xffffffff;
				_v608 = _a6 & 0x000000ff;
				_v556 = 0xffffffff;
				if((E0015FA60( &_a4, _v552 + 0x8e2) & 0x000000ff) != 0) {
					_v608 = 0;
				}
				_v612 = _v608;
				if(_v612 <= 0xb0) {
					_t15 = _v612 + 0x161e5c; // 0xcccccc0c
					switch( *((intOrPtr*)(( *_t15 & 0x000000ff) * 4 +  &M00161E24))) {
						case 0:
							_v556 = 0;
							goto L100;
						case 1:
							_v556 = 1;
							_v576 = 0;
							while(1) {
								__ecx = _v576;
								__eflags = __ecx -  *0x415d74; // 0x5
								if(__eflags >= 0) {
									break;
								}
								__edx = _a7 & 0x000000ff;
								_t26 = 0x415d7b + _v576 * 6; // 0x1000001
								__ecx =  *_t26 & 0x000000ff;
								__eflags = (_a7 & 0x000000ff) - ( *_t26 & 0x000000ff);
								if((_a7 & 0x000000ff) != ( *_t26 & 0x000000ff)) {
									L11:
									__eax = _v576;
									__eax = _v576 + 1;
									__eflags = __eax;
									_v576 = __eax;
									continue;
								} else {
									__edx = _a8 & 0x000000ff;
									_t29 = 0x415d7c + _v576 * 6; // 0x10000
									__ecx =  *_t29 & 0x000000ff;
									__eflags = (_a8 & 0x000000ff) - ( *_t29 & 0x000000ff);
									if((_a8 & 0x000000ff) != ( *_t29 & 0x000000ff)) {
										goto L11;
									} else {
										__edx = _v576;
										__ecx = _v552;
										__eax = E00161FE0(__ecx, _v576);
									}
								}
								break;
							}
							goto L100;
						case 2:
							_v556 = 2;
							__ecx =  &_v152;
							__imp__??0CDuiString@DuiLib@@QAE@XZ();
							_v8 = 0;
							_a7 & 0x000000ff = (_a7 & 0x000000ff) >> 4;
							_v600 = (_a7 & 0x000000ff) >> 4;
							__ecx = _v600;
							_push(_v600);
							_push(L"%d");
							__edx =  &_v152;
							_push( &_v152);
							__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ();
							__esp = __esp + 0xc;
							__esp = __esp - 0x84;
							__ecx = __esp;
							_v684 = __esp;
							__eax =  &_v152;
							__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
							_v720 =  &_v152;
							__ecx = _v552;
							__eax = L00162160( &_v152);
							_a7 & 0x000000ff = _a7 & 0xf;
							_v600 = _a7 & 0xf;
							__edx = _v600;
							_push(_v600);
							_push(L"%d");
							__eax =  &_v152;
							_push(__eax);
							__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ();
							__esp = __esp + 0xc;
							__esp = __esp - 0x84;
							__ecx = __esp;
							_v724 = __esp;
							__edx =  &_v152;
							__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
							_v728 = __eax;
							__ecx = _v552;
							L00162220( &_v152) = _a8 & 0x000000ff;
							__eax = (_a8 & 0x000000ff) >> 7;
							__eflags = (_a8 & 0x000000ff) >> 7;
							if((_a8 & 0x000000ff) >> 7 == 0) {
								__eax = _a8 & 0x000000ff;
								_push(__eax);
								_push(L"%d");
								__ecx =  &_v152;
								_push( &_v152);
								__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ();
								__esp = __esp + 0xc;
								__esp = __esp - 0x84;
								__ecx = __esp;
								_v628 = __esp;
								__edx =  &_v152;
								__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
								_v632 = __eax;
								__ecx = _v552;
								__eax = L001620A0( &_v152);
								__ecx = _v552;
								__eax = E00162040(_v552, 0);
							} else {
								_a8 & 0x000000ff = _a8 & 0x7f;
								_v600 = _a8 & 0x7f;
								__edx = _v600;
								_push(_v600);
								_push(L"%d");
								__eax =  &_v152;
								_push(__eax);
								__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ();
								__esp = __esp + 0xc;
								__esp = __esp - 0x84;
								__ecx = __esp;
								_v620 = __esp;
								__edx =  &_v152;
								__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
								_v624 = __eax;
								__ecx = _v552;
								__eax = L001620A0( &_v152);
								__ecx = _v552;
								__eax = E00162040(_v552, 1);
							}
							_v8 = 0xffffffff;
							__ecx =  &_v152;
							__imp__??1CDuiString@DuiLib@@QAE@XZ();
							goto L100;
						case 3:
							_v556 = 3;
							__ecx =  &_v284;
							__imp__??0CDuiString@DuiLib@@QAE@XZ();
							_v8 = 1;
							_a7 & 0x000000ff = (_a7 & 0x000000ff) >> 4;
							_v564 = (_a7 & 0x000000ff) >> 4;
							__ecx = _v564;
							_push(_v564);
							_push(L"%d");
							__edx =  &_v284;
							_push( &_v284);
							__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ();
							__esp = __esp + 0xc;
							__esp = __esp - 0x84;
							__ecx = __esp;
							_v636 = __esp;
							__eax =  &_v284;
							__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
							_v640 =  &_v284;
							__ecx = _v552;
							__eax = L00162400( &_v284);
							_a7 & 0x000000ff = _a7 & 0xf;
							_v564 = _a7 & 0xf;
							__edx = _v564;
							_push(_v564);
							_push(L"%d");
							__eax =  &_v284;
							_push(__eax);
							__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ();
							__esp = __esp + 0xc;
							__esp = __esp - 0x84;
							__ecx = __esp;
							_v644 = __esp;
							__edx =  &_v284;
							__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
							_v648 = __eax;
							__ecx = _v552;
							L001624C0( &_v284) = _a8 & 0x000000ff;
							__eax = (_a8 & 0x000000ff) >> 7;
							__eflags = (_a8 & 0x000000ff) >> 7;
							if((_a8 & 0x000000ff) >> 7 == 0) {
								__eax = _a8 & 0x000000ff;
								_push(__eax);
								_push(L"%d");
								__ecx =  &_v284;
								_push( &_v284);
								__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ();
								__esp = __esp + 0xc;
								__esp = __esp - 0x84;
								__ecx = __esp;
								_v660 = __esp;
								__edx =  &_v284;
								__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
								_v664 = __eax;
								__ecx = _v552;
								__eax = L00162340( &_v284);
								__ecx = _v552;
								__eax = E001622E0(_v552, 0);
							} else {
								_a8 & 0x000000ff = _a8 & 0x7f;
								_v564 = _a8 & 0x7f;
								0x80 = 0x80 - _v564;
								_v564 = 0x80 - _v564;
								__eax = _v564;
								_push(__eax);
								_push(L"%d");
								__ecx =  &_v284;
								_push( &_v284);
								__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ();
								__esp = __esp + 0xc;
								__esp = __esp - 0x84;
								__ecx = __esp;
								_v652 = __esp;
								__edx =  &_v284;
								__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
								_v656 = __eax;
								__ecx = _v552;
								__eax = L00162340( &_v284);
								__ecx = _v552;
								__eax = E001622E0(_v552, 1);
							}
							_v8 = 0xffffffff;
							__ecx =  &_v284;
							__imp__??1CDuiString@DuiLib@@QAE@XZ();
							goto L100;
						case 4:
							_v556 = 4;
							_v580 = 0;
							while(1) {
								__ecx = _v580;
								__eflags = __ecx -  *0x415d5c; // 0x3
								if(__eflags >= 0) {
									break;
								}
								__edx = _a7 & 0x000000ff;
								_t117 = 0x415d63 + _v580 * 6; // 0x1000001
								__ecx =  *_t117 & 0x000000ff;
								__eflags = (_a7 & 0x000000ff) - ( *_t117 & 0x000000ff);
								if((_a7 & 0x000000ff) != ( *_t117 & 0x000000ff)) {
									L27:
									__eax = _v580;
									__eax = _v580 + 1;
									__eflags = __eax;
									_v580 = __eax;
									continue;
								} else {
									__edx = _a8 & 0x000000ff;
									_t120 = 0x415d64 + _v580 * 6; // 0x10000
									__ecx =  *_t120 & 0x000000ff;
									__eflags = (_a8 & 0x000000ff) - ( *_t120 & 0x000000ff);
									if((_a8 & 0x000000ff) != ( *_t120 & 0x000000ff)) {
										goto L27;
									} else {
										__edx = _v580;
										__ecx = _v552;
										__eax = E00162580(__ecx, _v580);
									}
								}
								break;
							}
							goto L100;
						case 5:
							_v556 = 5;
							__ecx =  &_v416;
							__imp__??0CDuiString@DuiLib@@QAE@XZ();
							_v8 = 2;
							__eax = _a7 & 0x000000ff;
							_push(__eax);
							_push(L"%d");
							__ecx =  &_v416;
							_push( &_v416);
							__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ();
							__esp = __esp + 0xc;
							__esp = __esp - 0x84;
							__ecx = __esp;
							_v668 = __esp;
							__edx =  &_v416;
							__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
							_v672 = __eax;
							__ecx = _v552;
							__eax = L001625E0( &_v416);
							__eax = _a8 & 0x000000ff;
							_push(__eax);
							_push(L"%d");
							__ecx =  &_v416;
							_push( &_v416);
							__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ();
							__esp = __esp + 0xc;
							__esp = __esp - 0x84;
							__ecx = __esp;
							_v676 = __esp;
							__edx =  &_v416;
							__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
							_v680 = __eax;
							__ecx = _v552;
							__eax = L001620A0( &_v416);
							_v8 = 0xffffffff;
							__ecx =  &_v416;
							__imp__??1CDuiString@DuiLib@@QAE@XZ();
							goto L100;
						case 6:
							_v556 = 6;
							__eax = _a7 & 0x000000ff;
							__eflags = _a7 & 0x000000ff;
							if((_a7 & 0x000000ff) != 0) {
								L42:
								__edx = _a7 & 0x000000ff;
								__eflags = (_a7 & 0x000000ff) - 1;
								if((_a7 & 0x000000ff) < 1) {
									L65:
									_v588 = 0;
									while(1) {
										__ecx = _v588;
										__eflags = __ecx -  *0x415930;
										if(__ecx >=  *0x415930) {
											break;
										}
										__edx = _a7 & 0x000000ff;
										__eax = _v588 * 6;
										__ecx =  *(__eax + 0x41593b) & 0x000000ff;
										__eflags = (_a7 & 0x000000ff) - ( *(__eax + 0x41593b) & 0x000000ff);
										if((_a7 & 0x000000ff) != ( *(__eax + 0x41593b) & 0x000000ff)) {
											L71:
											__eax = _v588;
											__eax = _v588 + 1;
											__eflags = __eax;
											_v588 = __eax;
											continue;
										} else {
											__edx = _a8 & 0x000000ff;
											__eax = _v588 * 6;
											__ecx =  *(__eax + 0x41593c) & 0x000000ff;
											__eflags = (_a8 & 0x000000ff) - ( *(__eax + 0x41593c) & 0x000000ff);
											if((_a8 & 0x000000ff) != ( *(__eax + 0x41593c) & 0x000000ff)) {
												goto L71;
											} else {
												__edx = _v588;
												__ecx = _v552;
												__eax = E00162B00(__ecx, _v588);
											}
										}
										break;
									}
									_v556 = 0xb;
								} else {
									__eax = _a7 & 0x000000ff;
									__eflags = (_a7 & 0x000000ff) - 0x80;
									if((_a7 & 0x000000ff) > 0x80) {
										goto L65;
									} else {
										__ecx = _a7 & 0x000000ff;
										__eflags = (_a7 & 0x000000ff) - 0x10;
										if((_a7 & 0x000000ff) == 0x10) {
											goto L65;
										} else {
											_v700 = 1;
											_v584 = 0xffffffff;
											_v568 = 0;
											while(1) {
												__eflags = _v568 - 8;
												if(_v568 >= 8) {
													break;
												}
												__eax = _a7 & 0x000000ff;
												__ecx = _v568 * 6;
												__edx =  *(__ecx + 0x415983) & 0x000000ff;
												__eflags = (_a7 & 0x000000ff) - ( *(__ecx + 0x415983) & 0x000000ff);
												if((_a7 & 0x000000ff) != ( *(__ecx + 0x415983) & 0x000000ff)) {
													L52:
													__edx = _v568;
													__edx = _v568 + 1;
													__eflags = __edx;
													_v568 = __edx;
													continue;
												} else {
													__eax = _v568 * 6;
													__ecx =  *(__eax + 0x415984) & 0x000000ff;
													__eflags =  *(__eax + 0x415984) & 0x000000ff;
													if(( *(__eax + 0x415984) & 0x000000ff) != 0) {
														goto L52;
													} else {
														__edx = _v568 * 6;
														__eax =  *(__edx + 0x415982) & 0x000000ff;
														__eflags = ( *(__edx + 0x415982) & 0x000000ff) - 0x20;
														if(( *(__edx + 0x415982) & 0x000000ff) != 0x20) {
															goto L52;
														} else {
															__ecx = _v568;
															_v584 = _v568;
														}
													}
												}
												break;
											}
											__eflags = _v584 - 0xffffffff;
											if(_v584 != 0xffffffff) {
												_v584 = _v584 + 1;
												_v584 = _v584 + 1;
												__eax = _v584;
												asm("cdq");
												__ecx = 5;
												_t197 = __eax % 5;
												__eax = __eax / 5;
												__edx = _t197;
												__ecx = _t197;
												__eax = _v584;
												asm("cdq");
												__esi = 5;
												_t202 = __eax % 5;
												__eax = __eax / 5;
												__edx = _t202;
												__ecx = _t197 + __eax;
												__eflags = __ecx;
												_v616 = __ecx;
												__edx = _v616;
												__ecx = _v552;
												__eax = E00162F00(_v552, _v616);
											} else {
												_a7 = 0;
												__ecx = _v552;
												__eax = E00162F00(_v552, 0);
											}
											_v572 = 8;
											while(1) {
												__ecx = _v572;
												__eflags = __ecx -  *0x415934;
												if(__ecx >=  *0x415934) {
													break;
												}
												__edx = _a8 & 0x000000ff;
												__eax = _v572 * 6;
												__ecx =  *(__eax + 0x415984) & 0x000000ff;
												__eflags = (_a8 & 0x000000ff) - ( *(__eax + 0x415984) & 0x000000ff);
												if((_a8 & 0x000000ff) != ( *(__eax + 0x415984) & 0x000000ff)) {
													L63:
													__eax = _v572;
													__eax = _v572 + 1;
													__eflags = __eax;
													_v572 = __eax;
													continue;
												} else {
													__edx = _v572 * 6;
													__eax =  *(__edx + 0x415983) & 0x000000ff;
													__eflags =  *(__edx + 0x415983) & 0x000000ff;
													if(( *(__edx + 0x415983) & 0x000000ff) != 0) {
														goto L63;
													} else {
														__ecx = _v572 * 6;
														__edx =  *(__ecx + 0x415982) & 0x000000ff;
														__eflags = ( *(__ecx + 0x415982) & 0x000000ff) - 0x20;
														if(( *(__ecx + 0x415982) & 0x000000ff) != 0x20) {
															goto L63;
														} else {
															__esp = __esp - 0x84;
															__ecx = __esp;
															_v704 = __esp;
															_push(0xffffffff);
															__eax = _v572;
															__edx =  *(0x416580 + __eax * 4);
															__imp__??0CDuiString@DuiLib@@QAE@PB_WH@Z();
															_v732 = __eax;
															__ecx = _v552;
															__eax = L001626A0(__ecx,  *(0x416580 + __eax * 4));
														}
													}
												}
												break;
											}
										}
									}
								}
							} else {
								__ecx = _a8 & 0x000000ff;
								__eflags = _a8 & 0x000000ff;
								if((_a8 & 0x000000ff) < 0) {
									goto L42;
								} else {
									_v560 = 0;
									_v560 = 0;
									while(1) {
										__eax = _v560;
										__eflags = _v560 -  *0x415934;
										if(_v560 >=  *0x415934) {
											break;
										}
										__ecx = _a7 & 0x000000ff;
										__edx = _v560 * 6;
										__eax =  *(__edx + 0x415983) & 0x000000ff;
										__eflags = (_a7 & 0x000000ff) - ( *(__edx + 0x415983) & 0x000000ff);
										if((_a7 & 0x000000ff) != ( *(__edx + 0x415983) & 0x000000ff)) {
											L38:
											__edx = _v560;
											__edx = _v560 + 1;
											__eflags = __edx;
											_v560 = __edx;
											continue;
										} else {
											__ecx = _a8 & 0x000000ff;
											__edx = _v560 * 6;
											__eax =  *(__edx + 0x415984) & 0x000000ff;
											__eflags = (_a8 & 0x000000ff) - ( *(__edx + 0x415984) & 0x000000ff);
											if((_a8 & 0x000000ff) != ( *(__edx + 0x415984) & 0x000000ff)) {
												goto L38;
											} else {
												__ecx = _v552;
												__eax = E00162F00(_v552, 0);
												__esp = __esp - 0x84;
												__ecx = __esp;
												_v708 = __esp;
												_push(0xffffffff);
												__edx = _v560;
												__eax =  *(0x416580 + _v560 * 4);
												__imp__??0CDuiString@DuiLib@@QAE@PB_WH@Z();
												_v688 =  *(0x416580 + _v560 * 4);
												__ecx = _v552;
												__eax = L001626A0(_v552,  *(0x416580 + _v560 * 4));
											}
										}
										break;
									}
									__ecx = _v560;
									__eflags = __ecx -  *0x415934;
									if(__ecx ==  *0x415934) {
										__ecx = _v552;
										__eax = E00162F00(_v552, 0xffffffff);
										__esp = __esp - 0x84;
										__ecx = __esp;
										_v692 = __esp;
										_push(0xffffffff);
										__imp__??0CDuiString@DuiLib@@QAE@PB_WH@Z();
										_v696 = __eax;
										__ecx = _v552;
										__eax = L001626A0(__ecx, 0x3c4c18);
										_a8 = 0;
										_a7 = 0;
										__edx = _v552;
										__edx = _v552 + 0x8dc;
										__eflags = __edx;
										__eax = _a4;
										 *__edx = _a4;
										 *((short*)(__edx + 4)) = _a8;
									}
								}
							}
							goto L100;
						case 7:
							_v556 = 7;
							_v592 = 0;
							while(1) {
								__ecx = _v592;
								__eflags = __ecx -  *0x415cec;
								if(__ecx >=  *0x415cec) {
									break;
								}
								__edx = _a7 & 0x000000ff;
								__eax = _v592 * 6;
								__ecx =  *(__eax + 0x415cf3) & 0x000000ff;
								__eflags = (_a7 & 0x000000ff) - ( *(__eax + 0x415cf3) & 0x000000ff);
								if((_a7 & 0x000000ff) != ( *(__eax + 0x415cf3) & 0x000000ff)) {
									L80:
									__eax = _v592;
									__eax = _v592 + 1;
									__eflags = __eax;
									_v592 = __eax;
									continue;
								} else {
									__edx = _a8 & 0x000000ff;
									__eax = _v592 * 6;
									__ecx =  *(__eax + 0x415cf4) & 0x000000ff;
									__eflags = (_a8 & 0x000000ff) - ( *(__eax + 0x415cf4) & 0x000000ff);
									if((_a8 & 0x000000ff) != ( *(__eax + 0x415cf4) & 0x000000ff)) {
										goto L80;
									} else {
										__edx = _v592;
										__ecx = _v552;
										__eax = E001627F0(__ecx, _v592);
									}
								}
								break;
							}
							goto L100;
						case 8:
							_v556 = 8;
							_v596 = 0;
							while(1) {
								__ecx = _v596;
								__eflags = __ecx -  *0x415cd4;
								if(__ecx >=  *0x415cd4) {
									break;
								}
								__edx = _a7 & 0x000000ff;
								__eax = _v596 * 6;
								__ecx =  *(__eax + 0x415cdb) & 0x000000ff;
								__eflags = (_a7 & 0x000000ff) - ( *(__eax + 0x415cdb) & 0x000000ff);
								if((_a7 & 0x000000ff) != ( *(__eax + 0x415cdb) & 0x000000ff)) {
									L88:
									__eax = _v596;
									__eax = _v596 + 1;
									__eflags = __eax;
									_v596 = __eax;
									continue;
								} else {
									__edx = _a8 & 0x000000ff;
									__eax = _v596 * 6;
									__ecx =  *(__eax + 0x415cdc) & 0x000000ff;
									__eflags = (_a8 & 0x000000ff) - ( *(__eax + 0x415cdc) & 0x000000ff);
									if((_a8 & 0x000000ff) != ( *(__eax + 0x415cdc) & 0x000000ff)) {
										goto L88;
									} else {
										__edx = _v596;
										__ecx = _v552;
										__eax = E00162850(__ecx, _v596);
									}
								}
								break;
							}
							goto L100;
						case 9:
							_v556 = 9;
							__esi = _a7 & 0x000000ff;
							__ecx = _v552;
							__eax = E00162910(_v552);
							__eflags = (_a7 & 0x000000ff) - __eax;
							if((_a7 & 0x000000ff) > __eax) {
								__ecx = _v552;
								__eax = E001628B0(_v552, 0xffffffff);
								__ecx = _v552;
								__eax = E00162940(_v552, 0xffffffff);
							} else {
								__eax = _a7 & 0x000000ff;
								__ecx = _v552;
								__eax = E001628B0(_v552, _a7 & 0x000000ff);
								__ecx = _a8 & 0x000000ff;
								__ecx = _v552;
								__eax = E00162940(_v552, _a8 & 0x000000ff);
							}
							__ecx = _v552;
							__eax = E001629A0(__ecx, 0);
							goto L100;
						case 0xa:
							_v556 = 9;
							__esi = _a7 & 0x000000ff;
							__ecx = _v552;
							__eax = E00162910(_v552);
							__eflags = (_a7 & 0x000000ff) - __eax;
							if((_a7 & 0x000000ff) > __eax) {
								__ecx = _v552;
								__eax = E001628B0(_v552, 0xffffffff);
								__ecx = _v552;
								__eax = E00162940(_v552, 0xffffffff);
								__ecx = _v552;
								__eax = E001629A0(_v552, 0);
							} else {
								__edx = _a7 & 0x000000ff;
								__ecx = _v552;
								__eax = E001628B0(_v552, _a7 & 0x000000ff);
								__ecx = _v552;
								__eax = E001629A0(_v552, 1);
							}
							__ecx =  &_v548;
							__imp__??0CDuiString@DuiLib@@QAE@XZ();
							_v8 = 3;
							__eax = _a8 & 0x000000ff;
							_push(__eax);
							_push(L"%d");
							__ecx =  &_v548;
							_push( &_v548);
							__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ();
							__esp = __esp + 0xc;
							__esp = __esp - 0x84;
							__ecx = __esp;
							_v712 = __esp;
							__edx =  &_v548;
							__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
							_v716 = __eax;
							__ecx = _v552;
							__eax = L001629E0( &_v548);
							__ecx = _v552;
							__eax = E00162940(_v552, 4);
							_v8 = 0xffffffff;
							__ecx =  &_v548;
							__imp__??1CDuiString@DuiLib@@QAE@XZ();
							goto L100;
						case 0xb:
							_v556 = 0xa;
							__eax = _a7 & 0x000000ff;
							__ecx = _v552;
							__eax = E00162AA0(__ecx, _a7 & 0x000000ff);
							goto L100;
						case 0xc:
							_v556 = 0xb;
							goto L100;
						case 0xd:
							goto L100;
					}
				}
				L100:
				_v604 = E00162B60(_v552, _v556);
				if(_v604 == 0xffffffff) {
					E00161F10(_v552, 0);
				} else {
					E00161F10(_v552, 1);
					E00161F50(_v552, _v604);
					E00161FB0(_v552, _v556);
				}
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t344);
			}



























































0x00161203
0x00161205
0x00161210
0x00161217
0x0016121c
0x0016121e
0x00161222
0x00161226
0x0016122c
0x00161232
0x00161240
0x00161246
0x0016126a
0x0016126c
0x0016126c
0x0016127c
0x0016128c
0x00161298
0x0016129f
0x00000000
0x001612a6
0x00000000
0x00000000
0x001612b5
0x001612bf
0x001612da
0x001612da
0x001612e0
0x001612e6
0x00000000
0x00000000
0x001612e8
0x001612f3
0x001612f3
0x001612fa
0x001612fc
0x00161328
0x001612cb
0x001612d1
0x001612d1
0x001612d4
0x00000000
0x001612fe
0x001612fe
0x00161309
0x00161309
0x00161310
0x00161312
0x00000000
0x00161314
0x00161314
0x0016131b
0x00161321
0x00161321
0x00161312
0x00000000
0x001612fc
0x00000000
0x00000000
0x0016132f
0x00161339
0x0016133f
0x00161345
0x00161350
0x00161353
0x00161359
0x0016135f
0x00161360
0x00161365
0x0016136b
0x0016136c
0x00161372
0x00161375
0x0016137b
0x0016137d
0x00161383
0x0016138a
0x00161390
0x00161396
0x0016139c
0x001613a5
0x001613a8
0x001613ae
0x001613b4
0x001613b5
0x001613ba
0x001613c0
0x001613c1
0x001613c7
0x001613ca
0x001613d0
0x001613d2
0x001613d8
0x001613df
0x001613e5
0x001613eb
0x001613f6
0x001613fa
0x001613fd
0x001613ff
0x00161465
0x00161469
0x0016146a
0x0016146f
0x00161475
0x00161476
0x0016147c
0x0016147f
0x00161485
0x00161487
0x0016148d
0x00161494
0x0016149a
0x001614a0
0x001614a6
0x001614ad
0x001614b3
0x00161401
0x00161405
0x00161408
0x0016140e
0x00161414
0x00161415
0x0016141a
0x00161420
0x00161421
0x00161427
0x0016142a
0x00161430
0x00161432
0x00161438
0x0016143f
0x00161445
0x0016144b
0x00161451
0x00161458
0x0016145e
0x0016145e
0x001614b8
0x001614bf
0x001614c5
0x00000000
0x00000000
0x001614d0
0x001614da
0x001614e0
0x001614e6
0x001614f1
0x001614f4
0x001614fa
0x00161500
0x00161501
0x00161506
0x0016150c
0x0016150d
0x00161513
0x00161516
0x0016151c
0x0016151e
0x00161524
0x0016152b
0x00161531
0x00161537
0x0016153d
0x00161546
0x00161549
0x0016154f
0x00161555
0x00161556
0x0016155b
0x00161561
0x00161562
0x00161568
0x0016156b
0x00161571
0x00161573
0x00161579
0x00161580
0x00161586
0x0016158c
0x00161597
0x0016159b
0x0016159e
0x001615a0
0x00161617
0x0016161b
0x0016161c
0x00161621
0x00161627
0x00161628
0x0016162e
0x00161631
0x00161637
0x00161639
0x0016163f
0x00161646
0x0016164c
0x00161652
0x00161658
0x0016165f
0x00161665
0x001615a2
0x001615a6
0x001615a9
0x001615b4
0x001615ba
0x001615c0
0x001615c6
0x001615c7
0x001615cc
0x001615d2
0x001615d3
0x001615d9
0x001615dc
0x001615e2
0x001615e4
0x001615ea
0x001615f1
0x001615f7
0x001615fd
0x00161603
0x0016160a
0x00161610
0x00161610
0x0016166a
0x00161671
0x00161677
0x00000000
0x00000000
0x00161682
0x0016168c
0x001616a7
0x001616a7
0x001616ad
0x001616b3
0x00000000
0x00000000
0x001616b5
0x001616c0
0x001616c0
0x001616c7
0x001616c9
0x001616f5
0x00161698
0x0016169e
0x0016169e
0x001616a1
0x00000000
0x001616cb
0x001616cb
0x001616d6
0x001616d6
0x001616dd
0x001616df
0x00000000
0x001616e1
0x001616e1
0x001616e8
0x001616ee
0x001616ee
0x001616df
0x00000000
0x001616c9
0x00000000
0x00000000
0x001616fc
0x00161706
0x0016170c
0x00161712
0x00161719
0x0016171d
0x0016171e
0x00161723
0x00161729
0x0016172a
0x00161730
0x00161733
0x00161739
0x0016173b
0x00161741
0x00161748
0x0016174e
0x00161754
0x0016175a
0x0016175f
0x00161763
0x00161764
0x00161769
0x0016176f
0x00161770
0x00161776
0x00161779
0x0016177f
0x00161781
0x00161787
0x0016178e
0x00161794
0x0016179a
0x001617a0
0x001617a5
0x001617ac
0x001617b2
0x00000000
0x00000000
0x001617c7
0x001617d1
0x001617d5
0x001617d7
0x001618fe
0x001618fe
0x00161902
0x00161905
0x00161aaf
0x00161aaf
0x00161aca
0x00161aca
0x00161ad0
0x00161ad6
0x00000000
0x00000000
0x00161ad8
0x00161adc
0x00161ae3
0x00161aea
0x00161aec
0x00161b18
0x00161abb
0x00161ac1
0x00161ac1
0x00161ac4
0x00000000
0x00161aee
0x00161aee
0x00161af2
0x00161af9
0x00161b00
0x00161b02
0x00000000
0x00161b04
0x00161b04
0x00161b0b
0x00161b11
0x00161b11
0x00161b02
0x00000000
0x00161aec
0x00161b1a
0x0016190b
0x0016190b
0x0016190f
0x00161914
0x00000000
0x0016191a
0x0016191a
0x0016191e
0x00161921
0x00000000
0x00161927
0x00161927
0x00161931
0x0016193b
0x00161956
0x00161956
0x0016195d
0x00000000
0x00000000
0x0016195f
0x00161963
0x0016196a
0x00161971
0x00161973
0x001619a8
0x00161947
0x0016194d
0x0016194d
0x00161950
0x00000000
0x00161975
0x00161975
0x0016197c
0x00161983
0x00161985
0x00000000
0x00161987
0x00161987
0x0016198e
0x00161995
0x00161998
0x00000000
0x0016199a
0x0016199a
0x001619a0
0x001619a0
0x00161998
0x00161985
0x00000000
0x00161973
0x001619aa
0x001619b1
0x001619cc
0x001619cf
0x001619d5
0x001619db
0x001619dc
0x001619e1
0x001619e1
0x001619e1
0x001619e3
0x001619e5
0x001619eb
0x001619ec
0x001619f1
0x001619f1
0x001619f1
0x001619f3
0x001619f3
0x001619f5
0x001619fb
0x00161a02
0x00161a08
0x001619b3
0x001619b3
0x001619b9
0x001619bf
0x001619bf
0x00161a0d
0x00161a28
0x00161a28
0x00161a2e
0x00161a34
0x00000000
0x00000000
0x00161a36
0x00161a3a
0x00161a41
0x00161a48
0x00161a4a
0x00161aa8
0x00161a19
0x00161a1f
0x00161a1f
0x00161a22
0x00000000
0x00161a4c
0x00161a4c
0x00161a53
0x00161a5a
0x00161a5c
0x00000000
0x00161a5e
0x00161a5e
0x00161a65
0x00161a6c
0x00161a6f
0x00000000
0x00161a71
0x00161a71
0x00161a77
0x00161a79
0x00161a7f
0x00161a81
0x00161a87
0x00161a8f
0x00161a95
0x00161a9b
0x00161aa1
0x00161aa1
0x00161a6f
0x00161a5c
0x00000000
0x00161a4a
0x00161aad
0x00161921
0x00161914
0x001617dd
0x001617dd
0x001617e1
0x001617e3
0x00000000
0x001617e9
0x001617e9
0x001617f3
0x0016180e
0x0016180e
0x00161814
0x0016181a
0x00000000
0x00000000
0x0016181c
0x00161820
0x00161827
0x0016182e
0x00161830
0x0016188c
0x001617ff
0x00161805
0x00161805
0x00161808
0x00000000
0x00161832
0x00161832
0x00161836
0x0016183d
0x00161844
0x00161846
0x00000000
0x00161848
0x0016184a
0x00161850
0x00161855
0x0016185b
0x0016185d
0x00161863
0x00161865
0x0016186b
0x00161873
0x00161879
0x0016187f
0x00161885
0x00161885
0x00161846
0x00000000
0x00161830
0x00161891
0x00161897
0x0016189d
0x001618a1
0x001618a7
0x001618ac
0x001618b2
0x001618b4
0x001618ba
0x001618c1
0x001618c7
0x001618cd
0x001618d3
0x001618d8
0x001618dc
0x001618e0
0x001618e6
0x001618e6
0x001618ec
0x001618ef
0x001618f5
0x001618f5
0x001618f9
0x001617e3
0x00000000
0x00000000
0x00161b38
0x00161b42
0x00161b5d
0x00161b5d
0x00161b63
0x00161b69
0x00000000
0x00000000
0x00161b6b
0x00161b6f
0x00161b76
0x00161b7d
0x00161b7f
0x00161bab
0x00161b4e
0x00161b54
0x00161b54
0x00161b57
0x00000000
0x00161b81
0x00161b81
0x00161b85
0x00161b8c
0x00161b93
0x00161b95
0x00000000
0x00161b97
0x00161b97
0x00161b9e
0x00161ba4
0x00161ba4
0x00161b95
0x00000000
0x00161b7f
0x00000000
0x00000000
0x00161bb2
0x00161bbc
0x00161bd7
0x00161bd7
0x00161bdd
0x00161be3
0x00000000
0x00000000
0x00161be5
0x00161be9
0x00161bf0
0x00161bf7
0x00161bf9
0x00161c25
0x00161bc8
0x00161bce
0x00161bce
0x00161bd1
0x00000000
0x00161bfb
0x00161bfb
0x00161bff
0x00161c06
0x00161c0d
0x00161c0f
0x00000000
0x00161c11
0x00161c11
0x00161c18
0x00161c1e
0x00161c1e
0x00161c0f
0x00000000
0x00161bf9
0x00000000
0x00000000
0x00161c36
0x00161c40
0x00161c44
0x00161c4a
0x00161c4f
0x00161c51
0x00161c77
0x00161c7d
0x00161c84
0x00161c8a
0x00161c53
0x00161c53
0x00161c58
0x00161c5e
0x00161c63
0x00161c68
0x00161c6e
0x00161c6e
0x00161c91
0x00161c97
0x00000000
0x00000000
0x00161ca1
0x00161cab
0x00161caf
0x00161cb5
0x00161cba
0x00161cbc
0x00161cdf
0x00161ce5
0x00161cec
0x00161cf2
0x00161cf9
0x00161cff
0x00161cbe
0x00161cbe
0x00161cc3
0x00161cc9
0x00161cd0
0x00161cd6
0x00161cd6
0x00161d04
0x00161d0a
0x00161d10
0x00161d17
0x00161d1b
0x00161d1c
0x00161d21
0x00161d27
0x00161d28
0x00161d2e
0x00161d31
0x00161d37
0x00161d39
0x00161d3f
0x00161d46
0x00161d4c
0x00161d52
0x00161d58
0x00161d5f
0x00161d65
0x00161d6a
0x00161d71
0x00161d77
0x00000000
0x00000000
0x00161d7f
0x00161d89
0x00161d8e
0x00161d94
0x00000000
0x00000000
0x00161d9d
0x00000000
0x00000000
0x00000000
0x00000000
0x0016129f
0x00161da7
0x00161db9
0x00161dc6
0x00161e03
0x00161dc8
0x00161dd0
0x00161de2
0x00161df4
0x00161df4
0x00161e0b
0x00161e21

Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$ComboEmpty@Item1@SelectV01@@
  • String ID:
  • API String ID: 2784350470-0
  • Opcode ID: 345921bb2c4f09f081fc83082b1f474796eb8c278f3fe07ad90167a9d4308237
  • Instruction ID: 788a256fed72e633fc4d0fb68991be7146fadd6d426d875edb4ea0c1e8b4e298
  • Opcode Fuzzy Hash: 345921bb2c4f09f081fc83082b1f474796eb8c278f3fe07ad90167a9d4308237
  • Instruction Fuzzy Hash: B8E1AF71900268ABCB28EF64DD9DBECB7B5BB88301F0481D9E51DA6290DB345F94CF40
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 33%
			E0015AD50(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v16;
				signed int _v20;
				void* _v152;
				char _v284;
				char _v416;
				char _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				char _v560;
				WCHAR* _v564;
				WCHAR* _v568;
				WCHAR* _v572;
				WCHAR* _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				intOrPtr _v608;
				intOrPtr _v612;
				char _v636;
				signed int _t98;
				signed int _t99;
				intOrPtr _t101;
				void* _t109;
				WCHAR* _t120;
				WCHAR* _t121;
				void* _t125;
				intOrPtr _t126;
				void* _t134;
				intOrPtr _t142;
				void* _t202;
				void* _t203;
				signed int _t204;
				void* _t205;
				void* _t206;
				intOrPtr _t207;
				intOrPtr _t208;
				intOrPtr _t210;
				void* _t215;

				_t215 = __fp0;
				_t203 = __esi;
				_t202 = __edi;
				_t134 = __ebx;
				_push(0xffffffff);
				_push(0x3713c6);
				_push( *[fs:0x0]);
				_t206 = _t205 - 0x26c;
				_t98 =  *0x414f64; // 0x48591883
				_t99 = _t98 ^ _t204;
				_v20 = _t99;
				_push(_t99);
				 *[fs:0x0] =  &_v16;
				_v552 = __ecx;
				_t101 = _v552;
				if( *((intOrPtr*)(_t101 + 0xab8)) == 0) {
					__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v552, L"device_profile_combo");
					 *((intOrPtr*)(_v552 + 0xab8)) = _t101;
				}
				if( *((intOrPtr*)(_v552 + 0xab8)) != 0) {
					_v556 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v552 + 0xab8)) + 0x840)) + 8))))();
					__eflags = _v556 - 0xffffffff;
					if(_v556 != 0xffffffff) {
						_t109 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v552 + 0xab8)) + 0x6f0)) + 0xc))))();
						__eflags = _t109 - 1;
						if(_t109 > 1) {
							_v560 = 0xffffffff;
							__eflags = _v556;
							if(__eflags != 0) {
								_t142 = _v556 - 1;
								__eflags = _t142;
								_v560 = _t142;
							} else {
								_v560 = 0;
							}
							__imp__??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z(L"ProfileList.ini");
							_v8 = 0;
							_t207 = _t206 - 0x18;
							_v584 = _t207;
							_v588 = E0019E920(_t134, _v552 + 0xa98, _t202, _t203, __eflags, _t207,  &_v284);
							E00207520(_v552 + 0xa80,  &_v284);
							E00206EC0();
							_v8 = 1;
							E00208860(E00208830(_v552 + 0xa80, "profilelist"),  &_v636, _v556,  &_v636);
							__imp__??0CDuiString@DuiLib@@QAE@XZ();
							_v8 = 2;
							_t208 = _t207 - 0x18;
							_v592 = _t208;
							_v596 = L00207760(_t134, E00208830( &_v636, "profileUUID"), _t202, _t203, _t215, _t208);
							_v564 = E00198100(__eflags,  &_v548, 0);
							_t120 = _v564;
							_v568 = _t120;
							_v8 = 3;
							__imp__??HCDuiString@DuiLib@@QBE?AV01@ABV01@@Z( &_v416, _v568);
							_v572 = _t120;
							_t121 = _v572;
							_v576 = _t121;
							_v8 = 4;
							__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z();
							_v8 = 3;
							__imp__??1CDuiString@DuiLib@@QAE@XZ();
							_v8 = 2;
							__imp__??1CDuiString@DuiLib@@QAE@XZ();
							__imp__??BCDuiString@DuiLib@@QBEPB_WXZ();
							DeleteFileW(_t121);
							_t210 = _t208 + 0x1c - 0x18;
							_v600 = _t210;
							_v580 = E00206FB0(_t210, _v560, _v560);
							_v604 = _v580;
							_v8 = 5;
							_t125 = E00208830(_v552 + 0xa80, "profileselect");
							_v8 = 2;
							_t126 = E00207520(_t125, _v576);
							_v608 = _t210 - 0x84;
							__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z( &_v284, _v552 + 0xa80);
							_v612 = _t126;
							L0019E820(_t134, _v552 + 0xa98, _t202, _t203, __eflags);
							__eflags =  *((intOrPtr*)(_v552 + 0xab8)) + 0x6f0;
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v552 + 0xab8)) + 0x6f0)) + 0x1c))))(_v556);
							_v8 = 1;
							__imp__??1CDuiString@DuiLib@@QAE@XZ();
							_v8 = 0;
							E002073E0( &_v636);
							_v8 = 0xffffffff;
							__imp__??1CDuiString@DuiLib@@QAE@XZ();
						}
					}
				}
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t204);
			}














































0x0015ad50
0x0015ad50
0x0015ad50
0x0015ad50
0x0015ad53
0x0015ad55
0x0015ad60
0x0015ad61
0x0015ad67
0x0015ad6c
0x0015ad6e
0x0015ad71
0x0015ad75
0x0015ad7b
0x0015ad81
0x0015ad8e
0x0015ada5
0x0015adb1
0x0015adb1
0x0015adc4
0x0015adf5
0x0015adfb
0x0015ae02
0x0015ae30
0x0015ae32
0x0015ae35
0x0015ae3c
0x0015ae46
0x0015ae4d
0x0015ae61
0x0015ae61
0x0015ae64
0x0015ae4f
0x0015ae4f
0x0015ae4f
0x0015ae82
0x0015ae88
0x0015ae8f
0x0015ae94
0x0015aeb3
0x0015aec5
0x0015aed2
0x0015aed7
0x0015af01
0x0015af0c
0x0015af12
0x0015af16
0x0015af1b
0x0015af39
0x0015af4e
0x0015af54
0x0015af5a
0x0015af60
0x0015af7e
0x0015af84
0x0015af8a
0x0015af90
0x0015af96
0x0015afa7
0x0015afad
0x0015afb7
0x0015afbd
0x0015afc7
0x0015afd3
0x0015afda
0x0015afe0
0x0015afe5
0x0015aff7
0x0015b003
0x0015b009
0x0015b01e
0x0015b023
0x0015b029
0x0015b043
0x0015b050
0x0015b056
0x0015b068
0x0015b08c
0x0015b09b
0x0015b09d
0x0015b0a7
0x0015b0ad
0x0015b0b7
0x0015b0bc
0x0015b0c9
0x0015b0c9
0x0015ae35
0x0015ae02
0x0015b0d2
0x0015b0e7

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_profile_combo), ref: 0015ADA5
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Control$FindI@2@Lib@@ManagerName@PaintV32@
  • String ID: ProfileList.ini$device_profile_combo$profileUUID$profilelist$profileselect
  • API String ID: 1102601444-2237385920
  • Opcode ID: 7336b462288aa838aa1453468b390695e05dbf3e294bfd9321103fc956bd592a
  • Instruction ID: 31180fb94b21df3c7c2a503fd152fc99eb55776d6ab20418ff8a09759eefac74
  • Opcode Fuzzy Hash: 7336b462288aa838aa1453468b390695e05dbf3e294bfd9321103fc956bd592a
  • Instruction Fuzzy Hash: A7A14C30A00219DFDB54EB68DD99BEDB7B5EF49304F1442E9D40AA7292DB346E84CF41
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(click,000000FF,48591883), ref: 001533C1
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D8344,000000FF), ref: 001533DA
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(itemselect,000000FF), ref: 0015343B
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D8360,000000FF), ref: 00153451
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(selectchanged,000000FF), ref: 001534B0
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D8380,000000FF), ref: 001534C6
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(windowinit,000000FF), ref: 00153525
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D839C,000000FF), ref: 0015353B
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(valuechanged,000000FF), ref: 00153599
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D83BC,000000FF), ref: 001535AF
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D83C0,000000FF), ref: 0015360E
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D83C4,000000FF), ref: 00153624
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$__onexit
  • String ID: click$itemselect$selectchanged$valuechanged$windowinit
  • API String ID: 2284767783-1599838986
  • Opcode ID: 146f7bae80e87d07028e4c02407a6d99a8d4277057da135a89cd5b11b4a64112
  • Instruction ID: ac5743b6fe6dc49b4a743f037cbfab442f4baa404c5b6c3c44646af513a5ee22
  • Opcode Fuzzy Hash: 146f7bae80e87d07028e4c02407a6d99a8d4277057da135a89cd5b11b4a64112
  • Instruction Fuzzy Hash: 8F8136B4A06349DFCB10CF98E85879DBBB0BB48324F60826EE425673E4CB781945CF54
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 53%
			E0015CF20(intOrPtr __ecx, signed int _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _t437;
				intOrPtr _t438;
				intOrPtr _t439;
				intOrPtr _t440;
				intOrPtr _t441;
				intOrPtr _t442;
				intOrPtr _t443;
				intOrPtr _t444;

				_v8 = __ecx;
				_t437 = _v8;
				if( *((intOrPtr*)(_t437 + 0xae0)) == 0) {
					__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"cursor_Op_tab");
					 *((intOrPtr*)(_v8 + 0xae0)) = _t437;
				}
				if( *((intOrPtr*)(_v8 + 0xae0)) != 0) {
					_t438 = _v8;
					if( *((intOrPtr*)(_t438 + 0xad8)) == 0) {
						__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"macro_Op_tab");
						 *((intOrPtr*)(_v8 + 0xad8)) = _t438;
					}
					if( *((intOrPtr*)(_v8 + 0xad8)) != 0) {
						_t439 = _v8;
						if( *((intOrPtr*)(_t439 + 0xadc)) == 0) {
							__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"system_Op_tab");
							 *((intOrPtr*)(_v8 + 0xadc)) = _t439;
						}
						if( *((intOrPtr*)(_v8 + 0xadc)) != 0) {
							_t440 = _v8;
							if( *((intOrPtr*)(_t440 + 0xad4)) == 0) {
								__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"key_Op_tab");
								 *((intOrPtr*)(_v8 + 0xad4)) = _t440;
							}
							if( *((intOrPtr*)(_v8 + 0xad4)) != 0) {
								_t441 = _v8;
								if( *((intOrPtr*)(_t441 + 0xad0)) == 0) {
									__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_Op_tab");
									 *((intOrPtr*)(_v8 + 0xad0)) = _t441;
								}
								if( *((intOrPtr*)(_v8 + 0xad0)) != 0) {
									_t442 = _v8;
									if( *((intOrPtr*)(_t442 + 0xae4)) == 0) {
										__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"6533_voice_Op_tab");
										 *((intOrPtr*)(_v8 + 0xae4)) = _t442;
									}
									if( *((intOrPtr*)(_v8 + 0xae4)) != 0) {
										_t443 = _v8;
										if( *((intOrPtr*)(_t443 + 0xae8)) == 0) {
											__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"magic_Op_tab");
											 *((intOrPtr*)(_v8 + 0xae8)) = _t443;
										}
										if( *((intOrPtr*)(_v8 + 0xae8)) != 0) {
											_t444 = _v8;
											if( *((intOrPtr*)(_t444 + 0xaec)) == 0) {
												__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"Virtual7.1_Op_tab");
												 *((intOrPtr*)(_v8 + 0xaec)) = _t444;
											}
											if( *((intOrPtr*)(_v8 + 0xaec)) != 0) {
												_v12 = _a4;
												_v12 = _v12 - 1;
												if(_v12 > 7) {
													 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xad0)))) + 0x1c0))))(0, 0);
													 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xad4)))) + 0x1c0))))(0, 0);
													 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xad8)))) + 0x1c0))))(0, 0);
													 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xadc)))) + 0x1c0))))(0, 0);
													 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xae0)))) + 0x1c0))))(0, 0);
													 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xae4)))) + 0x1c0))))(0, 0);
													return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xae8)))) + 0x1c0))))(0, 0);
												}
												switch( *((intOrPtr*)(_v12 * 4 +  &M0015DA34))) {
													case 0:
														_push(0);
														_push(1);
														 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xad0)))) + 0x1c0))))();
														_push(0);
														_push(0);
														 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xad4)))) + 0x1c0))))();
														_push(0);
														_push(0);
														 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xad8)))) + 0x1c0))))();
														_push(0);
														_push(0);
														 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xadc)))) + 0x1c0))))();
														_push(0);
														_push(0);
														 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xae0)))) + 0x1c0))))();
														_push(0);
														_push(0);
														 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xae4)))) + 0x1c0))))();
														_push(0);
														_push(0);
														 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xae8)))) + 0x1c0))))();
														_push(0);
														_push(0);
														return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xaec)))) + 0x1c0))))();
													case 1:
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(1);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xadc))));
														__ecx =  *((intOrPtr*)(_v8 + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xaec));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xaec))));
														__ecx =  *((intOrPtr*)(_v8 + 0xaec));
														return __eax;
													case 2:
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(1);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xadc))));
														__ecx =  *((intOrPtr*)(_v8 + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xaec));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xaec))));
														__ecx =  *((intOrPtr*)(_v8 + 0xaec));
														return __eax;
													case 3:
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(1);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xadc))));
														__ecx =  *((intOrPtr*)(_v8 + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xaec));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xaec))));
														__ecx =  *((intOrPtr*)(_v8 + 0xaec));
														return __eax;
													case 4:
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xadc))));
														__ecx =  *((intOrPtr*)(_v8 + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(1);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xaec));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xaec))));
														__ecx =  *((intOrPtr*)(_v8 + 0xaec));
														return __eax;
													case 5:
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xadc))));
														__ecx =  *((intOrPtr*)(_v8 + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(1);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xaec));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xaec))));
														__ecx =  *((intOrPtr*)(_v8 + 0xaec));
														return __eax;
													case 6:
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xadc))));
														__ecx =  *((intOrPtr*)(_v8 + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(1);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xaec));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xaec))));
														__ecx =  *((intOrPtr*)(_v8 + 0xaec));
														return __eax;
													case 7:
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xad8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xad8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xadc))));
														__ecx =  *((intOrPtr*)(_v8 + 0xadc));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae0))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae0));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae4))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae4));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(0);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xae8))));
														__ecx =  *((intOrPtr*)(_v8 + 0xae8));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0x1c0))))();
														_push(0);
														_push(1);
														__eax = _v8;
														__ecx =  *((intOrPtr*)(__eax + 0xaec));
														__eax =  *((intOrPtr*)( *((intOrPtr*)(__eax + 0xaec))));
														__ecx =  *((intOrPtr*)(_v8 + 0xaec));
														return __eax;
												}
											} else {
												return _t444;
											}
										} else {
											return _t443;
										}
									} else {
										return _t442;
									}
								} else {
									return _t441;
								}
							} else {
								return _t440;
							}
						} else {
							return _t439;
						}
					} else {
						return _t438;
					}
				} else {
					return _t437;
				}
			}













0x0015cf26
0x0015cf29
0x0015cf33
0x0015cf44
0x0015cf4d
0x0015cf4d
0x0015cf5d
0x0015cf64
0x0015cf6e
0x0015cf7f
0x0015cf88
0x0015cf88
0x0015cf98
0x0015cf9f
0x0015cfa9
0x0015cfba
0x0015cfc3
0x0015cfc3
0x0015cfd3
0x0015cfda
0x0015cfe4
0x0015cff5
0x0015cffe
0x0015cffe
0x0015d00e
0x0015d015
0x0015d01f
0x0015d030
0x0015d039
0x0015d039
0x0015d049
0x0015d050
0x0015d05a
0x0015d06b
0x0015d074
0x0015d074
0x0015d084
0x0015d08b
0x0015d095
0x0015d0a6
0x0015d0af
0x0015d0af
0x0015d0bf
0x0015d0c6
0x0015d0d0
0x0015d0e1
0x0015d0ea
0x0015d0ea
0x0015d0fa
0x0015d104
0x0015d10d
0x0015d114
0x0015d96a
0x0015d98a
0x0015d9aa
0x0015d9ca
0x0015d9ea
0x0015da0a
0x00000000
0x0015da2a
0x0015d11d
0x00000000
0x0015d124
0x0015d126
0x0015d142
0x0015d144
0x0015d146
0x0015d162
0x0015d164
0x0015d166
0x0015d182
0x0015d184
0x0015d186
0x0015d1a2
0x0015d1a4
0x0015d1a6
0x0015d1c2
0x0015d1c4
0x0015d1c6
0x0015d1e2
0x0015d1e4
0x0015d1e6
0x0015d202
0x0015d204
0x0015d206
0x00000000
0x00000000
0x0015d229
0x0015d22b
0x0015d22d
0x0015d230
0x0015d239
0x0015d23b
0x0015d247
0x0015d249
0x0015d24b
0x0015d24d
0x0015d250
0x0015d259
0x0015d25b
0x0015d267
0x0015d269
0x0015d26b
0x0015d26d
0x0015d270
0x0015d279
0x0015d27b
0x0015d287
0x0015d289
0x0015d28b
0x0015d28d
0x0015d290
0x0015d299
0x0015d29b
0x0015d2a7
0x0015d2a9
0x0015d2ab
0x0015d2ad
0x0015d2b0
0x0015d2b9
0x0015d2bb
0x0015d2c7
0x0015d2c9
0x0015d2cb
0x0015d2cd
0x0015d2d0
0x0015d2d9
0x0015d2db
0x0015d2e7
0x0015d2e9
0x0015d2eb
0x0015d2ed
0x0015d2f0
0x0015d2f9
0x0015d2fb
0x0015d307
0x0015d309
0x0015d30b
0x0015d30d
0x0015d310
0x0015d319
0x0015d31b
0x00000000
0x00000000
0x0015d32e
0x0015d330
0x0015d332
0x0015d335
0x0015d33e
0x0015d340
0x0015d34c
0x0015d34e
0x0015d350
0x0015d352
0x0015d355
0x0015d35e
0x0015d360
0x0015d36c
0x0015d36e
0x0015d370
0x0015d372
0x0015d375
0x0015d37e
0x0015d380
0x0015d38c
0x0015d38e
0x0015d390
0x0015d392
0x0015d395
0x0015d39e
0x0015d3a0
0x0015d3ac
0x0015d3ae
0x0015d3b0
0x0015d3b2
0x0015d3b5
0x0015d3be
0x0015d3c0
0x0015d3cc
0x0015d3ce
0x0015d3d0
0x0015d3d2
0x0015d3d5
0x0015d3de
0x0015d3e0
0x0015d3ec
0x0015d3ee
0x0015d3f0
0x0015d3f2
0x0015d3f5
0x0015d3fe
0x0015d400
0x0015d40c
0x0015d40e
0x0015d410
0x0015d412
0x0015d415
0x0015d41e
0x0015d420
0x00000000
0x00000000
0x0015d433
0x0015d435
0x0015d437
0x0015d43a
0x0015d443
0x0015d445
0x0015d451
0x0015d453
0x0015d455
0x0015d457
0x0015d45a
0x0015d463
0x0015d465
0x0015d471
0x0015d473
0x0015d475
0x0015d477
0x0015d47a
0x0015d483
0x0015d485
0x0015d491
0x0015d493
0x0015d495
0x0015d497
0x0015d49a
0x0015d4a3
0x0015d4a5
0x0015d4b1
0x0015d4b3
0x0015d4b5
0x0015d4b7
0x0015d4ba
0x0015d4c3
0x0015d4c5
0x0015d4d1
0x0015d4d3
0x0015d4d5
0x0015d4d7
0x0015d4da
0x0015d4e3
0x0015d4e5
0x0015d4f1
0x0015d4f3
0x0015d4f5
0x0015d4f7
0x0015d4fa
0x0015d503
0x0015d505
0x0015d511
0x0015d513
0x0015d515
0x0015d517
0x0015d51a
0x0015d523
0x0015d525
0x00000000
0x00000000
0x0015d538
0x0015d53a
0x0015d53c
0x0015d53f
0x0015d548
0x0015d54a
0x0015d556
0x0015d558
0x0015d55a
0x0015d55c
0x0015d55f
0x0015d568
0x0015d56a
0x0015d576
0x0015d578
0x0015d57a
0x0015d57c
0x0015d57f
0x0015d588
0x0015d58a
0x0015d596
0x0015d598
0x0015d59a
0x0015d59c
0x0015d59f
0x0015d5a8
0x0015d5aa
0x0015d5b6
0x0015d5b8
0x0015d5ba
0x0015d5bc
0x0015d5bf
0x0015d5c8
0x0015d5ca
0x0015d5d6
0x0015d5d8
0x0015d5da
0x0015d5dc
0x0015d5df
0x0015d5e8
0x0015d5ea
0x0015d5f6
0x0015d5f8
0x0015d5fa
0x0015d5fc
0x0015d5ff
0x0015d608
0x0015d60a
0x0015d616
0x0015d618
0x0015d61a
0x0015d61c
0x0015d61f
0x0015d628
0x0015d62a
0x00000000
0x00000000
0x0015d63d
0x0015d63f
0x0015d641
0x0015d644
0x0015d64d
0x0015d64f
0x0015d65b
0x0015d65d
0x0015d65f
0x0015d661
0x0015d664
0x0015d66d
0x0015d66f
0x0015d67b
0x0015d67d
0x0015d67f
0x0015d681
0x0015d684
0x0015d68d
0x0015d68f
0x0015d69b
0x0015d69d
0x0015d69f
0x0015d6a1
0x0015d6a4
0x0015d6ad
0x0015d6af
0x0015d6bb
0x0015d6bd
0x0015d6bf
0x0015d6c1
0x0015d6c4
0x0015d6cd
0x0015d6cf
0x0015d6db
0x0015d6dd
0x0015d6df
0x0015d6e1
0x0015d6e4
0x0015d6ed
0x0015d6ef
0x0015d6fb
0x0015d6fd
0x0015d6ff
0x0015d701
0x0015d704
0x0015d70d
0x0015d70f
0x0015d71b
0x0015d71d
0x0015d71f
0x0015d721
0x0015d724
0x0015d72d
0x0015d72f
0x00000000
0x00000000
0x0015d742
0x0015d744
0x0015d746
0x0015d749
0x0015d752
0x0015d754
0x0015d760
0x0015d762
0x0015d764
0x0015d766
0x0015d769
0x0015d772
0x0015d774
0x0015d780
0x0015d782
0x0015d784
0x0015d786
0x0015d789
0x0015d792
0x0015d794
0x0015d7a0
0x0015d7a2
0x0015d7a4
0x0015d7a6
0x0015d7a9
0x0015d7b2
0x0015d7b4
0x0015d7c0
0x0015d7c2
0x0015d7c4
0x0015d7c6
0x0015d7c9
0x0015d7d2
0x0015d7d4
0x0015d7e0
0x0015d7e2
0x0015d7e4
0x0015d7e6
0x0015d7e9
0x0015d7f2
0x0015d7f4
0x0015d800
0x0015d802
0x0015d804
0x0015d806
0x0015d809
0x0015d812
0x0015d814
0x0015d820
0x0015d822
0x0015d824
0x0015d826
0x0015d829
0x0015d832
0x0015d834
0x00000000
0x00000000
0x0015d847
0x0015d849
0x0015d84b
0x0015d84e
0x0015d857
0x0015d859
0x0015d865
0x0015d867
0x0015d869
0x0015d86b
0x0015d86e
0x0015d877
0x0015d879
0x0015d885
0x0015d887
0x0015d889
0x0015d88b
0x0015d88e
0x0015d897
0x0015d899
0x0015d8a5
0x0015d8a7
0x0015d8a9
0x0015d8ab
0x0015d8ae
0x0015d8b7
0x0015d8b9
0x0015d8c5
0x0015d8c7
0x0015d8c9
0x0015d8cb
0x0015d8ce
0x0015d8d7
0x0015d8d9
0x0015d8e5
0x0015d8e7
0x0015d8e9
0x0015d8eb
0x0015d8ee
0x0015d8f7
0x0015d8f9
0x0015d905
0x0015d907
0x0015d909
0x0015d90b
0x0015d90e
0x0015d917
0x0015d919
0x0015d925
0x0015d927
0x0015d929
0x0015d92b
0x0015d92e
0x0015d937
0x0015d939
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,cursor_Op_tab), ref: 0015CF44
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,macro_Op_tab), ref: 0015CF7F
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,system_Op_tab), ref: 0015CFBA
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,key_Op_tab), ref: 0015CFF5
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_Op_tab), ref: 0015D030
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,6533_voice_Op_tab), ref: 0015D06B
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,magic_Op_tab), ref: 0015D0A6
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,Virtual7.1_Op_tab), ref: 0015D0E1
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Control$FindI@2@Lib@@ManagerName@PaintV32@
  • String ID: 6533_voice_Op_tab$Virtual7.1_Op_tab$cursor_Op_tab$deng_Op_tab$key_Op_tab$macro_Op_tab$magic_Op_tab$system_Op_tab
  • API String ID: 1102601444-586036772
  • Opcode ID: 399f65ecf59b313a7a540ca7090e8b6880f0f312f74c7ce4b83bf6dc58a2b8f9
  • Instruction ID: d1b187885454ea98293fb055cc271502efd9a054db1ee309a914482a3595614c
  • Opcode Fuzzy Hash: 399f65ecf59b313a7a540ca7090e8b6880f0f312f74c7ce4b83bf6dc58a2b8f9
  • Instruction Fuzzy Hash: E5327438740204EFD704DB54C995FAAB3B2FB89700F2542E9E9066FBA5C771AE41DB81
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 50%
			E00156840(signed int __ecx, signed char _a4) {
				signed char _v5;
				signed int _v12;
				signed char _t115;
				signed char _t116;
				signed int _t123;
				intOrPtr _t125;
				signed int _t126;
				signed int _t130;
				signed char _t133;
				signed char _t135;
				void* _t148;
				signed int _t151;
				signed char _t154;

				_v12 = __ecx;
				if(( *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x128))))() & 0x000000ff) != 0 ||  *_a4 <= 8 ||  *_a4 >= 0x16) {
					if( *_a4 != 0x13) {
						if( *_a4 != 3 || ( *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x120))))() & 0x000000ff) == 0 || ( *(_a4 + 0x14) & 0x0000ffff) != 0xd) {
							if( *_a4 != 0xd) {
								_t115 = _a4;
								if( *_t115 != 0xe) {
									if( *_a4 != 9) {
										if( *_a4 != 0xb) {
											if( *_a4 != 0xa) {
												if( *_a4 != 0x1b) {
													_t116 = _a4;
													if( *_t116 != 0x14) {
														L43:
														if( *((intOrPtr*)(_v12 + 0x878)) == 0) {
															__imp__?DoEvent@CControlUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z(_a4);
															return _t116;
														}
														return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x878)))) + 0x18))))(_a4);
													}
													_t116 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0xfc))))();
													if((_t116 & 0x000000ff) == 0) {
														goto L43;
													}
													_t123 = _v12;
													__imp__?SendNotify@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@PB_WIJ_N@Z(_t123, L"menu",  *((intOrPtr*)(_a4 + 0x18)),  *((intOrPtr*)(_a4 + 0x1c)), 0);
													return _t123;
												}
												_t125 =  *((intOrPtr*)(_a4 + 0x18));
												__imp__?SendNotify@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@PB_WIJ_N@Z(_v12, L"timer", _t125,  *((intOrPtr*)(_a4 + 0x1c)), 0);
												return _t125;
											}
											_t126 = _v12;
											if(( *(_t126 + 0x874) & 0x00000008) != 0) {
												_t126 =  *(_v12 + 0x874) & 0xfffffff7;
												 *(_v12 + 0x874) = _t126;
												__imp__?Invalidate@CListContainerElementUI@DuiLib@@QAEXXZ();
											}
											return _t126;
										}
										_t130 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x120))))();
										if((_t130 & 0x000000ff) != 0) {
											_t130 =  *(_v12 + 0x874) | 0x00000008;
											 *(_v12 + 0x874) = _t130;
											__imp__?Invalidate@CListContainerElementUI@DuiLib@@QAEXXZ();
										}
										return _t130;
									}
									return _t115;
								}
								_t133 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x120))))();
								if((_t133 & 0x000000ff) != 0) {
									_t133 = _v12;
									__imp__?SendNotify@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@PB_WIJ_N@Z(_v12, L"itemclick", 0, 0, 0);
								}
								return _t133;
							}
							_t135 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x120))))();
							if((_t135 & 0x000000ff) != 0) {
								if((GetKeyState(0x11) & 0x00008000) == 0) {
									_t135 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x868)) + 0x14))))(1);
								} else {
									if(( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x868)) + 0x10))))() & 0x000000ff) != 0) {
										_v5 = 0;
									} else {
										_v5 = 1;
									}
									_t135 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x868)) + 0x18))))(_v5 & 0x000000ff);
								}
							}
							return _t135;
						} else {
							_t148 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x18))))();
							__imp__?Invalidate@CListContainerElementUI@DuiLib@@QAEXXZ();
							__imp__?SendNotify@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@PB_WIJ_N@Z(_v12, L"return", 0, 0, 0);
							return _t148;
						}
					}
					_t151 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x120))))() & 0x000000ff;
					if(_t151 != 0) {
						_t151 =  *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x18))))();
						__imp__?Invalidate@CListContainerElementUI@DuiLib@@QAEXXZ();
					}
					return _t151;
				} else {
					if( *((intOrPtr*)(_v12 + 0x878)) == 0) {
						_t154 = _a4;
						__imp__?DoEvent@CContainerUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z(_t154);
					} else {
						_t154 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x878)))) + 0x18))))(_a4);
					}
					return _t154;
				}
			}
















0x00156846
0x0015685e
0x001568b3
0x001568ed
0x0015694e
0x001569e2
0x001569e8
0x00156a27
0x00156a34
0x00156a76
0x00156aaf
0x00156ad8
0x00156ade
0x00156b1e
0x00156b28
0x00156b50
0x00000000
0x00156b50
0x00000000
0x00156b45
0x00156aee
0x00156af5
0x00000000
0x00000000
0x00156b0c
0x00156b16
0x00000000
0x00156b16
0x00156abd
0x00156ad0
0x00000000
0x00156ad0
0x00156a78
0x00156a84
0x00156a8f
0x00156a95
0x00156a9e
0x00156a9e
0x00000000
0x00156a84
0x00156a44
0x00156a4b
0x00156a56
0x00156a5c
0x00156a65
0x00156a65
0x00000000
0x00156a4b
0x00000000
0x00156a27
0x001569f8
0x001569ff
0x00156a10
0x00156a16
0x00156a16
0x00000000
0x001569ff
0x00156962
0x00156969
0x0015697c
0x001569db
0x0015697e
0x0015699a
0x001569a2
0x0015699c
0x0015699c
0x0015699c
0x001569c0
0x001569c0
0x0015697c
0x00000000
0x00156912
0x0015691d
0x00156922
0x0015693d
0x00000000
0x0015693d
0x001568ed
0x001568c5
0x001568ca
0x001568d7
0x001568dc
0x001568dc
0x00000000
0x00156870
0x0015687a
0x0015689b
0x001568a2
0x0015687c
0x00156897
0x00156897
0x00000000
0x0015687a

APIs
  • ?DoEvent@CContainerUI@DuiLib@@UAEXAAUtagTEventUI@2@@Z.DUILIB(?), ref: 001568A2
  • ?Invalidate@CListContainerElementUI@DuiLib@@QAEXXZ.DUILIB ref: 001568DC
  • ?Invalidate@CListContainerElementUI@DuiLib@@QAEXXZ.DUILIB ref: 00156922
  • ?SendNotify@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@PB_WIJ_N@Z.DUILIB(?,return,00000000,00000000,00000000), ref: 0015693D
  • GetKeyState.USER32(00000011), ref: 0015696D
  • ?SendNotify@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@PB_WIJ_N@Z.DUILIB(?,itemclick,00000000,00000000,00000000), ref: 00156A16
  • ?Invalidate@CListContainerElementUI@DuiLib@@QAEXXZ.DUILIB ref: 00156A65
  • ?Invalidate@CListContainerElementUI@DuiLib@@QAEXXZ.DUILIB ref: 00156A9E
  • ?SendNotify@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@PB_WIJ_N@Z.DUILIB(?,timer,?,?,00000000), ref: 00156AD0
  • ?SendNotify@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@PB_WIJ_N@Z.DUILIB(?,menu,?,?,00000000), ref: 00156B16
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$Container$ControlElementI@2@Invalidate@ListManagerNotify@PaintSend$EventEvent@I@2@@StateUtag
  • String ID: itemclick$menu$return$timer
  • API String ID: 4094319505-4118077888
  • Opcode ID: f90bac154fdcf799389f840145116ce0dbcef04b0b8abcf3c7dbf4b9bcf6a267
  • Instruction ID: 83a0c8d1cc55c62c9169b0ce47f66a179ae2d22eb51d77d4235a68987c6e7c5a
  • Opcode Fuzzy Hash: f90bac154fdcf799389f840145116ce0dbcef04b0b8abcf3c7dbf4b9bcf6a267
  • Instruction Fuzzy Hash: 66B1DC34600205EFCB09CF54C994AADBBB1FF89311F5581A8E9569F3A5DB31ED85CB80
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(click,000000FF,48591883), ref: 00152EB1
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D417C,000000FF), ref: 00152ECA
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(selectchanged,000000FF), ref: 00152F2B
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D419C,000000FF), ref: 00152F41
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(itemclick,000000FF), ref: 00152FA0
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D41B4,000000FF), ref: 00152FB6
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D41B8,000000FF), ref: 00153015
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D41BC,000000FF), ref: 0015302B
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$__onexit
  • String ID: zB$@{B$`|B$click$itemclick$selectchanged$|B
  • API String ID: 2284767783-1189294749
  • Opcode ID: 08489a5b07671b7d22f082db49950a4bd08be5b5c4623e5b2b7512ac76f6cde3
  • Instruction ID: d883148dd20151a8dc0d7802ce4e348952ee3f3591a186896cc4e2e187ca719b
  • Opcode Fuzzy Hash: 08489a5b07671b7d22f082db49950a4bd08be5b5c4623e5b2b7512ac76f6cde3
  • Instruction Fuzzy Hash: 5C5138B0A09309DBDB11CF94ED59B9DBBB0FB49324F6042AAE420673E0C77919458F58
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 65%
			E00165B40(intOrPtr* __ecx, signed int _a4) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr* _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr* _t249;
				intOrPtr* _t250;
				intOrPtr* _t251;
				intOrPtr* _t252;
				intOrPtr* _t253;

				_v8 = __ecx;
				_t249 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t249, L"deng_7color_check");
				_v16 = _t249;
				_t250 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"lighteffect_layout");
				_v12 = _t250;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_color_layout");
				_v20 = _t250;
				_t251 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t251, L"colorpallet_layout");
				_v24 = _t251;
				_t252 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_light_layout");
				_v28 = _t252;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_speed_layout");
				_v32 = _t252;
				_t253 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t253, L"deng_fx_layout");
				_v36 = _t253;
				E00164A90(_v8, 0);
				 *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x124))))(1);
				_v40 = _a4;
				if(_v40 > 9) {
					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x124))))(1);
					 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x124))))(0);
					return  *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x124))))(0);
				}
				switch( *((intOrPtr*)(_v40 * 4 +  &M00166154))) {
					case 0:
						_push(1);
						_t42 =  *_v12 + 0x124; // 0x907415ff
						 *((intOrPtr*)( *_t42))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x124))))();
						_push(1);
						return  *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x124))))();
					case 1:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						return E00164A90(_v8, 1);
					case 2:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						return E00164A90(_v8, 1);
					case 3:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						return E00164A90(_v8, 1);
					case 4:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						return E00164A90(_v8, 1);
					case 5:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 6:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 7:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 8:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						__eax = E00164A90(_v8, 1);
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
				}
			}

















0x00165b46
0x00165b4e
0x00165b58
0x00165b5e
0x00165b6a
0x00165b70
0x00165b76
0x00165b88
0x00165b8e
0x00165b96
0x00165ba0
0x00165ba6
0x00165bb2
0x00165bb8
0x00165bbe
0x00165bd0
0x00165bd6
0x00165bde
0x00165be8
0x00165bee
0x00165bf6
0x00165c0b
0x00165c10
0x00165c17
0x001660dd
0x001660ef
0x00166101
0x00166113
0x00166125
0x00166137
0x00000000
0x00166149
0x00165c20
0x00000000
0x00165c27
0x00165c31
0x00165c37
0x00165c39
0x00165c49
0x00165c4b
0x00165c5b
0x00165c5d
0x00165c6d
0x00165c6f
0x00165c7f
0x00165c81
0x00000000
0x00000000
0x00165eb0
0x00165eb2
0x00165eb5
0x00165eb7
0x00165ec0
0x00165ec2
0x00165ec4
0x00165ec7
0x00165ec9
0x00165ed2
0x00165ed4
0x00165ed6
0x00165ed9
0x00165edb
0x00165ee4
0x00165ee6
0x00165ee8
0x00165eeb
0x00165eed
0x00165ef6
0x00165ef8
0x00165efa
0x00165efd
0x00165eff
0x00165f08
0x00165f0a
0x00165f0c
0x00165f0f
0x00165f11
0x00165f1a
0x00165f1c
0x00165f1e
0x00165f21
0x00165f23
0x00165f2c
0x00165f30
0x00000000
0x00000000
0x00165d25
0x00165d27
0x00165d2a
0x00165d2c
0x00165d35
0x00165d37
0x00165d39
0x00165d3c
0x00165d3e
0x00165d47
0x00165d49
0x00165d4b
0x00165d4e
0x00165d50
0x00165d59
0x00165d5b
0x00165d5d
0x00165d60
0x00165d62
0x00165d6b
0x00165d6d
0x00165d6f
0x00165d72
0x00165d74
0x00165d7d
0x00165d7f
0x00165d81
0x00165d84
0x00165d86
0x00165d8f
0x00165d91
0x00165d93
0x00165d96
0x00165d98
0x00165da1
0x00165da5
0x00000000
0x00000000
0x00165db2
0x00165db4
0x00165db7
0x00165db9
0x00165dc2
0x00165dc4
0x00165dc6
0x00165dc9
0x00165dcb
0x00165dd4
0x00165dd6
0x00165dd8
0x00165ddb
0x00165ddd
0x00165de6
0x00165de8
0x00165dea
0x00165ded
0x00165def
0x00165df8
0x00165dfa
0x00165dfc
0x00165dff
0x00165e01
0x00165e0a
0x00165e0c
0x00165e0e
0x00165e11
0x00165e13
0x00165e1c
0x00165e1e
0x00165e20
0x00165e23
0x00165e25
0x00165e2e
0x00165e32
0x00000000
0x00000000
0x00165c98
0x00165c9a
0x00165c9d
0x00165c9f
0x00165ca8
0x00165caa
0x00165cac
0x00165caf
0x00165cb1
0x00165cba
0x00165cbc
0x00165cbe
0x00165cc1
0x00165cc3
0x00165ccc
0x00165cce
0x00165cd0
0x00165cd3
0x00165cd5
0x00165cde
0x00165ce0
0x00165ce2
0x00165ce5
0x00165ce7
0x00165cf0
0x00165cf2
0x00165cf4
0x00165cf7
0x00165cf9
0x00165d02
0x00165d04
0x00165d06
0x00165d09
0x00165d0b
0x00165d14
0x00165d18
0x00000000
0x00000000
0x00165e3f
0x00165e41
0x00165e44
0x00165e46
0x00165e4f
0x00165e51
0x00165e53
0x00165e56
0x00165e58
0x00165e61
0x00165e63
0x00165e65
0x00165e68
0x00165e6a
0x00165e73
0x00165e75
0x00165e77
0x00165e7a
0x00165e7c
0x00165e85
0x00165e87
0x00165e89
0x00165e8c
0x00165e8e
0x00165e97
0x00165e99
0x00165e9b
0x00165e9e
0x00165ea0
0x00165ea9
0x00000000
0x00000000
0x00165f3d
0x00165f3f
0x00165f42
0x00165f44
0x00165f4d
0x00165f4f
0x00165f51
0x00165f54
0x00165f56
0x00165f5f
0x00165f61
0x00165f63
0x00165f66
0x00165f68
0x00165f71
0x00165f73
0x00165f75
0x00165f78
0x00165f7a
0x00165f83
0x00165f85
0x00165f87
0x00165f8a
0x00165f8c
0x00165f95
0x00165f97
0x00165f99
0x00165f9c
0x00165f9e
0x00165fa7
0x00165fa9
0x00165fab
0x00165fae
0x00165fb0
0x00165fb9
0x00000000
0x00000000
0x00165fc0
0x00165fc2
0x00165fc5
0x00165fc7
0x00165fd0
0x00165fd2
0x00165fd4
0x00165fd7
0x00165fd9
0x00165fe2
0x00165fe4
0x00165fe6
0x00165fe9
0x00165feb
0x00165ff4
0x00165ff6
0x00165ff8
0x00165ffb
0x00165ffd
0x00166006
0x00166008
0x0016600a
0x0016600d
0x0016600f
0x00166018
0x0016601a
0x0016601c
0x0016601f
0x00166021
0x0016602a
0x0016602c
0x0016602e
0x00166031
0x00166033
0x0016603c
0x00000000
0x00000000
0x00166043
0x00166045
0x00166048
0x0016604a
0x00166053
0x00166055
0x00166057
0x0016605a
0x0016605c
0x00166065
0x00166067
0x00166069
0x0016606c
0x0016606e
0x00166077
0x00166079
0x0016607b
0x0016607e
0x00166080
0x00166089
0x0016608b
0x0016608d
0x00166090
0x00166092
0x0016609b
0x0016609d
0x0016609f
0x001660a2
0x001660a4
0x001660ad
0x001660b1
0x001660b4
0x001660b9
0x001660bb
0x001660be
0x001660c0
0x001660c9
0x00000000
0x00000000

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_7color_check,?,?,?,?,?,?,?,00164B54,?), ref: 00165B58
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,lighteffect_layout,?,?,?,?,?,?,?,00164B54,?), ref: 00165B70
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_color_layout,?,?,?,?,?,?,?,00164B54,?), ref: 00165B88
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,colorpallet_layout,?,?,?,?,?,?,?,00164B54,?), ref: 00165BA0
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_light_layout,?,?,?,?,?,?,?,00164B54,?), ref: 00165BB8
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_speed_layout,?,?,?,?,?,?,?,00164B54,?), ref: 00165BD0
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_fx_layout,?,?,?,?,?,?,?,00164B54,?), ref: 00165BE8
    • Part of subcall function 00164A90: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(00164D75,deng_same_mode), ref: 00164AB4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Control$FindI@2@Lib@@ManagerName@PaintV32@
  • String ID: colorpallet_layout$deng_7color_check$deng_color_layout$deng_fx_layout$deng_light_layout$deng_speed_layout$lighteffect_layout
  • API String ID: 1102601444-47423341
  • Opcode ID: 393cb59c300a99c2c022fe1091aa7997099d3797cfb6fa8c8f9df9e8863e57f9
  • Instruction ID: a40eb45941db951034a1aea5d3dffbbccc30570073bde816a1ebf0b074a2cefd
  • Opcode Fuzzy Hash: 393cb59c300a99c2c022fe1091aa7997099d3797cfb6fa8c8f9df9e8863e57f9
  • Instruction Fuzzy Hash: 88225478B40105DFDB08DB94C991EFEB3B2FF89704F2442A8D9566B3A1CA726D51CB90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 64%
			E00166180(intOrPtr* __ecx, signed int _a4) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr* _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr* _t189;
				intOrPtr* _t190;
				intOrPtr* _t191;
				intOrPtr* _t192;
				intOrPtr* _t193;

				_v8 = __ecx;
				_t189 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t189, L"deng_7color_check");
				_v16 = _t189;
				_t190 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"lighteffect_layout");
				_v12 = _t190;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_color_layout");
				_v20 = _t190;
				_t191 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t191, L"colorpallet_layout");
				_v24 = _t191;
				_t192 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_light_layout");
				_v28 = _t192;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_speed_layout");
				_v32 = _t192;
				_t193 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t193, L"deng_fx_layout");
				_v36 = _t193;
				E00164A90(_v8, 0);
				 *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x124))))(1);
				_v40 = _a4;
				if(_v40 > 8) {
					L8:
					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x124))))(1);
					 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x124))))(0);
					return  *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x124))))(0);
				}
				switch( *((intOrPtr*)(_v40 * 4 +  &M0016661C))) {
					case 0:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 1:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						return E00164A90(_v8, 1);
					case 2:
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x124))))();
						_push(0);
						 *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x124))))();
						return E00164A90(_v8, 1);
					case 3:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						return E00164A90(_v8, 1);
					case 4:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						return E00164A90(_v8, 1);
					case 5:
						goto L8;
					case 6:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						__eax = E00164A90(_v8, 1);
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
				}
			}

















0x00166186
0x0016618e
0x00166198
0x0016619e
0x001661aa
0x001661b0
0x001661b6
0x001661c8
0x001661ce
0x001661d6
0x001661e0
0x001661e6
0x001661f2
0x001661f8
0x001661fe
0x00166210
0x00166216
0x0016621e
0x00166228
0x0016622e
0x00166236
0x0016624b
0x00166250
0x00166257
0x00166596
0x001665a6
0x001665b8
0x001665ca
0x001665dc
0x001665ee
0x00166600
0x00000000
0x00166612
0x00166260
0x00000000
0x0016640e
0x00166410
0x00166413
0x00166415
0x0016641e
0x00166420
0x00166422
0x00166425
0x00166427
0x00166430
0x00166432
0x00166434
0x00166437
0x00166439
0x00166442
0x00166444
0x00166446
0x00166449
0x0016644b
0x00166454
0x00166456
0x00166458
0x0016645b
0x0016645d
0x00166466
0x00166468
0x0016646a
0x0016646d
0x0016646f
0x00166478
0x00000000
0x00000000
0x0016647f
0x00166481
0x00166484
0x00166486
0x0016648f
0x00166491
0x00166493
0x00166496
0x00166498
0x001664a1
0x001664a3
0x001664a5
0x001664a8
0x001664aa
0x001664b3
0x001664b5
0x001664b7
0x001664ba
0x001664bc
0x001664c5
0x001664c7
0x001664c9
0x001664cc
0x001664ce
0x001664d7
0x001664d9
0x001664db
0x001664de
0x001664e0
0x001664e9
0x001664eb
0x001664ed
0x001664f0
0x001664f2
0x001664fb
0x001664ff
0x00000000
0x00000000
0x00166267
0x00166277
0x00166279
0x00166289
0x0016628b
0x0016629b
0x0016629d
0x001662ad
0x001662af
0x001662bf
0x001662c1
0x001662d1
0x001662d3
0x001662e3
0x00000000
0x00000000
0x001662f4
0x001662f6
0x001662f9
0x001662fb
0x00166304
0x00166306
0x00166308
0x0016630b
0x0016630d
0x00166316
0x00166318
0x0016631a
0x0016631d
0x0016631f
0x00166328
0x0016632a
0x0016632c
0x0016632f
0x00166331
0x0016633a
0x0016633c
0x0016633e
0x00166341
0x00166343
0x0016634c
0x0016634e
0x00166350
0x00166353
0x00166355
0x0016635e
0x00166360
0x00166362
0x00166365
0x00166367
0x00166370
0x00166374
0x00000000
0x00000000
0x00166381
0x00166383
0x00166386
0x00166388
0x00166391
0x00166393
0x00166395
0x00166398
0x0016639a
0x001663a3
0x001663a5
0x001663a7
0x001663aa
0x001663ac
0x001663b5
0x001663b7
0x001663b9
0x001663bc
0x001663be
0x001663c7
0x001663c9
0x001663cb
0x001663ce
0x001663d0
0x001663d9
0x001663db
0x001663dd
0x001663e0
0x001663e2
0x001663eb
0x001663ed
0x001663ef
0x001663f2
0x001663f4
0x001663fd
0x00166401
0x00000000
0x00000000
0x00000000
0x00000000
0x0016650c
0x0016650e
0x00166511
0x00166513
0x0016651c
0x0016651e
0x00166520
0x00166523
0x00166525
0x0016652e
0x00166530
0x00166532
0x00166535
0x00166537
0x00166540
0x00166542
0x00166544
0x00166547
0x00166549
0x00166552
0x00166554
0x00166556
0x00166559
0x0016655b
0x00166564
0x00166566
0x00166568
0x0016656b
0x0016656d
0x00166576
0x0016657a
0x0016657d
0x00166582
0x00166584
0x00166587
0x00166589
0x00166592
0x00000000
0x00000000

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_7color_check,?,?,?,?,?,?,00164B70,?,?), ref: 00166198
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,lighteffect_layout,?,?,?,?,?,?,00164B70,?,?), ref: 001661B0
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_color_layout,?,?,?,?,?,?,00164B70,?,?), ref: 001661C8
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,colorpallet_layout,?,?,?,?,?,?,00164B70,?,?), ref: 001661E0
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_light_layout,?,?,?,?,?,?,00164B70,?,?), ref: 001661F8
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_speed_layout,?,?,?,?,?,?,00164B70,?,?), ref: 00166210
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_fx_layout,?,?,?,?,?,?,00164B70,?,?), ref: 00166228
    • Part of subcall function 00164A90: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(00164D75,deng_same_mode), ref: 00164AB4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Control$FindI@2@Lib@@ManagerName@PaintV32@
  • String ID: colorpallet_layout$deng_7color_check$deng_color_layout$deng_fx_layout$deng_light_layout$deng_speed_layout$lighteffect_layout
  • API String ID: 1102601444-47423341
  • Opcode ID: 5a24f3815ff6828481aeb40ecd80f898a6adc1ca951f23d35db79521e79844b2
  • Instruction ID: d5233b720b9b88d33649ce07c050e83839ead097a1abd7a91fecc516fd68b81c
  • Opcode Fuzzy Hash: 5a24f3815ff6828481aeb40ecd80f898a6adc1ca951f23d35db79521e79844b2
  • Instruction Fuzzy Hash: DD025578B40105DFD708DB94C991EFDB3B2FF89704F2442A8D9566B3A1CA726D51CB90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 64%
			E00166640(intOrPtr* __ecx, signed int _a4) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr* _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr* _t189;
				intOrPtr* _t190;
				intOrPtr* _t191;
				intOrPtr* _t192;
				intOrPtr* _t193;

				_v8 = __ecx;
				_t189 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t189, L"deng_7color_check");
				_v16 = _t189;
				_t190 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"lighteffect_layout");
				_v12 = _t190;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_color_layout");
				_v20 = _t190;
				_t191 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t191, L"colorpallet_layout");
				_v24 = _t191;
				_t192 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_light_layout");
				_v28 = _t192;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_speed_layout");
				_v32 = _t192;
				_t193 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t193, L"deng_fx_layout");
				_v36 = _t193;
				E00164A90(_v8, 0);
				 *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x124))))(1);
				_v40 = _a4;
				if(_v40 > 8) {
					L8:
					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x124))))(1);
					 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x124))))(0);
					return  *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x124))))(0);
				}
				switch( *((intOrPtr*)(_v40 * 4 +  &M00166ADC))) {
					case 0:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 1:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						return E00164A90(_v8, 1);
					case 2:
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x124))))();
						_push(0);
						 *((intOrPtr*)( *((intOrPtr*)( *_v36 + 0x124))))();
						return E00164A90(_v8, 1);
					case 3:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						return E00164A90(_v8, 1);
					case 4:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						return E00164A90(_v8, 1);
					case 5:
						goto L8;
					case 6:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						__ecx = _v8;
						__eax = E00164A90(_v8, 1);
						_push(0);
						__ecx = _v36;
						__edx =  *_v36;
						__ecx = _v36;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
				}
			}

















0x00166646
0x0016664e
0x00166658
0x0016665e
0x0016666a
0x00166670
0x00166676
0x00166688
0x0016668e
0x00166696
0x001666a0
0x001666a6
0x001666b2
0x001666b8
0x001666be
0x001666d0
0x001666d6
0x001666de
0x001666e8
0x001666ee
0x001666f6
0x0016670b
0x00166710
0x00166717
0x00166a56
0x00166a66
0x00166a78
0x00166a8a
0x00166a9c
0x00166aae
0x00166ac0
0x00000000
0x00166ad2
0x00166720
0x00000000
0x001668ce
0x001668d0
0x001668d3
0x001668d5
0x001668de
0x001668e0
0x001668e2
0x001668e5
0x001668e7
0x001668f0
0x001668f2
0x001668f4
0x001668f7
0x001668f9
0x00166902
0x00166904
0x00166906
0x00166909
0x0016690b
0x00166914
0x00166916
0x00166918
0x0016691b
0x0016691d
0x00166926
0x00166928
0x0016692a
0x0016692d
0x0016692f
0x00166938
0x00000000
0x00000000
0x0016693f
0x00166941
0x00166944
0x00166946
0x0016694f
0x00166951
0x00166953
0x00166956
0x00166958
0x00166961
0x00166963
0x00166965
0x00166968
0x0016696a
0x00166973
0x00166975
0x00166977
0x0016697a
0x0016697c
0x00166985
0x00166987
0x00166989
0x0016698c
0x0016698e
0x00166997
0x00166999
0x0016699b
0x0016699e
0x001669a0
0x001669a9
0x001669ab
0x001669ad
0x001669b0
0x001669b2
0x001669bb
0x001669bf
0x00000000
0x00000000
0x00166727
0x00166737
0x00166739
0x00166749
0x0016674b
0x0016675b
0x0016675d
0x0016676d
0x0016676f
0x0016677f
0x00166781
0x00166791
0x00166793
0x001667a3
0x00000000
0x00000000
0x001667b4
0x001667b6
0x001667b9
0x001667bb
0x001667c4
0x001667c6
0x001667c8
0x001667cb
0x001667cd
0x001667d6
0x001667d8
0x001667da
0x001667dd
0x001667df
0x001667e8
0x001667ea
0x001667ec
0x001667ef
0x001667f1
0x001667fa
0x001667fc
0x001667fe
0x00166801
0x00166803
0x0016680c
0x0016680e
0x00166810
0x00166813
0x00166815
0x0016681e
0x00166820
0x00166822
0x00166825
0x00166827
0x00166830
0x00166834
0x00000000
0x00000000
0x00166841
0x00166843
0x00166846
0x00166848
0x00166851
0x00166853
0x00166855
0x00166858
0x0016685a
0x00166863
0x00166865
0x00166867
0x0016686a
0x0016686c
0x00166875
0x00166877
0x00166879
0x0016687c
0x0016687e
0x00166887
0x00166889
0x0016688b
0x0016688e
0x00166890
0x00166899
0x0016689b
0x0016689d
0x001668a0
0x001668a2
0x001668ab
0x001668ad
0x001668af
0x001668b2
0x001668b4
0x001668bd
0x001668c1
0x00000000
0x00000000
0x00000000
0x00000000
0x001669cc
0x001669ce
0x001669d1
0x001669d3
0x001669dc
0x001669de
0x001669e0
0x001669e3
0x001669e5
0x001669ee
0x001669f0
0x001669f2
0x001669f5
0x001669f7
0x00166a00
0x00166a02
0x00166a04
0x00166a07
0x00166a09
0x00166a12
0x00166a14
0x00166a16
0x00166a19
0x00166a1b
0x00166a24
0x00166a26
0x00166a28
0x00166a2b
0x00166a2d
0x00166a36
0x00166a3a
0x00166a3d
0x00166a42
0x00166a44
0x00166a47
0x00166a49
0x00166a52
0x00000000
0x00000000

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_7color_check,?,?,?,?,?,00164B7E,?,?,?), ref: 00166658
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,lighteffect_layout,?,?,?,?,?,00164B7E,?,?,?), ref: 00166670
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_color_layout,?,?,?,?,?,00164B7E,?,?,?), ref: 00166688
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,colorpallet_layout,?,?,?,?,?,00164B7E,?,?,?), ref: 001666A0
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_light_layout,?,?,?,?,?,00164B7E,?,?,?), ref: 001666B8
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_speed_layout,?,?,?,?,?,00164B7E,?,?,?), ref: 001666D0
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_fx_layout,?,?,?,?,?,00164B7E,?,?,?), ref: 001666E8
    • Part of subcall function 00164A90: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(00164D75,deng_same_mode), ref: 00164AB4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Control$FindI@2@Lib@@ManagerName@PaintV32@
  • String ID: colorpallet_layout$deng_7color_check$deng_color_layout$deng_fx_layout$deng_light_layout$deng_speed_layout$lighteffect_layout
  • API String ID: 1102601444-47423341
  • Opcode ID: 28bb8629f169cde0972d7912de90333543ab97f3634a8c169ac67a3b898c60eb
  • Instruction ID: 5fca122b456753eae90485a988cea18474c74566ce3e44fcff74455697f907b3
  • Opcode Fuzzy Hash: 28bb8629f169cde0972d7912de90333543ab97f3634a8c169ac67a3b898c60eb
  • Instruction Fuzzy Hash: 3F025579B40105DFD708DB94C992EFDB3B2FF88704F2442A8D9566B3A1CA726D51CB90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 59%
			E00166B00(intOrPtr* __ecx, signed int _a4) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				intOrPtr* _v16;
				intOrPtr* _v20;
				intOrPtr* _v24;
				intOrPtr* _v28;
				intOrPtr* _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr* _t162;
				intOrPtr* _t163;
				intOrPtr* _t164;
				intOrPtr* _t165;
				intOrPtr _t166;

				_v8 = __ecx;
				_t162 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t162, L"deng_7color_check");
				_v16 = _t162;
				_t163 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"lighteffect_layout");
				_v12 = _t163;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_color_layout");
				_v20 = _t163;
				_t164 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t164, L"colorpallet_layout");
				_v24 = _t164;
				_t165 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_light_layout");
				_v28 = _t165;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_speed_layout");
				_v32 = _t165;
				_t166 = _v8;
				__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_t166, L"deng_fx_layout");
				_v40 = _t166;
				_v36 = _a4;
				if(_v36 > 5) {
					 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x124))))(1);
					 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x124))))(0);
					 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x124))))(0);
					return  *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x124))))(0);
				}
				switch( *((intOrPtr*)(_v36 * 4 +  &M00166EE0))) {
					case 0:
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v12 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v20 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v24 + 0x124))))();
						_push(1);
						 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 0x124))))();
						_push(1);
						return  *((intOrPtr*)( *((intOrPtr*)( *_v32 + 0x124))))();
					case 1:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 2:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 3:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 4:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(1);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
					case 5:
						_push(1);
						__ecx = _v12;
						__edx =  *_v12;
						__ecx = _v12;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v16;
						__edx =  *_v16;
						__ecx = _v16;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v20;
						__edx =  *_v20;
						__ecx = _v20;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v24;
						__edx =  *_v24;
						__ecx = _v24;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v28;
						__edx =  *_v28;
						__ecx = _v28;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						_push(0);
						__ecx = _v32;
						__edx =  *_v32;
						__ecx = _v32;
						 *((intOrPtr*)(__edx + 0x124)) =  *((intOrPtr*)( *((intOrPtr*)(__edx + 0x124))))();
						return  *((intOrPtr*)(__edx + 0x124));
				}
			}

















0x00166b06
0x00166b0e
0x00166b18
0x00166b1e
0x00166b2a
0x00166b30
0x00166b36
0x00166b48
0x00166b4e
0x00166b56
0x00166b60
0x00166b66
0x00166b72
0x00166b78
0x00166b7e
0x00166b90
0x00166b96
0x00166b9e
0x00166ba8
0x00166bae
0x00166bb4
0x00166bbb
0x00166e7e
0x00166e90
0x00166ea2
0x00166eb4
0x00166ec6
0x00000000
0x00166ed8
0x00166bc4
0x00000000
0x00166bcb
0x00166bdb
0x00166bdd
0x00166bed
0x00166bef
0x00166bff
0x00166c01
0x00166c11
0x00166c13
0x00166c23
0x00166c25
0x00000000
0x00000000
0x00166c3c
0x00166c3e
0x00166c41
0x00166c43
0x00166c4c
0x00166c4e
0x00166c50
0x00166c53
0x00166c55
0x00166c5e
0x00166c60
0x00166c62
0x00166c65
0x00166c67
0x00166c70
0x00166c72
0x00166c74
0x00166c77
0x00166c79
0x00166c82
0x00166c84
0x00166c86
0x00166c89
0x00166c8b
0x00166c94
0x00166c96
0x00166c98
0x00166c9b
0x00166c9d
0x00166ca6
0x00000000
0x00000000
0x00166cad
0x00166caf
0x00166cb2
0x00166cb4
0x00166cbd
0x00166cbf
0x00166cc1
0x00166cc4
0x00166cc6
0x00166ccf
0x00166cd1
0x00166cd3
0x00166cd6
0x00166cd8
0x00166ce1
0x00166ce3
0x00166ce5
0x00166ce8
0x00166cea
0x00166cf3
0x00166cf5
0x00166cf7
0x00166cfa
0x00166cfc
0x00166d05
0x00166d07
0x00166d09
0x00166d0c
0x00166d0e
0x00166d17
0x00000000
0x00000000
0x00166d1e
0x00166d20
0x00166d23
0x00166d25
0x00166d2e
0x00166d30
0x00166d32
0x00166d35
0x00166d37
0x00166d40
0x00166d42
0x00166d44
0x00166d47
0x00166d49
0x00166d52
0x00166d54
0x00166d56
0x00166d59
0x00166d5b
0x00166d64
0x00166d66
0x00166d68
0x00166d6b
0x00166d6d
0x00166d76
0x00166d78
0x00166d7a
0x00166d7d
0x00166d7f
0x00166d88
0x00000000
0x00000000
0x00166d8f
0x00166d91
0x00166d94
0x00166d96
0x00166d9f
0x00166da1
0x00166da3
0x00166da6
0x00166da8
0x00166db1
0x00166db3
0x00166db5
0x00166db8
0x00166dba
0x00166dc3
0x00166dc5
0x00166dc7
0x00166dca
0x00166dcc
0x00166dd5
0x00166dd7
0x00166dd9
0x00166ddc
0x00166dde
0x00166de7
0x00166de9
0x00166deb
0x00166dee
0x00166df0
0x00166df9
0x00000000
0x00000000
0x00166e00
0x00166e02
0x00166e05
0x00166e07
0x00166e10
0x00166e12
0x00166e14
0x00166e17
0x00166e19
0x00166e22
0x00166e24
0x00166e26
0x00166e29
0x00166e2b
0x00166e34
0x00166e36
0x00166e38
0x00166e3b
0x00166e3d
0x00166e46
0x00166e48
0x00166e4a
0x00166e4d
0x00166e4f
0x00166e58
0x00166e5a
0x00166e5c
0x00166e5f
0x00166e61
0x00166e6a
0x00000000
0x00000000

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_7color_check,?,?,?,?,00164B9A,?,?,?,?), ref: 00166B18
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,lighteffect_layout,?,?,?,?,00164B9A,?,?,?,?), ref: 00166B30
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_color_layout,?,?,?,?,00164B9A,?,?,?,?), ref: 00166B48
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,colorpallet_layout,?,?,?,?,00164B9A,?,?,?,?), ref: 00166B60
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_light_layout,?,?,?,?,00164B9A,?,?,?,?), ref: 00166B78
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_speed_layout,?,?,?,?,00164B9A,?,?,?,?), ref: 00166B90
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_fx_layout,?,?,?,?,00164B9A,?,?,?,?), ref: 00166BA8
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Control$FindI@2@Lib@@ManagerName@PaintV32@
  • String ID: colorpallet_layout$deng_7color_check$deng_color_layout$deng_fx_layout$deng_light_layout$deng_speed_layout$lighteffect_layout
  • API String ID: 1102601444-47423341
  • Opcode ID: 37e75742a0af212b03212d138f6098a18ca2b3a9e3bd737b5058c278e4075661
  • Instruction ID: d3fde36b89e7da0dfcdccf91d9ffab9cc2502cede137224476d2b01f373c6b1e
  • Opcode Fuzzy Hash: 37e75742a0af212b03212d138f6098a18ca2b3a9e3bd737b5058c278e4075661
  • Instruction Fuzzy Hash: DAE17579B40105DFD708DB94C991EFEB7B2FF88704F2442A8D9526B3A1CA726E51CB90
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(click,000000FF,48591883), ref: 00154361
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003DAF28,000000FF), ref: 0015437A
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(itemselect,000000FF), ref: 001543DB
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003DAF44,000000FF), ref: 001543F1
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(selectchanged,000000FF), ref: 00154450
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003DAF64,000000FF), ref: 00154466
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(windowinit,000000FF), ref: 001544C5
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003DAF80,000000FF), ref: 001544DB
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003DAF84,000000FF), ref: 00154539
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003DAF88,000000FF), ref: 0015454F
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$__onexit
  • String ID: click$itemselect$selectchanged$windowinit
  • API String ID: 2284767783-257901190
  • Opcode ID: e88468822eed86fba8d9fcc3713a885b2fad0fc0e62f42688a5080739dd82412
  • Instruction ID: 0bde7ad251a7e6c5b7b15fe6c4e9798aa19b729eed38b01c47291a357965ba80
  • Opcode Fuzzy Hash: e88468822eed86fba8d9fcc3713a885b2fad0fc0e62f42688a5080739dd82412
  • Instruction Fuzzy Hash: 366127B0A05349DBCB15CF98E94879DBBB1FB48324F60826AE825673E0C7781945CF59
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(click,000000FF,48591883), ref: 00151331
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003C3170,000000FF), ref: 0015134A
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(itemselect,000000FF), ref: 001513AB
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003C318C,000000FF), ref: 001513C1
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(selectchanged,000000FF), ref: 00151420
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003C31AC,000000FF), ref: 00151436
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003C31B0,000000FF), ref: 00151495
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003C31B4,000000FF), ref: 001514AB
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$__onexit
  • String ID: <wB$\xB$click$itemselect$selectchanged$|yB
  • API String ID: 2284767783-4288555516
  • Opcode ID: 23f5532767a7ebc459336c95147b48c9d9b8b2a8db159d7cbd8fd4a6d8026ff9
  • Instruction ID: bbbb27aa881a8a414db5f2bb07c56a094ce6e8096f641a748fb53784ec268d88
  • Opcode Fuzzy Hash: 23f5532767a7ebc459336c95147b48c9d9b8b2a8db159d7cbd8fd4a6d8026ff9
  • Instruction Fuzzy Hash: 1D51E4B0A097059FCB15DF98EC49B9DBBB1FB49324F64826AE421A73E0C7741A05CB54
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 37%
			E00155B00(intOrPtr __ecx, struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				int _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				struct HWND__* _v24;
				struct HWND__* _t39;
				struct HWND__* _t41;
				int _t42;

				_v12 = __ecx;
				if(_a8 == 0xf060) {
					PostQuitMessage(0);
					 *_a16 = 1;
					return 0;
				}
				__imp__??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ();
				_v20 = IsZoomed(_t39);
				_t41 = _a4;
				__imp__?HandleMessage@CWindowWnd@DuiLib@@MAEJIIJ@Z(_t41, _a8, _a12);
				_v24 = _t41;
				__imp__??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ();
				_t42 = IsZoomed(_t41);
				if(_t42 != _v20) {
					if(_v20 != 0) {
						__imp__?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z(L"maxbtn");
						_v16 = _t42;
						if(_v16 != 0) {
							_t42 =  *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x118))))(1);
						}
						__imp__?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z(L"restorebtn");
						_v16 = _t42;
						if(_v16 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_v16 + 0x118))))(0);
						}
					} else {
						__imp__?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z(L"maxbtn");
						_v8 = _t42;
						if(_v8 != 0) {
							_t42 =  *((intOrPtr*)( *((intOrPtr*)( *_v8 + 0x118))))(0);
						}
						__imp__?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z(L"restorebtn");
						_v8 = _t42;
						if(_v8 != 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *_v8 + 0x118))))(1);
						}
					}
				}
				return _v24;
			}











0x00155b06
0x00155b10
0x00155b14
0x00155b1d
0x00000000
0x00155b23
0x00155b2d
0x00155b3a
0x00155b45
0x00155b4c
0x00155b52
0x00155b58
0x00155b5f
0x00155b68
0x00155b72
0x00155bd9
0x00155bdf
0x00155be6
0x00155bf8
0x00155bf8
0x00155c05
0x00155c0b
0x00155c12
0x00155c24
0x00155c24
0x00155b74
0x00155b7f
0x00155b85
0x00155b8c
0x00155b9e
0x00155b9e
0x00155bab
0x00155bb1
0x00155bb8
0x00155bca
0x00155bca
0x00155bcc
0x00155b72
0x00000000

APIs
  • PostQuitMessage.USER32(00000000), ref: 00155B14
  • ??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ.DUILIB ref: 00155B2D
  • IsZoomed.USER32(00000000), ref: 00155B34
  • ?HandleMessage@CWindowWnd@DuiLib@@MAEJIIJ@Z.DUILIB(?,0000F060,?), ref: 00155B4C
  • ??BCWindowWnd@DuiLib@@QBEPAUHWND__@@XZ.DUILIB ref: 00155B58
  • IsZoomed.USER32(00000000), ref: 00155B5F
  • ?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z.DUILIB(maxbtn), ref: 00155B7F
  • ?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z.DUILIB(restorebtn), ref: 00155BAB
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$WindowWnd@$ControlControl@D__@@FindI@2@ManagerPaintZoomed$HandleMessageMessage@PostQuit
  • String ID: maxbtn$maxbtn$restorebtn$restorebtn
  • API String ID: 2770486332-940712322
  • Opcode ID: 12859cd64694190a77547edfb919d32c7bc685d72238723a37ac6dbcf4eff56c
  • Instruction ID: dad646092557c4d6d6decda06cdb02dc1c6a7f9ab78058cda3dc6d9ff15b5efe
  • Opcode Fuzzy Hash: 12859cd64694190a77547edfb919d32c7bc685d72238723a37ac6dbcf4eff56c
  • Instruction Fuzzy Hash: 46410E74A00209EFCB09DFA4C999BADB7B6FF48305F148599E916AB390CB716E40CF50
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CHorizontalLayoutUI@DuiLib@@QAE@XZ.DUILIB(48591883,00000000,00000000,00370F74,000000FF,?,00156D2A), ref: 00156D89
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156E2A
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156E3D
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156E50
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156E63
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156E76
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_synchro_selected.png), ref: 00156EA5
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_synchro_normal.png), ref: 00156EB9
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_selected.png), ref: 00156ECD
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(common/device_ico/unknow_device_normal.png), ref: 00156EE1
Strings
  • common/device_ico/unknow_device_synchro_normal.png, xrefs: 00156EAB
  • common/device_ico/unknow_device_synchro_selected.png, xrefs: 00156E97
  • common/device_ico/unknow_device_normal.png, xrefs: 00156ED3
  • common/device_ico/unknow_device_selected.png, xrefs: 00156EBF
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$V01@$HorizontalLayout
  • String ID: common/device_ico/unknow_device_normal.png$common/device_ico/unknow_device_selected.png$common/device_ico/unknow_device_synchro_normal.png$common/device_ico/unknow_device_synchro_selected.png
  • API String ID: 3634294190-1598161897
  • Opcode ID: df24fb6842cd9bac2a80067781bdb4b4e73af75dab3f7237f2e1c15d66aa200f
  • Instruction ID: 21de488e4c525bc1ee64299cdd47e41e47a0eb65e6bb10a2e1fe5944ab8ed9f4
  • Opcode Fuzzy Hash: df24fb6842cd9bac2a80067781bdb4b4e73af75dab3f7237f2e1c15d66aa200f
  • Instruction Fuzzy Hash: 0641E9B4A0435ACFDB09CF94C868BFEBBB5FB49314F1846A8D4656B391CB765900CB90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 70%
			E00211830(intOrPtr __ecx, void* __edx, char _a4, intOrPtr _a8, char _a12) {
				char _v8;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed char** _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v76;
				char _v88;
				void* __ebx;
				void* _t40;
				signed int* _t42;
				signed int _t47;
				char _t55;
				char _t58;
				char _t60;
				signed int _t64;
				char _t69;
				intOrPtr* _t71;
				char _t75;
				intOrPtr* _t76;
				void* _t77;
				char _t87;
				intOrPtr _t88;
				intOrPtr _t93;
				intOrPtr _t95;
				char _t96;
				char _t98;
				void* _t100;
				signed char** _t101;
				char _t116;
				char _t117;
				char _t118;
				intOrPtr _t120;
				intOrPtr* _t121;
				char _t123;
				char _t124;
				char _t125;
				intOrPtr _t132;
				intOrPtr _t133;
				intOrPtr* _t134;
				intOrPtr* _t135;
				intOrPtr* _t136;
				signed int _t143;

				_t115 = __edx;
				_t120 = _a8;
				_t132 = __ecx;
				_t40 = E0015EB60(__ecx, _t120);
				_t93 = _t132;
				if(_t40 == 0) {
					E0015EF70(_t93, __eflags, 0);
					_t42 = E0015EF30(_t132);
					_t87 = _a12;
					_t95 = _t132;
					__eflags =  !( *_t42) - _t87;
					if(__eflags <= 0) {
						E0015F060(_t95);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xffffffff);
						_push(0x37b4b0);
						_push( *[fs:0x0]);
						_push(_t87);
						_push(_t132);
						_push(_t120);
						_t47 =  *0x414f64; // 0x48591883
						_push(_t47 ^ _t143);
						 *[fs:0x0] =  &_v32;
						_v36 = _t143 - 0x38;
						_t88 = _t95;
						_v40 = _t88;
						_t133 = E0035A41B(_t88, __edx);
						_v44 = _t133;
						E00346D97(__edx, __eflags,  &_v88);
						 *((intOrPtr*)(_t88 + 8)) = 0;
						__eflags = _v8;
						 *((intOrPtr*)(_t88 + 0x10)) = 0;
						 *((intOrPtr*)(_t88 + 0x14)) = 0;
						_v24 = 0;
						if(__eflags == 0) {
							_t134 =  *((intOrPtr*)(_t133 + 8));
						} else {
							_t134 = 0x3e5c08;
						}
						E00346D97(_t115, __eflags,  &_v76);
						_t121 = _t134;
						_t18 = _t121 + 1; // 0x3e5c09
						_t96 = _t18;
						do {
							_t55 =  *_t121;
							_t121 = _t121 + 1;
							__eflags = _t55;
						} while (_t55 != 0);
						_t123 = _t121 - _t96 + 1;
						_push(1);
						_push(_t123);
						_t116 = E00359EF9(_t96);
						__eflags = _t116;
						if(__eflags == 0) {
							E00345F6C(__eflags);
						}
						__eflags = _t123;
						if(_t123 != 0) {
							_t96 = _t116 - _t134;
							__eflags = _t96;
							do {
								_t69 =  *_t134;
								_t134 = _t134 + 1;
								 *((char*)(_t96 + _t134 - 1)) = _t69;
								_t123 = _t123 - 1;
								__eflags = _t123;
							} while (_t123 != 0);
						}
						_t124 = 6;
						 *((intOrPtr*)(_t88 + 8)) = _t116;
						_push(1);
						_push(6);
						_t135 = 0x3e5680;
						_t117 = E00359EF9(_t96);
						__eflags = _t117;
						if(__eflags == 0) {
							E00345F6C(__eflags);
						}
						_t98 = _t117 - 0x3e5680;
						__eflags = _t98;
						do {
							_t58 =  *_t135;
							_t135 = _t135 + 1;
							 *((char*)(_t98 + _t135 - 1)) = _t58;
							_t124 = _t124 - 1;
							__eflags = _t124;
						} while (_t124 != 0);
						_t125 = 5;
						 *((intOrPtr*)(_t88 + 0x10)) = _t117;
						_push(1);
						_push(5);
						_t136 = 0x3e5688;
						_t118 = E00359EF9(_t98);
						__eflags = _t118;
						if(__eflags == 0) {
							E00345F6C(__eflags);
							E00210680(_v28);
							E00349ADA(0, 0);
						}
						_t100 = _t118 - 0x3e5688;
						asm("o16 nop [eax+eax]");
						do {
							_t60 =  *_t136;
							_t136 = _t136 + 1;
							 *((char*)(_t100 + _t136 - 1)) = _t60;
							_t125 = _t125 - 1;
							__eflags = _t125;
						} while (_t125 != 0);
						__eflags = _a4;
						 *((intOrPtr*)(_t88 + 0x14)) = _t118;
						if(_a4 == 0) {
							_t101 = _v32;
							 *((char*)(_t88 + 0xc)) =  *( *_t101) & 0x000000ff;
							_t64 =  *(_t101[1]) & 0x000000ff;
							 *(_t88 + 0xd) = _t64;
							 *[fs:0x0] = _v20;
							return _t64;
						} else {
							 *((short*)(_t88 + 0xc)) = 0x2c2e;
							 *[fs:0x0] = _v20;
							return _t60;
						}
					} else {
						_t71 = E0015EF30(_t95);
						_t73 =  *_t71 + _t87;
						_a12 =  *_t71 + _t87;
						__eflags = _t87;
						if(__eflags != 0) {
							_t75 = E0015F4B0(_t132, __eflags, _t73, 0);
							__eflags = _t75;
							if(_t75 != 0) {
								_t76 = E0015EF30(_t132);
								_t77 = E0015F5B0(_t132);
								__eflags = E0015F5B0(_t132) + _t87;
								E0015EFA0(_t132, E0015F5B0(_t132) + _t87, _t77,  *_t76);
								E0015F7B0(_t132, E0015F5B0(_t132), _t120, _t87);
								E0015F910(_t132, _a12);
							}
						}
						return _t132;
					}
				} else {
					_push(_a12);
					return E00211A90(_t132, _t120 - E0015F5B0(_t93), _t93, _t132, _t120 - E0015F5B0(_t93));
				}
			}
















































0x00211830
0x00211835
0x00211838
0x0021183b
0x00211840
0x00211844
0x00211863
0x0021186a
0x0021186f
0x00211872
0x00211878
0x0021187a
0x002118e2
0x002118e7
0x002118e8
0x002118e9
0x002118ea
0x002118eb
0x002118ec
0x002118ed
0x002118ee
0x002118ef
0x002118f3
0x002118f5
0x00211900
0x00211904
0x00211905
0x00211906
0x00211907
0x0021190e
0x00211912
0x00211918
0x0021191b
0x0021191d
0x00211925
0x0021192b
0x0021192e
0x00211936
0x0021193d
0x00211941
0x00211948
0x0021194f
0x00211956
0x0021195f
0x00211958
0x00211958
0x00211958
0x00211966
0x0021196b
0x00211970
0x00211970
0x00211973
0x00211973
0x00211975
0x00211976
0x00211976
0x0021197c
0x0021197d
0x0021197f
0x00211985
0x0021198a
0x0021198c
0x0021198e
0x0021198e
0x00211993
0x00211995
0x00211999
0x00211999
0x002119a0
0x002119a0
0x002119a2
0x002119a5
0x002119a9
0x002119a9
0x002119a9
0x002119a0
0x002119ae
0x002119b3
0x002119b6
0x002119b8
0x002119b9
0x002119c3
0x002119c8
0x002119ca
0x002119cc
0x002119cc
0x002119d3
0x002119d3
0x002119e0
0x002119e0
0x002119e2
0x002119e5
0x002119e9
0x002119e9
0x002119e9
0x002119ee
0x002119f3
0x002119f6
0x002119f8
0x002119f9
0x00211a03
0x00211a08
0x00211a0a
0x00211a0c
0x00211a14
0x00211a1d
0x00211a1d
0x00211a24
0x00211a2a
0x00211a30
0x00211a30
0x00211a32
0x00211a35
0x00211a39
0x00211a39
0x00211a39
0x00211a3e
0x00211a42
0x00211a45
0x00211a61
0x00211a69
0x00211a6f
0x00211a72
0x00211a78
0x00211a86
0x00211a47
0x00211a47
0x00211a50
0x00211a5e
0x00211a5e
0x0021187c
0x0021187c
0x00211883
0x00211885
0x00211888
0x0021188a
0x00211891
0x00211896
0x00211898
0x0021189c
0x002118a5
0x002118b2
0x002118b5
0x002118c7
0x002118d4
0x002118d4
0x00211898
0x002118df
0x002118df
0x00211846
0x00211846
0x0021185d
0x0021185d

APIs
    • Part of subcall function 0015EB60: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015EB71
    • Part of subcall function 0015EB60: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015EB7E
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00211849
    • Part of subcall function 00211A90: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00211AFC
    • Part of subcall function 00211A90: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00211B04
    • Part of subcall function 00211A90: char_traits.LIBCPMTD ref: 00211B0C
    • Part of subcall function 00211A90: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00211B1E
    • Part of subcall function 00211A90: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00211B33
    • Part of subcall function 00211A90: char_traits.LIBCPMTD ref: 00211B39
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 002118A5
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 002118AD
  • char_traits.LIBCPMTD ref: 002118B5
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 002118C1
  • char_traits.LIBCPMTD ref: 002118C7
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Base::Concurrency::details::ContextIdentityQueueWork$char_traits
  • String ID: false$true
  • API String ID: 1941806930-2658103896
  • Opcode ID: 3e9845af570edc8c545aa0b0a1228fedd4477f7a0797f26c042dff16bdce8edb
  • Instruction ID: 4ea15cf4c4d1c8f10951d9fee8b108c6638664d0fe2a078a1f3a673eba47b193
  • Opcode Fuzzy Hash: 3e9845af570edc8c545aa0b0a1228fedd4477f7a0797f26c042dff16bdce8edb
  • Instruction Fuzzy Hash: 84615932A002459FCF15AF658841BAEBBE5DFA1314F04407EFD554F382DB72992ACBA1
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 43%
			E00159BF0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4, signed char _a8) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v152;
				char _v284;
				intOrPtr _v288;
				intOrPtr* _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				intOrPtr _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				intOrPtr _v340;
				intOrPtr _v344;
				signed int _t69;
				signed int _t70;
				intOrPtr _t72;
				void* _t86;
				intOrPtr _t94;
				void* _t97;
				void* _t152;
				void* _t153;
				signed int _t154;
				void* _t155;
				void* _t156;
				intOrPtr _t157;
				intOrPtr _t158;
				intOrPtr _t159;
				intOrPtr _t160;
				void* _t166;

				_t166 = __fp0;
				_t153 = __esi;
				_t152 = __edi;
				_t97 = __ebx;
				_push(0xffffffff);
				_push(0x371193);
				_push( *[fs:0x0]);
				_t156 = _t155 - 0x148;
				_t69 =  *0x414f64; // 0x48591883
				_t70 = _t69 ^ _t154;
				_v20 = _t70;
				_push(_t70);
				 *[fs:0x0] =  &_v16;
				_v288 = __ecx;
				_t72 = _v288;
				if( *((intOrPtr*)(_t72 + 0xab8)) == 0) {
					__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v288, L"device_profile_combo");
					 *((intOrPtr*)(_v288 + 0xab8)) = _t72;
				}
				if( *((intOrPtr*)(_v288 + 0xab8)) != 0) {
					__imp__?SelectItem1@CComboUI@DuiLib@@QAE_NH_N0@Z(_a4, 1, _a8 & 0x000000ff);
					_v292 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v288 + 0xab8)) + 0x6f0))))))();
					_t157 = _t156 - 0x84;
					_v308 = _t157;
					_v312 =  *((intOrPtr*)( *((intOrPtr*)( *_v292 + 0x28))))();
					L00159FB0(_t157);
					__imp__??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z();
					_v8 = 0;
					_t158 = _t157 - 0x18;
					_v316 = _t158;
					_v320 = E0019E920(_t97, _v288 + 0xa98, _t152, _t153, __eflags, _t158,  &_v152);
					E00207520(_v288 + 0xa80,  &_v152);
					_t159 = _t158 - 0x18;
					_v324 = _t159;
					_v296 = E00206FB0(_t159,  &_v152, _a4);
					_v328 = _v296;
					_v8 = 1;
					_t86 = E00208830(_v288 + 0xa80, "profileselect");
					_v8 = 0;
					E00207520(_t86, L"ProfileList.ini");
					_t160 = _t159 - 0x18;
					_v332 = _t160;
					E00208830(_v288 + 0xa80, "profilelist");
					_v336 = L00207760(_t97, E00208830(E00208290(_t97, _t152, _t153, _a4), "profileUUID"), _t152, _t153, _t166, _t160);
					_v300 = E00198100(__eflags,  &_v284, _a4);
					_v304 = _v300;
					_v8 = 2;
					_t94 = _v304;
					__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z(_t94);
					_v8 = 0;
					__imp__??1CDuiString@DuiLib@@QAE@XZ();
					_v340 = _t160 + 0x1c - 0x84;
					__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z( &_v152, _v288 + 0xa80);
					_v344 = _t94;
					__eflags = _v288 + 0xa98;
					L0019E820(_t97, _v288 + 0xa98, _t152, _t153, _v288 + 0xa98);
					_v8 = 0xffffffff;
					__imp__??1CDuiString@DuiLib@@QAE@XZ();
				}
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t154);
			}







































0x00159bf0
0x00159bf0
0x00159bf0
0x00159bf0
0x00159bf3
0x00159bf5
0x00159c00
0x00159c01
0x00159c07
0x00159c0c
0x00159c0e
0x00159c11
0x00159c15
0x00159c1b
0x00159c21
0x00159c2e
0x00159c45
0x00159c51
0x00159c51
0x00159c64
0x00159c82
0x00159cb4
0x00159cba
0x00159cc2
0x00159cdc
0x00159ce8
0x00159d05
0x00159d0b
0x00159d12
0x00159d17
0x00159d36
0x00159d48
0x00159d4d
0x00159d52
0x00159d61
0x00159d6d
0x00159d73
0x00159d88
0x00159d8d
0x00159d93
0x00159d98
0x00159d9d
0x00159dbe
0x00159dd8
0x00159ded
0x00159df9
0x00159dff
0x00159e03
0x00159e16
0x00159e1c
0x00159e26
0x00159e41
0x00159e4e
0x00159e54
0x00159e60
0x00159e66
0x00159e6b
0x00159e78
0x00159e78
0x00159e81
0x00159e96

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_profile_combo), ref: 00159C45
  • ?SelectItem1@CComboUI@DuiLib@@QAE_NH_N0@Z.DUILIB(?,00000001,?), ref: 00159C82
  • ??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z.DUILIB(?,ProfileList.ini), ref: 00159D05
    • Part of subcall function 0019E920: ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(00158AFA), ref: 0019E9A1
    • Part of subcall function 0019E920: ?GetData@CDuiString@DuiLib@@QBEPB_WXZ.DUILIB(?), ref: 0019E9D8
    • Part of subcall function 00198100: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0019814E
    • Part of subcall function 00198100: _DebugHeapAllocator.LIBCPMTD ref: 00198186
    • Part of subcall function 00198100: ??0CDuiString@DuiLib@@QAE@XZ.DUILIB(?,?,48591883), ref: 001981A0
    • Part of subcall function 00198100: ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(00000000,?,48591883), ref: 001981BC
    • Part of subcall function 00198100: ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?,?,48591883), ref: 001981CC
    • Part of subcall function 00198100: ??1CDuiString@DuiLib@@QAE@XZ.DUILIB(?,48591883), ref: 001981EB
  • ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z.DUILIB(?), ref: 00159E16
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00159E26
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?), ref: 00159E4E
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00159E78
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$V01@@$V01@$Control$AllocatorComboContainer_base12Container_base12::~_Data@DebugFindHeapI@2@Item1@ManagerName@PaintSelectV32@std::_
  • String ID: ProfileList.ini$device_profile_combo$profileUUID$profilelist$profileselect
  • API String ID: 742391678-2237385920
  • Opcode ID: c57a3b982d94300e7e8aca22cdfb253f039f5ebcdade99055f8f442872f5e069
  • Instruction ID: cfac28a0f45ef18f696091b8b97207b6bd63adb6c1cb0374f5f180885bcbd355
  • Opcode Fuzzy Hash: c57a3b982d94300e7e8aca22cdfb253f039f5ebcdade99055f8f442872f5e069
  • Instruction Fuzzy Hash: 5E711D70A00218DFDB68DF68CC55BEDB7B5AB49304F0481E9E90A97382DB346E95CF91
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?MakeLower@CDuiString@DuiLib@@QAEXXZ.DUILIB ref: 0015581E
  • ?Close@CWindowWnd@DuiLib@@QAEXI@Z.DUILIB(00000000), ref: 00155843
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00155856
  • ?SendMessageW@CWindowWnd@DuiLib@@QAEJIIJ@Z.DUILIB(00000112,0000F020,00000000), ref: 0015588F
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 001558A2
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$WindowWnd@$Close@Lower@MakeMessageSend
  • String ID: homepage_btn
  • API String ID: 1086877346-1486623813
  • Opcode ID: d558d90b25da58701e6aa9884519a16eccc7106363a5f11bea6dfdff5f6768f1
  • Instruction ID: 89f1446f9374e2c9595c310ffb0d1e468ff8fd6bc0f7b36c0e4abd819dc62a9b
  • Opcode Fuzzy Hash: d558d90b25da58701e6aa9884519a16eccc7106363a5f11bea6dfdff5f6768f1
  • Instruction Fuzzy Hash: 08510A30504209DBDB68DF24CC99BE8B776BB09321F1482A9E95E5B791CB306E86CF44
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00369A42(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x4150d0) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E00360415(_t46);
							E00368D4D( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E00360415(_t47);
							E00369207( *((intOrPtr*)(_t74 + 0x88)));
						}
						E00360415( *((intOrPtr*)(_t74 + 0x7c)));
						E00360415( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E00360415( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E00360415( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E00360415( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E00360415( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E00369BB5( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x415208) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E00360415(_t31);
							E00360415( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E00360415(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E00360415(_t74);
			}















0x00369a4a
0x00369a4e
0x00369a56
0x00369a5f
0x00369a64
0x00369a6b
0x00369a73
0x00369a7b
0x00369a86
0x00369a8c
0x00369a8d
0x00369a95
0x00369a9d
0x00369aa8
0x00369aae
0x00369ab2
0x00369abd
0x00369ac3
0x00369a64
0x00369ac4
0x00369acc
0x00369adf
0x00369af2
0x00369b00
0x00369b0b
0x00369b10
0x00369b19
0x00369b21
0x00369b22
0x00369b28
0x00369b2b
0x00369b2e
0x00369b35
0x00369b37
0x00369b3b
0x00369b43
0x00369b4a
0x00369b50
0x00369b51
0x00369b51
0x00369b58
0x00369b5a
0x00369b5f
0x00369b67
0x00369b6c
0x00369b6d
0x00369b6d
0x00369b70
0x00369b73
0x00369b76
0x00369b79
0x00369b79
0x00369b8b

APIs
  • ___free_lconv_mon.LIBCMT ref: 00369A86
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368D6A
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368D7C
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368D8E
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368DA0
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368DB2
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368DC4
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368DD6
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368DE8
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368DFA
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368E0C
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368E1E
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368E30
    • Part of subcall function 00368D4D: _free.LIBCMT ref: 00368E42
  • _free.LIBCMT ref: 00369A7B
    • Part of subcall function 00360415: HeapFree.KERNEL32(00000000,00000000,?,003694BA,?,00000000,?,00000000,?,0036975E,?,00000007,?,?,00369BDA,?), ref: 0036042B
    • Part of subcall function 00360415: GetLastError.KERNEL32(?,?,003694BA,?,00000000,?,00000000,?,0036975E,?,00000007,?,?,00369BDA,?,?), ref: 0036043D
  • _free.LIBCMT ref: 00369A9D
  • _free.LIBCMT ref: 00369AB2
  • _free.LIBCMT ref: 00369ABD
  • _free.LIBCMT ref: 00369ADF
  • _free.LIBCMT ref: 00369AF2
  • _free.LIBCMT ref: 00369B00
  • _free.LIBCMT ref: 00369B0B
  • _free.LIBCMT ref: 00369B43
  • _free.LIBCMT ref: 00369B4A
  • _free.LIBCMT ref: 00369B67
  • _free.LIBCMT ref: 00369B7F
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
  • String ID:
  • API String ID: 161543041-0
  • Opcode ID: d4a30ea92de36736cfe7c8d9f5177ce16d7f12ba607911e6d541ffcf2f660658
  • Instruction ID: e2954dd2a3b3ef15b0d991aa47a3e10877fa7c38f0a6b1e2b0e9eff35c593b7f
  • Opcode Fuzzy Hash: d4a30ea92de36736cfe7c8d9f5177ce16d7f12ba607911e6d541ffcf2f660658
  • Instruction Fuzzy Hash: E8315B31600608DFDB37AE7AE846BA677E8AF40310F15C46AE159DB199DF71AC80CB24
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB(48591883), ref: 00162F37
  • ?Format@CDuiString@DuiLib@@QAAHPB_WZZ.DUILIB(?,%s%d,key_ComBox_check_,00000005), ref: 00162F84
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 00162F93
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,00000000), ref: 00162FAA
  • ?Format@CDuiString@DuiLib@@QAAHPB_WZZ.DUILIB(?,%s%d,key_ComBox_check_,?), ref: 0016300B
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 0016301A
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,00000000), ref: 00163031
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00163085
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$Control$FindFormat@I@2@ManagerName@PaintV32@
  • String ID: %s%d$%s%d$key_ComBox_check_
  • API String ID: 2125414307-2020368576
  • Opcode ID: 9f1c2244999ab34aebe95ea76ba6a35af3230a2bfee7f2dab79377415f134ec5
  • Instruction ID: 0233697560f71d7c1a2594346a147aff80c5478dc3bbb67a09b5e5d142230826
  • Opcode Fuzzy Hash: 9f1c2244999ab34aebe95ea76ba6a35af3230a2bfee7f2dab79377415f134ec5
  • Instruction Fuzzy Hash: B4410134A00218DFD754DB24CC99FA9B3B5FB48314F1482E9E51EAB392CB316A85CF40
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,synchro_device_select), ref: 00157082
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_select), ref: 001570DE
  • ?IsSelected@COptionUI@DuiLib@@QBE_NXZ.DUILIB ref: 00157107
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 0015711D
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 00157149
  • ?SetSelectedImage@COptionUI@DuiLib@@QAEXPB_W@Z.DUILIB(00000000), ref: 00157159
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 0015716A
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 00157196
  • ?SetSelectedImage@COptionUI@DuiLib@@QAEXPB_W@Z.DUILIB(00000000), ref: 001571A6
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$ControlString@$Option$FindI@2@Image@ManagerName@PaintSelectedV32@$Selected@
  • String ID: device_select$synchro_device_select
  • API String ID: 421548360-1385648710
  • Opcode ID: 95ae73b0c1e88ad8ac75cabcc069bb03216fe326d0e84c6cdcc655ca72aedf90
  • Instruction ID: cc8846820fc34460193da76da6f2f1482463b51b671cd2d0893c5361d526c3ec
  • Opcode Fuzzy Hash: 95ae73b0c1e88ad8ac75cabcc069bb03216fe326d0e84c6cdcc655ca72aedf90
  • Instruction Fuzzy Hash: 8241AF74604104DFC708DB94D995FADB7F6FF88301F2882A9D95A9B395CB31AE41DB80
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 20%
			E00156670(intOrPtr __ecx) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				void* _v352;
				intOrPtr _v356;
				intOrPtr _v360;
				intOrPtr _v364;
				signed int _t42;
				signed int _t43;
				intOrPtr _t45;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t57;
				signed int _t84;
				void* _t85;

				_t42 =  *0x414f64; // 0x48591883
				_t43 = _t42 ^ _t84;
				_v20 = _t43;
				 *[fs:0x0] =  &_v16;
				_v356 = __ecx;
				__imp__??0CDialogBuilder@DuiLib@@QAE@XZ(_t43,  *[fs:0x0], 0x370ebc, 0xffffffff);
				_v8 = 0;
				_t45 = _v356;
				_t57 =  *((intOrPtr*)(_t45 + 0x44));
				_v364 = _t85 - 0x15c;
				__imp__??0STRINGorID@DuiLib@@QAE@PB_W@Z(L"XML\\CustomControlXML\\ComboEditElementItem.xml", _t57, 0, 0, _t57, 0);
				__imp__?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z();
				_v360 = _t45;
				if(_v360 == 0) {
					_t48 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v356 + 0x6f0)) + 0x20))))();
				} else {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v356 + 0x6f0)) + 0x20))))();
					_t48 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v356 + 0x6f0)) + 0x10))))(_v360);
				}
				__imp__?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z(L"text1");
				 *((intOrPtr*)(_v356 + 0x888)) = _t48;
				_t49 = _v356;
				__imp__?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z(L"text2");
				 *((intOrPtr*)(_v356 + 0x88c)) = _t49;
				__imp__?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z();
				 *((intOrPtr*)(_v356 + 0x890)) = _t49;
				_v8 = 0xffffffff;
				__imp__??1CDialogBuilder@DuiLib@@QAE@XZ();
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t84, L"delay_edit");
			}


















0x00156687
0x0015668c
0x0015668e
0x00156695
0x0015669b
0x001566a7
0x001566ad
0x001566b6
0x001566bc
0x001566c7
0x001566d2
0x001566de
0x001566e4
0x001566f1
0x00156751
0x001566f3
0x0015670e
0x00156732
0x00156732
0x00156761
0x0015676d
0x00156778
0x00156781
0x0015678d
0x001567a1
0x001567ad
0x001567b3
0x001567c0
0x001567c9
0x001567de

APIs
  • ??0CDialogBuilder@DuiLib@@QAE@XZ.DUILIB(48591883), ref: 001566A7
  • ??0STRINGorID@DuiLib@@QAE@PB_W@Z.DUILIB(XML\CustomControlXML\ComboEditElementItem.xml,?,00000000,00000000,?,00000000), ref: 001566D2
  • ?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z.DUILIB ref: 001566DE
  • ?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z.DUILIB(text1), ref: 00156761
  • ?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z.DUILIB(text2), ref: 00156781
  • ?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z.DUILIB(delay_edit), ref: 001567A1
  • ??1CDialogBuilder@DuiLib@@QAE@XZ.DUILIB ref: 001567C0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$I@2@$ControlDialogManagerPaint$Builder@Control@Find$BuilderCallback@2@Create@D@2@V32@@
  • String ID: XML\CustomControlXML\ComboEditElementItem.xml$delay_edit$text1$text2
  • API String ID: 82958161-3212165303
  • Opcode ID: 7d51ec321c17eb71b56cde291ed2f0967dd52ed55a486ec59b3a7b1e9202913b
  • Instruction ID: 4baa668c12c28908f7e6528beb956d9f1988e41435b63e55fea28817b30f161a
  • Opcode Fuzzy Hash: 7d51ec321c17eb71b56cde291ed2f0967dd52ed55a486ec59b3a7b1e9202913b
  • Instruction Fuzzy Hash: C841B374A00219DFDB16DF14DC95BEAB7B5FB89300F1442E9D81A9B391DA326E40CF80
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 32%
			E0015A260(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0, void* _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v152;
				char _v284;
				char _v416;
				intOrPtr _v420;
				signed int _v424;
				intOrPtr _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				intOrPtr _v440;
				intOrPtr _v444;
				intOrPtr _v448;
				intOrPtr _v452;
				signed int _t41;
				char* _t50;
				char* _t51;
				signed int _t84;
				void* _t85;
				void* _t89;

				_t89 = __eflags;
				_t41 =  *0x414f64; // 0x48591883
				_v20 = _t41 ^ _t84;
				 *[fs:0x0] =  &_v16;
				_v420 = __ecx;
				_v424 = 0;
				_v444 = _t85 - 0x19c;
				E00208830(_v420 + 0xaa0, "profilelist");
				_v448 = L00207760(__ebx, E00208830(E00208290(__ebx, __edi, __esi, _a8), "profileUUID"), __edi, __esi, __fp0, _t85 - 0x19c);
				_v452 = E00198100(_t89,  &_v152, _t41 ^ _t84);
				_v8 = 0;
				_t50 =  &_v152;
				__imp__??HCDuiString@DuiLib@@QBE?AV01@ABV01@@Z( &_v416, _t50,  *[fs:0x0], 0x371254, 0xffffffff);
				_v428 = _t50;
				_v432 = _v428;
				_v8 = 1;
				_t51 =  &_v284;
				__imp__??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z(_t51, L".Json");
				_v436 = _t51;
				_v440 = _v436;
				_v8 = 2;
				__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z(_v440);
				_v8 = 1;
				__imp__??1CDuiString@DuiLib@@QAE@XZ();
				_v8 = 0;
				__imp__??1CDuiString@DuiLib@@QAE@XZ();
				__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
				_v424 = _v424 | 0x00000001;
				_v8 = 0xffffffff;
				__imp__??1CDuiString@DuiLib@@QAE@XZ();
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t84,  &_v152);
			}
























0x0015a260
0x0015a277
0x0015a27e
0x0015a285
0x0015a28b
0x0015a291
0x0015a2a0
0x0015a2c1
0x0015a2db
0x0015a2f0
0x0015a2f6
0x0015a2fd
0x0015a317
0x0015a31d
0x0015a329
0x0015a32f
0x0015a338
0x0015a345
0x0015a34b
0x0015a357
0x0015a35d
0x0015a36e
0x0015a374
0x0015a37e
0x0015a384
0x0015a38e
0x0015a39e
0x0015a3ad
0x0015a3b3
0x0015a3c0
0x0015a3cc
0x0015a3e1

APIs
    • Part of subcall function 00198100: std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0019814E
    • Part of subcall function 00198100: _DebugHeapAllocator.LIBCPMTD ref: 00198186
    • Part of subcall function 00198100: ??0CDuiString@DuiLib@@QAE@XZ.DUILIB(?,?,48591883), ref: 001981A0
    • Part of subcall function 00198100: ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(00000000,?,48591883), ref: 001981BC
    • Part of subcall function 00198100: ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?,?,48591883), ref: 001981CC
    • Part of subcall function 00198100: ??1CDuiString@DuiLib@@QAE@XZ.DUILIB(?,48591883), ref: 001981EB
  • ??HCDuiString@DuiLib@@QBE?AV01@ABV01@@Z.DUILIB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,48591883), ref: 0015A317
  • ??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z.DUILIB(?,.Json,?,?,?,?,?,?,?,?,?,?,?,?,48591883), ref: 0015A345
  • ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z.DUILIB(?,?,?,?,?,?,?,?,?,?,?,?,?,48591883), ref: 0015A36E
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB(?,?,?,?,?,?,?,?,?,?,?,?,48591883), ref: 0015A37E
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB(?,?,?,?,?,?,?,?,?,?,?,?,48591883), ref: 0015A38E
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?,?,?,?,?,?,?,?,?,?,?,?,?,48591883), ref: 0015A39E
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB(?,?,?,?,?,?,?,?,?,?,?,?,48591883), ref: 0015A3C0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$V01@V01@@$AllocatorContainer_base12Container_base12::~_DebugHeapstd::_
  • String ID: .Json$profileUUID$profilelist
  • API String ID: 3314195026-2869734098
  • Opcode ID: e1b6c1dfb56b506b6d212717ce4a30d74448e17756b1e5778e0e0ff29995801d
  • Instruction ID: 26a2d1eceb2090a2a5ffaf581ffe894828b668bc21d9ca3bb667285c0ab54692
  • Opcode Fuzzy Hash: e1b6c1dfb56b506b6d212717ce4a30d74448e17756b1e5778e0e0ff29995801d
  • Instruction Fuzzy Hash: 59411870A052589FDB15DF64CD55BEEB7B5BB49300F0081E9E54AA7281DB301A44CF91
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,synchro_device_select), ref: 001571E2
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_select), ref: 00157240
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 00157271
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 0015729D
  • ?SetSelectedImage@COptionUI@DuiLib@@QAEXPB_W@Z.DUILIB(00000000), ref: 001572AD
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 001572BE
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 001572EA
  • ?SetSelectedImage@COptionUI@DuiLib@@QAEXPB_W@Z.DUILIB(00000000), ref: 001572FA
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$ControlString@$FindI@2@Image@ManagerName@OptionPaintSelectedV32@
  • String ID: device_select$synchro_device_select
  • API String ID: 2053697249-1385648710
  • Opcode ID: fb4c466a8049d51f44e21278a95afe809102b0937cbfb6af6c663d9a541ba179
  • Instruction ID: 3bf2bb6b34dfca4947a26b525b45ffd13dc75816d09f0f62578c6c86edc92a1a
  • Opcode Fuzzy Hash: fb4c466a8049d51f44e21278a95afe809102b0937cbfb6af6c663d9a541ba179
  • Instruction Fuzzy Hash: 0341ED34604104EFC705CB94D994FADB7F6BF48301F2882A9E95A9B395CB31AE41DF90
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z.DUILIB(closebtn), ref: 00155C42
  • ?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z.DUILIB(maxbtn), ref: 00155C5C
  • ?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z.DUILIB(restorebtn), ref: 00155C76
  • ?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z.DUILIB(minbtn), ref: 00155C90
  • ?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z.DUILIB(menubtn), ref: 00155CAA
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlControl@FindI@2@Lib@@ManagerPaint
  • String ID: closebtn$maxbtn$menubtn$minbtn$restorebtn
  • API String ID: 1871823513-1252711144
  • Opcode ID: fdf6717711e060ce6944a56895e00554702eb0c467104378a1b8682eaee86cdd
  • Instruction ID: 265e2811767f27b00dbb39fed288255cb81a0a351cb1beffc3ed0d906adceeac
  • Opcode Fuzzy Hash: fdf6717711e060ce6944a56895e00554702eb0c467104378a1b8682eaee86cdd
  • Instruction Fuzzy Hash: CC01D7B4A01209EFCB09CF94C999ABCB7B5EB44308F2481EED846AB381DB315F01DB55
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 24%
			E00211CC0(void* __ebx, char __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				char _v24;
				char _v60;
				intOrPtr _v64;
				void* _v84;
				signed int _t21;
				signed char _t26;
				char* _t27;
				void* _t37;
				void* _t40;
				void* _t42;
				intOrPtr _t43;
				short _t44;
				char _t45;
				signed int _t47;
				char* _t52;
				void* _t57;
				short* _t59;
				void* _t64;
				char* _t70;
				signed int _t71;
				signed int _t73;
				void* _t74;
				signed int _t75;
				void* _t77;

				_t73 = (_t71 & 0xffffffc0) - 0x74;
				_t21 =  *0x414f64; // 0x48591883
				_v8 = _t21 ^ _t73;
				asm("movsd [esp+0x3c], xmm1");
				_v64 = 0;
				_t47 = __edx;
				_v84 = __ecx;
				E0020B5A0(__eflags,  &_v24, 0xf, "%%.%dg", _a4);
				asm("movsd xmm0, [esp+0x48]");
				asm("movsd [esp+0x44], xmm0");
				_t26 = E0035A99A( &_v84);
				_t74 = _t73 + 0x14;
				_t79 = _t26;
				if(_t26 > 0) {
					asm("movsd xmm1, [esp+0x38]");
					asm("ucomisd xmm1, xmm1");
					asm("lahf");
					__eflags = _t26 & 0x00000044;
					if(__eflags != 0) {
						asm("xorps xmm0, xmm0");
						asm("comisd xmm0, xmm1");
						if(__eflags <= 0) {
							_t27 = "Infinity";
							_t52 = "1e+9999";
						} else {
							_t27 = "-Infinity";
							_t52 = "-1e+9999";
						}
					} else {
						_t27 = "NaN";
						_t52 = "null";
					}
					__eflags = _t47;
					_t28 =  ==  ? _t52 : _t27;
					_push( ==  ? _t52 : _t27);
					_push(0x24);
					_push( &_v60);
					E0020B5A0(_t47);
					_t75 = _t74 + 0xc;
					L16:
					E00169EF0( &_v60);
					return E00344CC8(_v12 ^ _t75);
				}
				asm("movsd xmm0, [esp+0x38]");
				_t70 =  &_v60;
				asm("movsd [esp], xmm0");
				_push( &_v24);
				_push(0x24);
				_push(_t70);
				_t37 = E0020B5A0(_t79);
				_v84 = _t70;
				_t77 = _t74 - 8 + 0x14;
				_t57 = 0;
				_t64 =  >  ? 0 : _t37 + _t70 - _t70;
				if(_t64 == 0) {
					L5:
					_t40 = E00349180( &_v60, 0x2e);
					_t75 = _t77 + 8;
					if(_t40 != 0) {
						goto L16;
					}
					_t42 = E00349180( &_v60, 0x65);
					_t75 = _t75 + 8;
					if(_t42 != 0) {
						goto L16;
					}
					_t59 =  &_v60 - 1;
					do {
						_t43 =  *((intOrPtr*)(_t59 + 1));
						_t59 = _t59 + 1;
					} while (_t43 != 0);
					_t44 =  *((intOrPtr*)(".0")); // 0x302e
					 *_t59 = _t44;
					_t45 =  *0x3e5f5a; // 0x0
					 *((char*)(_t59 + 2)) = _t45;
					goto L16;
				} else {
					goto L2;
				}
				do {
					L2:
					if( *_t70 == 0x2c) {
						 *_t70 = 0x2e;
					}
					_t57 = _t57 + 1;
					_t70 = _t70 + 1;
				} while (_t57 < _t64);
				goto L5;
			}





























0x00211cc6
0x00211cc9
0x00211cd0
0x00211cde
0x00211ceb
0x00211cf6
0x00211cf8
0x00211cfc
0x00211d01
0x00211d0c
0x00211d12
0x00211d17
0x00211d1a
0x00211d1d
0x00211dbe
0x00211dc4
0x00211dc8
0x00211dc9
0x00211dcc
0x00211dda
0x00211ddd
0x00211de1
0x00211def
0x00211df4
0x00211de3
0x00211de3
0x00211de8
0x00211de8
0x00211dce
0x00211dce
0x00211dd3
0x00211dd3
0x00211df9
0x00211dfb
0x00211dfe
0x00211e03
0x00211e05
0x00211e06
0x00211e0b
0x00211e0e
0x00211e15
0x00211e2d
0x00211e2d
0x00211d23
0x00211d30
0x00211d34
0x00211d39
0x00211d3c
0x00211d3e
0x00211d3f
0x00211d4a
0x00211d54
0x00211d59
0x00211d5d
0x00211d62
0x00211d72
0x00211d79
0x00211d7e
0x00211d83
0x00000000
0x00000000
0x00211d90
0x00211d95
0x00211d9a
0x00000000
0x00000000
0x00211da0
0x00211da1
0x00211da1
0x00211da4
0x00211da7
0x00211dab
0x00211db1
0x00211db4
0x00211db9
0x00000000
0x00000000
0x00000000
0x00000000
0x00211d64
0x00211d64
0x00211d67
0x00211d69
0x00211d69
0x00211d6c
0x00211d6d
0x00211d6e
0x00000000

APIs
  • ___from_strstr_to_strchr.LIBCMT ref: 00211D79
  • ___from_strstr_to_strchr.LIBCMT ref: 00211D90
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ___from_strstr_to_strchr
  • String ID: %%.%dg$-1e+9999$-Infinity$1e+9999$Infinity$NaN$null
  • API String ID: 601868998-1955747591
  • Opcode ID: 3dd48dfd393655bdd9dcdf02e10157100553a8687f8db7a3be04a316e8c632b6
  • Instruction ID: 51ff2c4665d0295cd5e6018c3341b3e5a3b6980ec862c939eb09ad0ccf98bbef
  • Opcode Fuzzy Hash: 3dd48dfd393655bdd9dcdf02e10157100553a8687f8db7a3be04a316e8c632b6
  • Instruction Fuzzy Hash: BF419B35B147448BCB21DE3898416EB7BE99FD6344F04462DFA85CB281EB31C8668792
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 91%
			E00214C5F(void* __eflags, struct HMENU__* _a4, struct HMENU__* _a8, signed int _a12) {
				struct HMENU__* _v4;
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				void* _v20;
				intOrPtr _t25;
				int _t30;
				struct HMENU__* _t33;
				struct HMENU__* _t36;
				int _t39;
				int _t41;
				int _t44;
				void* _t51;

				_t51 = __eflags;
				_push(4);
				E00345555(0x385332);
				_t25 = E00214952(_t51, 0xc);
				_v16 = _t25;
				_t36 = 0;
				_v4 = 0;
				if(_t25 != 0) {
					_t36 = E002149AC(_t25);
				}
				_v8 = _v8 | 0xffffffff;
				 *((intOrPtr*)(_t36 + 8)) = _a4;
				_v20 = _t36;
				E00349ADA( &_v20, 0x3fb948);
				asm("int3");
				_push(_t36);
				_push(_t36);
				_v20 = GetMenuItemCount(_v4);
				_t30 = GetMenuItemCount(_v8);
				_t44 = _t30 - 1;
				if(_t44 >= 0) {
					do {
						_t30 = GetSubMenu(_a4, _t44);
						_t33 = _t30;
						if(_t33 != 0) {
							if(_a12 == 0) {
								_t39 = 0;
								__eflags = _v8;
								if(_v8 > 0) {
									while(1) {
										_t30 = GetSubMenu(_a8, _t39);
										__eflags = _t30 - _t33;
										if(_t30 == _t33) {
											break;
										}
										_t39 = _t39 + 1;
										__eflags = _t39 - _v8;
										if(_t39 < _v8) {
											continue;
										} else {
										}
										goto L16;
									}
									_t30 = RemoveMenu(_a4, _t44, 0x400);
								}
							} else {
								_t30 = GetMenuItemCount(_t33);
								_t41 = 0;
								_v12 = _t30;
								if(_t30 > 0) {
									while(1) {
										_t30 = GetSubMenu(_t33, _t41);
										if(_t30 == _a12) {
											break;
										}
										_t41 = _t41 + 1;
										if(_t41 < _v12) {
											continue;
										} else {
										}
										goto L16;
									}
									_t30 = RemoveMenu(_t33, _t41, 0x400);
									_a12 = _a12 & 0x00000000;
								}
							}
						}
						L16:
						_t44 = _t44 - 1;
					} while (_t44 >= 0);
				}
				return _t30;
			}
















0x00214c5f
0x00214c5f
0x00214c66
0x00214c6d
0x00214c73
0x00214c76
0x00214c78
0x00214c7d
0x00214c86
0x00214c86
0x00214c8b
0x00214c8f
0x00214c9b
0x00214c9e
0x00214ca3
0x00214ca7
0x00214ca8
0x00214cb6
0x00214cb9
0x00214cc1
0x00214cc4
0x00214ccc
0x00214cd0
0x00214cd6
0x00214cda
0x00214ce0
0x00214d1a
0x00214d1c
0x00214d1f
0x00214d21
0x00214d25
0x00214d2b
0x00214d2d
0x00000000
0x00000000
0x00214d2f
0x00214d30
0x00214d33
0x00000000
0x00000000
0x00214d35
0x00000000
0x00214d33
0x00214d40
0x00214d40
0x00214ce2
0x00214ce3
0x00214ce9
0x00214ceb
0x00214cf0
0x00214cf2
0x00214cf4
0x00214cfd
0x00000000
0x00000000
0x00214cff
0x00214d03
0x00000000
0x00000000
0x00214d05
0x00000000
0x00214d03
0x00214d0e
0x00214d14
0x00214d14
0x00214cf0
0x00214ce0
0x00214d46
0x00214d46
0x00214d46
0x00214d4c
0x00214d51

APIs
  • __EH_prolog3.LIBCMT ref: 00214C66
  • __CxxThrowException@8.LIBVCRUNTIME ref: 00214C9E
  • GetMenuItemCount.USER32 ref: 00214CAD
  • GetMenuItemCount.USER32 ref: 00214CB9
  • GetSubMenu.USER32 ref: 00214CD0
  • GetMenuItemCount.USER32 ref: 00214CE3
  • GetSubMenu.USER32 ref: 00214CF4
  • RemoveMenu.USER32(00000000,00000000,00000400,?,?,?,?,?,?,8007000E,003FB948,00000004,0016AB8C), ref: 00214D0E
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Menu$CountItem$Exception@8H_prolog3RemoveThrow
  • String ID:
  • API String ID: 642076194-0
  • Opcode ID: 44f14b6249df2af8c08bc0f33f5b198793fdf56b29e6849118f1e3d5104f1e66
  • Instruction ID: 472191951bbb4bd05c808e34c76f6b0b43dba483a0721f667cb0949ccdcccbe9
  • Opcode Fuzzy Hash: 44f14b6249df2af8c08bc0f33f5b198793fdf56b29e6849118f1e3d5104f1e66
  • Instruction Fuzzy Hash: 5D31FF7191030AEBCF12AF64EC49AEF3BE9FB91350F14416AF50EAA150C7709A90CB50
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(itemactivate,000000FF,48591883), ref: 001530D1
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4218,000000FF), ref: 001530EA
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(setfocus,000000FF), ref: 0015314B
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4230,000000FF), ref: 00153161
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4234,000000FF), ref: 001531C0
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D4238,000000FF), ref: 001531D6
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$__onexit
  • String ID: itemactivate$setfocus
  • API String ID: 2284767783-3538113614
  • Opcode ID: c0cb60a51449137d791c8b826a2902a24424e9d2a5bfdc25435d6b2e49232955
  • Instruction ID: 0233f5daf3594eea7b8ca4bde1a0d68dd5cbe7901444cbb99091f240acf982ab
  • Opcode Fuzzy Hash: c0cb60a51449137d791c8b826a2902a24424e9d2a5bfdc25435d6b2e49232955
  • Instruction Fuzzy Hash: C441F9B4A0A3059BDB15CF98E959B9DBBB1FB48324F60836EE420673E0CB7419058F58
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB(48591883), ref: 001630E7
  • ?Format@CDuiString@DuiLib@@QAAHPB_WZZ.DUILIB(?,%s%d,key_ComBox_check_,00000005), ref: 0016313E
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 0016314D
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,00000000), ref: 00163164
  • ?IsSelected@COptionUI@DuiLib@@QBE_NXZ.DUILIB ref: 00163191
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 001631CA
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$Control$FindFormat@I@2@ManagerName@OptionPaintSelected@V32@
  • String ID: %s%d$key_ComBox_check_
  • API String ID: 964148373-935094173
  • Opcode ID: 70cbbeb55600073defe99c8a4b90dccc5d06e75e112af40820fa00c575182691
  • Instruction ID: f8b3bb08a763bb68c2207101e2c85d88757059241f8671a3ff4fde94bbf74ec1
  • Opcode Fuzzy Hash: 70cbbeb55600073defe99c8a4b90dccc5d06e75e112af40820fa00c575182691
  • Instruction Fuzzy Hash: D0311770A00218DFDB24DF24CD49BA9B7B5FB4A310F0482EAD41EA7391DB305A85CF00
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 77%
			E00363E5E(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				char _v6;
				void* _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _v32;
				long _v36;
				void* _v40;
				long _v44;
				signed int* _t143;
				signed int _t145;
				intOrPtr _t149;
				signed int _t153;
				signed int _t155;
				signed char _t157;
				unsigned int _t158;
				intOrPtr _t162;
				void* _t163;
				signed int _t164;
				signed int _t167;
				long _t168;
				intOrPtr _t175;
				signed int _t176;
				intOrPtr _t178;
				signed int _t180;
				signed int _t184;
				char _t191;
				char* _t192;
				char _t199;
				char* _t200;
				signed char _t211;
				signed int _t213;
				long _t215;
				signed int _t216;
				char _t218;
				signed char _t222;
				signed int _t223;
				unsigned int _t224;
				intOrPtr _t225;
				unsigned int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed char _t236;
				signed int _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t246;
				void* _t248;
				void* _t249;

				_t213 = _a4;
				if(_t213 != 0xfffffffe) {
					__eflags = _t213;
					if(_t213 < 0) {
						L58:
						_t143 = E0035012A();
						 *_t143 =  *_t143 & 0x00000000;
						__eflags =  *_t143;
						 *((intOrPtr*)(E0035013D())) = 9;
						L59:
						_t145 = E0034D667();
						goto L60;
					}
					__eflags = _t213 -  *0x422420;
					if(_t213 >=  *0x422420) {
						goto L58;
					}
					_v24 = 1;
					_t239 = _t213 >> 6;
					_t235 = (_t213 & 0x0000003f) * 0x30;
					_v20 = _t239;
					_t149 =  *((intOrPtr*)(0x422220 + _t239 * 4));
					_v28 = _t235;
					_t222 =  *((intOrPtr*)(_t235 + _t149 + 0x28));
					_v5 = _t222;
					__eflags = _t222 & 0x00000001;
					if((_t222 & 0x00000001) == 0) {
						goto L58;
					}
					_t223 = _a12;
					__eflags = _t223 - 0x7fffffff;
					if(_t223 <= 0x7fffffff) {
						__eflags = _t223;
						if(_t223 == 0) {
							L57:
							return 0;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L57;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t153 =  *((intOrPtr*)(_t235 + _t149 + 0x29));
						_v5 = _t153;
						_v32 =  *((intOrPtr*)(_t235 + _t149 + 0x18));
						_t246 = 0;
						_t155 = _t153 - 1;
						__eflags = _t155;
						if(_t155 == 0) {
							_t236 = _v24;
							_t157 =  !_t223;
							__eflags = _t236 & _t157;
							if((_t236 & _t157) != 0) {
								_t158 = 4;
								_t224 = _t223 >> 1;
								_v16 = _t158;
								__eflags = _t224 - _t158;
								if(_t224 >= _t158) {
									_t158 = _t224;
									_v16 = _t224;
								}
								_t246 = E003600B9(_t224, _t158);
								E00360415(0);
								E00360415(0);
								_t249 = _t248 + 0xc;
								_v12 = _t246;
								__eflags = _t246;
								if(_t246 != 0) {
									_t162 = E003630C5(_t213, 0, 0, _v24);
									_t225 =  *((intOrPtr*)(0x422220 + _t239 * 4));
									_t248 = _t249 + 0x10;
									_t240 = _v28;
									 *((intOrPtr*)(_t240 + _t225 + 0x20)) = _t162;
									_t163 = _t246;
									 *(_t240 + _t225 + 0x24) = _t236;
									_t235 = _t240;
									_t223 = _v16;
									L21:
									_t241 = 0;
									_v40 = _t163;
									_t215 =  *((intOrPtr*)(0x422220 + _v20 * 4));
									_v36 = _t215;
									__eflags =  *(_t235 + _t215 + 0x28) & 0x00000048;
									_t216 = _a4;
									if(( *(_t235 + _t215 + 0x28) & 0x00000048) != 0) {
										_t218 =  *((intOrPtr*)(_t235 + _v36 + 0x2a));
										_v6 = _t218;
										__eflags = _t218 - 0xa;
										_t216 = _a4;
										if(_t218 != 0xa) {
											__eflags = _t223;
											if(_t223 != 0) {
												_t241 = _v24;
												 *_t163 = _v6;
												_t216 = _a4;
												_t232 = _t223 - 1;
												__eflags = _v5;
												_v12 = _t163 + 1;
												_v16 = _t232;
												 *((char*)(_t235 +  *((intOrPtr*)(0x422220 + _v20 * 4)) + 0x2a)) = 0xa;
												if(_v5 != 0) {
													_t191 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x422220 + _v20 * 4)) + 0x2b));
													_v6 = _t191;
													__eflags = _t191 - 0xa;
													if(_t191 != 0xa) {
														__eflags = _t232;
														if(_t232 != 0) {
															_t192 = _v12;
															_t241 = 2;
															 *_t192 = _v6;
															_t216 = _a4;
															_t233 = _t232 - 1;
															_v12 = _t192 + 1;
															_v16 = _t233;
															 *((char*)(_t235 +  *((intOrPtr*)(0x422220 + _v20 * 4)) + 0x2b)) = 0xa;
															__eflags = _v5 - _v24;
															if(_v5 == _v24) {
																_t199 =  *((intOrPtr*)(_t235 +  *((intOrPtr*)(0x422220 + _v20 * 4)) + 0x2c));
																_v6 = _t199;
																__eflags = _t199 - 0xa;
																if(_t199 != 0xa) {
																	__eflags = _t233;
																	if(_t233 != 0) {
																		_t200 = _v12;
																		_t241 = 3;
																		 *_t200 = _v6;
																		_t216 = _a4;
																		_t234 = _t233 - 1;
																		__eflags = _t234;
																		_v12 = _t200 + 1;
																		_v16 = _t234;
																		 *((char*)(_t235 +  *((intOrPtr*)(0x422220 + _v20 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t164 = E0036DBD9(_t216);
									__eflags = _t164;
									if(_t164 == 0) {
										L41:
										_v24 = 0;
										L42:
										_t167 = ReadFile(_v32, _v12, _v16,  &_v36, 0);
										__eflags = _t167;
										if(_t167 == 0) {
											L53:
											_t168 = GetLastError();
											_t241 = 5;
											__eflags = _t168 - _t241;
											if(_t168 != _t241) {
												__eflags = _t168 - 0x6d;
												if(_t168 != 0x6d) {
													L37:
													E00350107(_t168);
													goto L38;
												}
												_t242 = 0;
												goto L39;
											}
											 *((intOrPtr*)(E0035013D())) = 9;
											 *(E0035012A()) = _t241;
											goto L38;
										}
										_t229 = _a12;
										__eflags = _v36 - _t229;
										if(_v36 > _t229) {
											goto L53;
										}
										_t242 = _t241 + _v36;
										__eflags = _t242;
										L45:
										_t237 = _v28;
										_t175 =  *((intOrPtr*)(0x422220 + _v20 * 4));
										__eflags =  *(_t237 + _t175 + 0x28) & 0x00000080;
										if(( *(_t237 + _t175 + 0x28) & 0x00000080) != 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v24;
												_push(_t242 >> 1);
												_push(_v40);
												_push(_t216);
												if(_v24 == 0) {
													_t176 = E003639BA();
												} else {
													_t176 = E00363CCA();
												}
											} else {
												_t230 = _t229 >> 1;
												__eflags = _t229 >> 1;
												_t176 = E00363B7A(_t229 >> 1, _t229 >> 1, _t216, _v12, _t242, _a8, _t230);
											}
											_t242 = _t176;
										}
										goto L39;
									}
									_t231 = _v28;
									_t178 =  *((intOrPtr*)(0x422220 + _v20 * 4));
									__eflags =  *(_t231 + _t178 + 0x28) & 0x00000080;
									if(( *(_t231 + _t178 + 0x28) & 0x00000080) == 0) {
										goto L41;
									}
									_t180 = GetConsoleMode(_v32,  &_v44);
									__eflags = _t180;
									if(_t180 == 0) {
										goto L41;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L42;
									}
									_t184 = ReadConsoleW(_v32, _v12, _v16 >> 1,  &_v36, 0);
									__eflags = _t184;
									if(_t184 != 0) {
										_t229 = _a12;
										_t242 = _t241 + _v36 * 2;
										goto L45;
									}
									_t168 = GetLastError();
									goto L37;
								} else {
									 *((intOrPtr*)(E0035013D())) = 0xc;
									 *(E0035012A()) = 8;
									L38:
									_t242 = _t241 | 0xffffffff;
									__eflags = _t242;
									L39:
									E00360415(_t246);
									return _t242;
								}
							}
							L15:
							 *(E0035012A()) =  *_t206 & _t246;
							 *((intOrPtr*)(E0035013D())) = 0x16;
							E0034D667();
							goto L38;
						}
						__eflags = _t155 != 1;
						if(_t155 != 1) {
							L13:
							_t163 = _a8;
							_v16 = _t223;
							_v12 = _t163;
							goto L21;
						}
						_t211 =  !_t223;
						__eflags = _t211 & 0x00000001;
						if((_t211 & 0x00000001) == 0) {
							goto L15;
						}
						goto L13;
					}
					L6:
					 *(E0035012A()) =  *_t151 & 0x00000000;
					 *((intOrPtr*)(E0035013D())) = 0x16;
					goto L59;
				} else {
					 *(E0035012A()) =  *_t212 & 0x00000000;
					_t145 = E0035013D();
					 *_t145 = 9;
					L60:
					return _t145 | 0xffffffff;
				}
			}



























































0x00363e67
0x00363e6e
0x00363e88
0x00363e8a
0x003641f2
0x003641f2
0x003641f7
0x003641f7
0x003641ff
0x00364205
0x00364205
0x00000000
0x00364205
0x00363e90
0x00363e96
0x00000000
0x00000000
0x00363e9e
0x00363eaa
0x00363ead
0x00363eb0
0x00363eb3
0x00363eba
0x00363ebd
0x00363ec1
0x00363ec4
0x00363ec7
0x00000000
0x00000000
0x00363ecd
0x00363ed0
0x00363ed6
0x00363ef0
0x00363ef2
0x003641ee
0x00000000
0x003641ee
0x00363ef8
0x00363efc
0x00000000
0x00000000
0x00363f02
0x00363f06
0x00000000
0x00000000
0x00363f0d
0x00363f11
0x00363f14
0x00363f17
0x00363f1c
0x00363f1c
0x00363f1f
0x00363f3c
0x00363f41
0x00363f43
0x00363f45
0x00363f65
0x00363f66
0x00363f68
0x00363f6b
0x00363f6d
0x00363f6f
0x00363f71
0x00363f71
0x00363f7c
0x00363f7e
0x00363f85
0x00363f8a
0x00363f8d
0x00363f90
0x00363f92
0x00363fb7
0x00363fbc
0x00363fc3
0x00363fc6
0x00363fc9
0x00363fcd
0x00363fcf
0x00363fd3
0x00363fd5
0x00363fd8
0x00363fdb
0x00363fdd
0x00363fe0
0x00363fe7
0x00363fea
0x00363fef
0x00363ff2
0x00363ffb
0x00363fff
0x00364002
0x00364005
0x00364008
0x0036400e
0x00364010
0x00364019
0x0036401c
0x0036401f
0x00364022
0x00364023
0x00364027
0x0036402d
0x00364037
0x0036403c
0x0036404c
0x00364050
0x00364053
0x00364055
0x00364057
0x00364059
0x0036405b
0x00364063
0x00364064
0x00364067
0x0036406a
0x0036406b
0x00364071
0x0036407b
0x00364083
0x00364086
0x00364092
0x00364096
0x00364099
0x0036409b
0x0036409d
0x0036409f
0x003640a1
0x003640a9
0x003640aa
0x003640ad
0x003640b0
0x003640b0
0x003640b1
0x003640b7
0x003640c1
0x003640c1
0x0036409f
0x0036409b
0x00364086
0x00364059
0x00364055
0x0036403c
0x00364010
0x00364008
0x003640c7
0x003640cd
0x003640cf
0x00364142
0x00364142
0x00364146
0x00364156
0x0036415c
0x0036415e
0x003641ba
0x003641ba
0x003641c2
0x003641c3
0x003641c5
0x003641de
0x003641e1
0x0036411e
0x0036411f
0x00000000
0x00364124
0x003641e7
0x00000000
0x003641e7
0x003641cc
0x003641d7
0x00000000
0x003641d7
0x00364160
0x00364163
0x00364166
0x00000000
0x00000000
0x00364168
0x00364168
0x0036416b
0x0036416e
0x00364171
0x00364178
0x0036417d
0x0036417f
0x00364183
0x0036419e
0x003641a2
0x003641a3
0x003641a6
0x003641a7
0x003641b3
0x003641a9
0x003641a9
0x003641a9
0x00364185
0x00364185
0x00364185
0x00364190
0x00364195
0x00364198
0x00364198
0x00000000
0x0036417d
0x003640d4
0x003640d7
0x003640de
0x003640e3
0x00000000
0x00000000
0x003640ec
0x003640f2
0x003640f4
0x00000000
0x00000000
0x003640f6
0x003640fa
0x00000000
0x00000000
0x0036410e
0x00364114
0x00364116
0x0036413a
0x0036413d
0x00000000
0x0036413d
0x00364118
0x00000000
0x00363f94
0x00363f99
0x00363fa4
0x00364125
0x00364125
0x00364125
0x00364128
0x00364129
0x00000000
0x00364131
0x00363f92
0x00363f47
0x00363f4c
0x00363f53
0x00363f59
0x00000000
0x00363f59
0x00363f21
0x00363f24
0x00363f2e
0x00363f2e
0x00363f31
0x00363f34
0x00000000
0x00363f34
0x00363f28
0x00363f2a
0x00363f2c
0x00000000
0x00000000
0x00000000
0x00363f2c
0x00363ed8
0x00363edd
0x00363ee5
0x00000000
0x00363e70
0x00363e75
0x00363e78
0x00363e7d
0x0036420a
0x00000000
0x0036420a

Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: cd6232c888b9c4226fc30d8e02a2a6ff15686808620eaaae03d5315f4bfc469a
  • Instruction ID: 6eaf6cedb2fec7a8826e3b5ed59a27d5c2ed550d699942e335369d13f17b6017
  • Opcode Fuzzy Hash: cd6232c888b9c4226fc30d8e02a2a6ff15686808620eaaae03d5315f4bfc469a
  • Instruction Fuzzy Hash: 81C10674E04349AFDF17CFA8DC41BADBBB4AF1A310F158194E910AB396C7719A81CB61
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 41%
			E0036E24E(void* __ecx, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				char _v6;
				void* _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v36;
				signed int _v44;
				void _v48;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t164;
				intOrPtr _t180;
				signed int* _t190;
				signed int _t192;
				char _t197;
				signed int _t203;
				signed int _t206;
				signed int _t215;
				signed int _t217;
				signed int _t219;
				signed int _t225;
				signed int _t227;
				signed int _t234;
				signed int _t235;
				signed int _t237;
				signed int _t239;
				signed char _t242;
				intOrPtr _t245;
				void* _t248;
				void* _t252;
				void* _t262;
				signed int _t263;
				signed int _t266;
				signed int _t269;
				signed int _t270;
				void* _t272;
				void* _t274;
				void* _t275;
				void* _t277;
				void* _t278;
				void* _t280;
				void* _t284;

				_t262 = E0036E022(__ecx,  &_v72, _a16, _a20, _a24);
				_t192 = 6;
				memcpy( &_v48, _t262, _t192 << 2);
				_t274 = _t272 + 0x1c;
				_t248 = _t262 + _t192 + _t192;
				_t263 = _t262 | 0xffffffff;
				if(_v36 != _t263) {
					_t114 = E0035D4F3(_t248, _t263, __eflags);
					_t190 = _a8;
					 *_t190 = _t114;
					__eflags = _t114 - _t263;
					if(_t114 != _t263) {
						_v20 = _v20 & 0x00000000;
						_v24 = 0xc;
						_t275 = _t274 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v16 =  !(_a16 >> 7) & 1;
						_push( &_v24);
						_push(_a12);
						memcpy(_t275,  &_v48, 1 << 2);
						_t197 = 0;
						_t252 = E0036DF8D();
						_t277 = _t275 + 0x2c;
						_v12 = _t252;
						__eflags = _t252 - 0xffffffff;
						if(_t252 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t252);
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v48;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v48 | 0x00000040;
								}
								_v5 = _t124;
								E0035D43C(_t197,  *_t190, _t252);
								_t242 = _v5 | 0x00000001;
								_v5 = _t242;
								_v48 = _t242;
								 *( *((intOrPtr*)(0x422220 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) = _t242;
								_t203 =  *_t190;
								_t205 = (_t203 & 0x0000003f) * 0x30;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x422220 + (_t203 >> 6) * 4)) + 0x29 + (_t203 & 0x0000003f) * 0x30)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L20:
									_v6 = 0;
									_push( &_v6);
									_push(_a16);
									_t278 = _t277 - 0x18;
									_t206 = 6;
									_push( *_t190);
									memcpy(_t278,  &_v48, _t206 << 2);
									_t134 = E0036DD40(_t190,  &_v48 + _t206 + _t206,  &_v48);
									_t280 = _t278 + 0x30;
									__eflags = _t134;
									if(__eflags == 0) {
										 *((char*)( *((intOrPtr*)(0x422220 + ( *_t190 >> 6) * 4)) + 0x29 + ( *_t190 & 0x0000003f) * 0x30)) = _v6;
										 *( *((intOrPtr*)(0x422220 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x422220 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x422220 + ( *_t190 >> 6) * 4)) + 0x2d + ( *_t190 & 0x0000003f) * 0x30)) & 0x00000001;
										__eflags = _v5 & 0x00000048;
										if((_v5 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t225 =  *_t190;
												_t227 = (_t225 & 0x0000003f) * 0x30;
												_t164 =  *((intOrPtr*)(0x422220 + (_t225 >> 6) * 4));
												_t87 = _t164 + _t227 + 0x28;
												 *_t87 =  *(_t164 + _t227 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t266 = _v44;
										__eflags = (_t266 & 0xc0000000) - 0xc0000000;
										if((_t266 & 0xc0000000) != 0xc0000000) {
											L31:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L31;
											}
											CloseHandle(_v12);
											_v44 = _t266 & 0x7fffffff;
											_t215 = 6;
											_push( &_v24);
											_push(_a12);
											memcpy(_t280 - 0x18,  &_v48, _t215 << 2);
											_t245 = E0036DF8D();
											__eflags = _t245 - 0xffffffff;
											if(_t245 != 0xffffffff) {
												_t217 =  *_t190;
												_t219 = (_t217 & 0x0000003f) * 0x30;
												__eflags = _t219;
												 *((intOrPtr*)( *((intOrPtr*)(0x422220 + (_t217 >> 6) * 4)) + _t219 + 0x18)) = _t245;
												goto L31;
											}
											E00350107(GetLastError());
											 *( *((intOrPtr*)(0x422220 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x422220 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) & 0x000000fe;
											E0035D605( *_t190);
											L10:
											goto L2;
										}
									}
									_t269 = _t134;
									goto L22;
								} else {
									_t269 = E0036E19E(_t205,  *_t190);
									__eflags = _t269;
									if(__eflags != 0) {
										L22:
										E003635DA(__eflags,  *_t190);
										return _t269;
									}
									goto L20;
								}
							}
							_t270 = GetLastError();
							E00350107(_t270);
							 *( *((intOrPtr*)(0x422220 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) =  *( *((intOrPtr*)(0x422220 + ( *_t190 >> 6) * 4)) + 0x28 + ( *_t190 & 0x0000003f) * 0x30) & 0x000000fe;
							CloseHandle(_t252);
							__eflags = _t270;
							if(_t270 == 0) {
								 *((intOrPtr*)(E0035013D())) = 0xd;
							}
							goto L2;
						}
						_t234 = _v44;
						__eflags = (_t234 & 0xc0000000) - 0xc0000000;
						if((_t234 & 0xc0000000) != 0xc0000000) {
							L9:
							_t235 =  *_t190;
							_t237 = (_t235 & 0x0000003f) * 0x30;
							_t180 =  *((intOrPtr*)(0x422220 + (_t235 >> 6) * 4));
							_t33 = _t180 + _t237 + 0x28;
							 *_t33 =  *(_t180 + _t237 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E00350107(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t284 = _t277 - 0x18;
						_v44 = _t234 & 0x7fffffff;
						_t239 = 6;
						_push( &_v24);
						_push(_a12);
						memcpy(_t284,  &_v48, _t239 << 2);
						_t197 = 0;
						_t252 = E0036DF8D();
						_t277 = _t284 + 0x2c;
						_v12 = _t252;
						__eflags = _t252 - 0xffffffff;
						if(_t252 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E0035012A()) =  *_t186 & 0x00000000;
						 *_t190 = _t263;
						 *((intOrPtr*)(E0035013D())) = 0x18;
						goto L2;
					}
				} else {
					 *(E0035012A()) =  *_t188 & 0x00000000;
					 *_a8 = _t263;
					L2:
					return  *((intOrPtr*)(E0035013D()));
				}
			}





















































0x0036e271
0x0036e275
0x0036e276
0x0036e276
0x0036e276
0x0036e278
0x0036e27e
0x0036e299
0x0036e29e
0x0036e2a1
0x0036e2a3
0x0036e2a5
0x0036e2c4
0x0036e2cb
0x0036e2d2
0x0036e2d5
0x0036e2e1
0x0036e2e4
0x0036e2ec
0x0036e2ed
0x0036e2f0
0x0036e2f0
0x0036e2f7
0x0036e2f9
0x0036e2fc
0x0036e304
0x0036e307
0x0036e374
0x0036e375
0x0036e37b
0x0036e37d
0x0036e3c6
0x0036e3c9
0x0036e3d2
0x0036e3d5
0x0036e3d8
0x0036e3da
0x0036e3da
0x0036e3da
0x0036e3cb
0x0036e3ce
0x0036e3ce
0x0036e3df
0x0036e3e2
0x0036e3ee
0x0036e3f3
0x0036e3ff
0x0036e409
0x0036e40d
0x0036e417
0x0036e41a
0x0036e425
0x0036e42a
0x0036e43a
0x0036e43d
0x0036e441
0x0036e442
0x0036e448
0x0036e44d
0x0036e450
0x0036e452
0x0036e454
0x0036e459
0x0036e45c
0x0036e45e
0x0036e488
0x0036e4ac
0x0036e4b0
0x0036e4b4
0x0036e4b6
0x0036e4ba
0x0036e4bc
0x0036e4c6
0x0036e4c9
0x0036e4d0
0x0036e4d0
0x0036e4d0
0x0036e4d0
0x0036e4ba
0x0036e4d5
0x0036e4e1
0x0036e4e3
0x0036e56e
0x0036e56e
0x00000000
0x0036e4e9
0x0036e4e9
0x0036e4ed
0x00000000
0x00000000
0x0036e4f2
0x0036e504
0x0036e50c
0x0036e50f
0x0036e510
0x0036e513
0x0036e51a
0x0036e51f
0x0036e522
0x0036e556
0x0036e560
0x0036e560
0x0036e56a
0x00000000
0x0036e56a
0x0036e52b
0x0036e544
0x0036e54b
0x0036e36e
0x00000000
0x0036e36e
0x0036e4e3
0x0036e460
0x00000000
0x0036e42c
0x0036e433
0x0036e436
0x0036e438
0x0036e462
0x0036e464
0x00000000
0x0036e46a
0x00000000
0x0036e438
0x0036e42a
0x0036e385
0x0036e388
0x0036e3a3
0x0036e3a8
0x0036e3ae
0x0036e3b0
0x0036e3bb
0x0036e3bb
0x00000000
0x0036e3b0
0x0036e309
0x0036e310
0x0036e312
0x0036e349
0x0036e349
0x0036e353
0x0036e356
0x0036e35d
0x0036e35d
0x0036e35d
0x0036e369
0x00000000
0x0036e369
0x0036e314
0x0036e318
0x00000000
0x00000000
0x0036e31a
0x0036e329
0x0036e32e
0x0036e331
0x0036e332
0x0036e335
0x0036e335
0x0036e33c
0x0036e33e
0x0036e341
0x0036e344
0x0036e347
0x00000000
0x00000000
0x00000000
0x0036e2a7
0x0036e2ac
0x0036e2af
0x0036e2b6
0x00000000
0x0036e2b6
0x0036e280
0x0036e285
0x0036e28b
0x0036e28d
0x00000000
0x0036e292

APIs
    • Part of subcall function 0036DF8D: CreateFileW.KERNEL32(00000000,00000000,?,0036E2F7,?,?,00000000,?,0036E2F7,00000000,0000000C), ref: 0036DFAA
  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0036E362
  • __dosmaperr.LIBCMT ref: 0036E369
  • GetFileType.KERNEL32(00000000), ref: 0036E375
  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0036E37F
  • __dosmaperr.LIBCMT ref: 0036E388
  • CloseHandle.KERNEL32(00000000), ref: 0036E3A8
  • CloseHandle.KERNEL32(00000040), ref: 0036E4F2
  • GetLastError.KERNEL32 ref: 0036E524
  • __dosmaperr.LIBCMT ref: 0036E52B
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
  • String ID:
  • API String ID: 4237864984-0
  • Opcode ID: 764803662ea0fe3b9b60a950043c81269990c23cd87936ec8c5a6f71e939b387
  • Instruction ID: 77330c43c4e1357a0e59c60d64ed567c1acb61c570c4ad140303b84eca20b1c7
  • Opcode Fuzzy Hash: 764803662ea0fe3b9b60a950043c81269990c23cd87936ec8c5a6f71e939b387
  • Instruction Fuzzy Hash: A6A1353AA101049FCF1BDF78DC51BAE7BA5AB06320F144299E8119F3A5DB318D1ACB51
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E0015E690(intOrPtr __ecx, intOrPtr _a4, signed int _a8, intOrPtr _a12, signed int _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed char _t59;
				intOrPtr* _t63;
				signed char _t72;
				void* _t80;
				void* _t87;
				signed int _t132;
				void* _t135;

				_v8 = __ecx;
				_t59 = E0015EB60(_v8, _a12);
				_t137 = _t59 & 0x000000ff;
				if((_t59 & 0x000000ff) == 0) {
					E0015EF70(_v8, __eflags, _a4);
					_a8 = E0015EEC0(_v8, __eflags, _a4, _a8);
					_t63 = E0015EF30(_v8);
					__eflags = (_t132 | 0xffffffff) - _a16 -  *_t63 - _a8;
					if((_t132 | 0xffffffff) - _a16 <=  *_t63 - _a8) {
						E0015F060(_v8);
					}
					_v12 =  *((intOrPtr*)(E0015EF30(_v8))) - _a8 - _a4;
					__eflags = _a16 - _a8;
					if(_a16 < _a8) {
						_t87 = E0015F5B0(_v8);
						__eflags = E0015F5B0(_v8) + _a4 + _a16;
						E0015EFA0(_v8, E0015F5B0(_v8) + _a4 + _a16, _t87 + _a4 + _a8, _v12);
						_t135 = _t135 + 0xc;
					}
					_v16 =  *((intOrPtr*)(E0015EF30(_v8))) + _a16 - _a8;
					__eflags = _a16;
					if(__eflags > 0) {
						L8:
						_t72 = E0015F4B0(_v8, __eflags, _v16, 0);
						__eflags = _t72 & 0x000000ff;
						if((_t72 & 0x000000ff) != 0) {
							__eflags = _a8 - _a16;
							if(_a8 < _a16) {
								_t80 = E0015F5B0(_v8);
								__eflags = E0015F5B0(_v8) + _a4 + _a16;
								E0015EFA0(_v8, E0015F5B0(_v8) + _a4 + _a16, _t80 + _a4 + _a8, _v12);
								_t135 = _t135 + 0xc;
							}
							__eflags = E0015F5B0(_v8) + _a4;
							E0015F7B0(_v8, E0015F5B0(_v8) + _a4, _a12, _a16);
							E0015F910(_v8, _v16);
						}
						goto L12;
					} else {
						__eflags = _a8;
						if(__eflags <= 0) {
							L12:
							return _v8;
						}
						goto L8;
					}
				}
				return E0015E810(_v8, _t137, _a4, _a8, _v8, _a12 - E0015F5B0(_v8), _a16);
			}













0x0015e697
0x0015e6a1
0x0015e6a9
0x0015e6ab
0x0015e6df
0x0015e6f4
0x0015e700
0x0015e70a
0x0015e70c
0x0015e711
0x0015e711
0x0015e726
0x0015e72c
0x0015e72f
0x0015e738
0x0015e74f
0x0015e753
0x0015e758
0x0015e758
0x0015e76b
0x0015e76e
0x0015e772
0x0015e77a
0x0015e783
0x0015e78b
0x0015e78d
0x0015e792
0x0015e795
0x0015e79e
0x0015e7b5
0x0015e7b9
0x0015e7be
0x0015e7be
0x0015e7d1
0x0015e7d5
0x0015e7e4
0x0015e7e4
0x00000000
0x0015e774
0x0015e774
0x0015e778
0x0015e7e9
0x00000000
0x0015e7e9
0x00000000
0x0015e778
0x0015e772
0x00000000

APIs
    • Part of subcall function 0015EB60: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015EB71
    • Part of subcall function 0015EB60: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015EB7E
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E6B4
    • Part of subcall function 0015E810: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E8C9
    • Part of subcall function 0015E810: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E8D5
    • Part of subcall function 0015E810: char_traits.LIBCPMTD ref: 0015E8DE
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E738
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E747
  • char_traits.LIBCPMTD ref: 0015E753
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E79E
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E7AD
  • char_traits.LIBCPMTD ref: 0015E7B9
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0015E7CC
  • char_traits.LIBCPMTD ref: 0015E7D5
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Base::Concurrency::details::ContextIdentityQueueWork$char_traits
  • String ID:
  • API String ID: 1941806930-0
  • Opcode ID: d0d93675cd5a57a341c7e0e18d83960c82644f8054e16e6e2410c3d3b61fd373
  • Instruction ID: 8b3bf92ed14e9f608a6fc57d0c2f883ca43f01afa7d6cd4cb3dad3e7ba23430c
  • Opcode Fuzzy Hash: d0d93675cd5a57a341c7e0e18d83960c82644f8054e16e6e2410c3d3b61fd373
  • Instruction Fuzzy Hash: 2941FD76900008EFCB08EFA8D992D9E77B5AF58301F108569FD299F251DB30AF14DB90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 62%
			E00211A90(void* __ecx, void* __eflags, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				signed char _v12;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v32;
				void* __ebx;
				intOrPtr* __edi;
				intOrPtr* __esi;
				signed int* _t32;
				intOrPtr* _t48;
				intOrPtr* _t49;
				void* _t56;
				void* _t64;
				void* _t65;
				void* _t66;
				signed int _t69;

				_t66 = __ecx;
				E0015EF70(__ecx, __eflags, 0);
				_t48 = _a12;
				E0015EF70(_a8, __eflags, _t48);
				_t64 = E0015EEC0(_a8, __eflags, _t48, _a16);
				_t32 = E0015EF30(_t66);
				_t56 = _t66;
				if( !( *_t32) <= _t64) {
					E0015F060(_t56);
					asm("int3");
					_t56 = _t56 -  *((intOrPtr*)(_t56 - 4));
					_push(0xffffffff);
					_push(0x37aa36);
					_push( *[fs:0x0]);
					_push(_t48);
					_push(_t66);
					_push(_t64);
					_push( *0x414f64 ^ _t69);
					 *[fs:0x0] =  &_v32;
					_t65 = _t56;
					_t49 = _t65 - 0x60;
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t65 - 0x60)) + 4)) + _t65 - 0x60)) = 0x3e5f4c;
					 *((intOrPtr*)( *((intOrPtr*)( *_t49 + 4)) + _t65 - 0x64)) =  *((intOrPtr*)( *_t49 + 4)) - 0x60;
					_v24 = 0;
					 *((intOrPtr*)(_t65 - 0x50)) = 0x3e5bb8;
					E0020A3C0(_t65 - 0x50, _t65);
					E0017E280(_t65 - 0x50);
					E0017DEA0(_t65 - 0x48);
					E0017E2D0(_t65);
					if((_v12 & 0x00000001) != 0) {
						_push(0xa8);
						E0034550A(_t49);
					}
					 *[fs:0x0] = _v20;
					return _t49;
				} else {
					__eax = E0015EF30(__ecx);
					 *__eax =  *__eax + __edi;
					__eflags = __edi;
					if(__eflags == 0) {
						L9:
						__eax = __esi;
						return __esi;
					} else {
						__ecx = __esi;
						__eax = E0015F4B0(__esi, __eflags, __ebx, 0);
						__eflags = __al;
						if(__al == 0) {
							goto L9;
						} else {
							__ecx = __esi;
							__eax = E0015EF30(__esi);
							__ecx = __esi;
							__eax = E0015F5B0(__esi);
							__ecx = __esi;
							E0015F5B0(__ecx) = __eax + __edi;
							__eax = E0015EFA0(__ecx, __eax, __eax,  *__eax);
							__ecx = _a8;
							_push(__edi);
							__eflags = __esi - __ecx;
							if(__esi != __ecx) {
								__eax = E0015F5B0(__ecx);
								__eax = __eax + _a12;
								__eflags = __eax;
								__ecx = __esi;
								_push(__eax);
								_push(E0015F5B0(__ecx));
								__eax = E0015F7B0(__ecx);
								__esp = __esp + 0xc;
								__ecx = __esi;
								__eax = E0015F910(__esi, __ebx);
								goto L9;
							} else {
								__ecx = __esi;
								__eax = E0015F5B0(__esi);
								__edx = _a12;
								__eflags = __edx;
								__edx + __edi =  ==  ? __edx : __edx + __edi;
								__eax = __eax + ( ==  ? __edx : __edx + __edi);
								__eflags = __eax;
								__ecx = __esi;
								_push(__eax);
								_push(E0015F5B0(__ecx));
								__eax = E0015EFA0(__ecx);
								__esp = __esp + 0xc;
								__ecx = __esi;
								E0015F910(__esi, __ebx) = __esi;
								return __esi;
							}
						}
					}
				}
			}


















0x00211a98
0x00211a9a
0x00211a9f
0x00211aa6
0x00211ab9
0x00211abb
0x00211ac6
0x00211ac8
0x00211b7c
0x00211b81
0x00211b82
0x0020e1d3
0x0020e1d5
0x0020e1e0
0x0020e1e1
0x0020e1e2
0x0020e1e3
0x0020e1eb
0x0020e1ef
0x0020e1f5
0x0020e1fa
0x0020e200
0x0020e210
0x0020e214
0x0020e21e
0x0020e225
0x0020e22d
0x0020e235
0x0020e23c
0x0020e245
0x0020e247
0x0020e24d
0x0020e252
0x0020e25a
0x0020e268
0x00211ace
0x00211ace
0x00211ad5
0x00211ad7
0x00211ad9
0x00211b74
0x00211b74
0x00211b79
0x00211adf
0x00211ae2
0x00211ae4
0x00211ae9
0x00211aeb
0x00000000
0x00211af1
0x00211af1
0x00211af3
0x00211af8
0x00211afc
0x00211b02
0x00211b09
0x00211b0c
0x00211b11
0x00211b17
0x00211b18
0x00211b1a
0x00211b52
0x00211b57
0x00211b57
0x00211b5a
0x00211b5c
0x00211b62
0x00211b63
0x00211b68
0x00211b6b
0x00211b6e
0x00000000
0x00211b1c
0x00211b1c
0x00211b1e
0x00211b23
0x00211b26
0x00211b2b
0x00211b2e
0x00211b2e
0x00211b30
0x00211b32
0x00211b38
0x00211b39
0x00211b3e
0x00211b41
0x00211b4a
0x00211b4f
0x00211b4f
0x00211b1a
0x00211aeb
0x00211ad9

APIs
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00211AFC
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00211B04
  • char_traits.LIBCPMTD ref: 00211B0C
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00211B1E
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00211B33
  • char_traits.LIBCPMTD ref: 00211B39
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00211B52
  • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00211B5D
  • char_traits.LIBCPMTD ref: 00211B63
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Base::Concurrency::details::ContextIdentityQueueWork$char_traits
  • String ID:
  • API String ID: 1941806930-0
  • Opcode ID: f104609a6eb1be0a01b1f66835097801b312a0c8ea78868af36f4a4694571331
  • Instruction ID: b2f722d32a5c4f84f3e4d50145f295d051980ac9468d1a395b7aeda1f398ce93
  • Opcode Fuzzy Hash: f104609a6eb1be0a01b1f66835097801b312a0c8ea78868af36f4a4694571331
  • Instruction Fuzzy Hash: 0021087271011497CE087E749C52E6F775A9FA4756B04083EFD264F283EF359A1586A0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 89%
			E0020B5D0(void* __ebx, signed char __ecx, unsigned int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v27;
				char _v28;
				void* _v52;
				short _v54;
				signed char _v56;
				intOrPtr _v60;
				signed char _v64;
				void* __ebp;
				signed int _t22;
				signed int _t23;
				signed char* _t32;
				void* _t105;
				signed char _t107;
				signed int _t109;

				_t105 = __edi;
				_t104 = __edx;
				_push(0xffffffff);
				_push(0x37acc1);
				_push( *[fs:0x0]);
				_t22 =  *0x414f64; // 0x48591883
				_t23 = _t22 ^ _t109;
				_v20 = _t23;
				_push(__ebx);
				_push(_t23);
				 *[fs:0x0] =  &_v16;
				_t52 = __edx;
				_t107 = __ecx;
				_v56 = __ecx;
				_v64 = __ecx;
				_v60 = 0;
				E0015ED50();
				_v8 = 0;
				_v60 = 1;
				if(__edx > 0x7f) {
					__eflags = __edx - 0x7ff;
					if(__edx > 0x7ff) {
						__eflags = __edx - 0xffff;
						if(__edx > 0xffff) {
							__eflags = __edx - 0x10ffff;
							if(__edx <= 0x10ffff) {
								E00168B50(__ecx, 4);
								 *(E00168900(_t107, 3)) = __edx & 0x0000003f | 0x00000080;
								 *(E00168900(_t107, 2)) = __edx >> 0x00000006 & 0x0000003f | 0x00000080;
								 *(E00168900(_t107, 1)) = __edx >> 0x0000000c & 0x0000003f | 0x00000080;
								_t32 = E00168900(_t107, 0);
								_t52 = __edx >> 0x00000012 & 0x00000007 | 0x000000f0;
								__eflags = _t52;
								goto L42;
							}
						} else {
							__eflags = __edx - 0x4e00;
							if(__edx < 0x4e00) {
								L7:
								__eflags = _t52 - 0xf900;
								if(_t52 < 0xf900) {
									L9:
									__eflags = _t52 - 0x3002;
									if(__eflags == 0) {
										goto L39;
									} else {
										__eflags = _t52 - 0xff1f;
										if(__eflags == 0) {
											goto L39;
										} else {
											__eflags = _t52 - 0xff01;
											if(__eflags == 0) {
												goto L39;
											} else {
												__eflags = _t52 - 0xff0c;
												if(__eflags == 0) {
													goto L39;
												} else {
													__eflags = _t52 - 0x3001;
													if(__eflags == 0) {
														goto L39;
													} else {
														__eflags = _t52 - 0xff1b;
														if(__eflags == 0) {
															goto L39;
														} else {
															__eflags = _t52 - 0xff1a;
															if(__eflags == 0) {
																goto L39;
															} else {
																__eflags = _t52 - 0x300c;
																if(__eflags == 0) {
																	goto L39;
																} else {
																	__eflags = _t52 - 0x300d;
																	if(__eflags == 0) {
																		goto L39;
																	} else {
																		__eflags = _t52 - 0x300e;
																		if(__eflags == 0) {
																			goto L39;
																		} else {
																			__eflags = _t52 - 0x300f;
																			if(__eflags == 0) {
																				goto L39;
																			} else {
																				__eflags = _t52 - 0x2018;
																				if(__eflags == 0) {
																					goto L39;
																				} else {
																					__eflags = _t52 - 0x2019;
																					if(__eflags == 0) {
																						goto L39;
																					} else {
																						__eflags = _t52 - 0x201c;
																						if(__eflags == 0) {
																							goto L39;
																						} else {
																							__eflags = _t52 - 0x201d;
																							if(__eflags == 0) {
																								goto L39;
																							} else {
																								__eflags = _t52 - 0xff08;
																								if(__eflags == 0) {
																									goto L39;
																								} else {
																									__eflags = _t52 - 0xff09;
																									if(__eflags == 0) {
																										goto L39;
																									} else {
																										__eflags = _t52 - 0x3014;
																										if(__eflags == 0) {
																											goto L39;
																										} else {
																											__eflags = _t52 - 0x3015;
																											if(__eflags == 0) {
																												goto L39;
																											} else {
																												__eflags = _t52 - 0x3010;
																												if(__eflags == 0) {
																													goto L39;
																												} else {
																													__eflags = _t52 - 0x3011;
																													if(__eflags == 0) {
																														goto L39;
																													} else {
																														__eflags = _t52 - 0x2014;
																														if(__eflags == 0) {
																															goto L39;
																														} else {
																															__eflags = _t52 - 0x2026;
																															if(__eflags == 0) {
																																goto L39;
																															} else {
																																__eflags = _t52 - 0x2013;
																																if(__eflags == 0) {
																																	goto L39;
																																} else {
																																	__eflags = _t52 - 0xff0e;
																																	if(__eflags == 0) {
																																		goto L39;
																																	} else {
																																		__eflags = _t52 - 0x300a;
																																		if(__eflags == 0) {
																																			goto L39;
																																		} else {
																																			__eflags = _t52 - 0x300b;
																																			if(__eflags == 0) {
																																				goto L39;
																																			} else {
																																				__eflags = _t52 - 0x3008;
																																				if(__eflags == 0) {
																																					goto L39;
																																				} else {
																																					__eflags = _t52 - 0x3009;
																																					if(__eflags == 0) {
																																						goto L39;
																																					} else {
																																						E00168B50(_t107, 3);
																																						 *(E00168900(_t107, 2)) = _t52 & 0x0000003f | 0x00000080;
																																						 *(E00168900(_t107, 1)) = _t52 >> 0x00000006 & 0x0000003f | 0x00000080;
																																						_t32 = E00168900(_t107, 0);
																																						_t52 = _t52 >> 0x0000000c & 0x0000000f | 0x000000e0;
																																						goto L42;
																																					}
																																				}
																																			}
																																		}
																																	}
																																}
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									__eflags = _t52 - 0xfa2d;
									if(__eflags <= 0) {
										goto L39;
									} else {
										goto L9;
									}
								}
							} else {
								__eflags = __edx - 0x9fa5;
								if(__eflags <= 0) {
									L39:
									_v56 = _t52;
									_push(0);
									_push(0);
									_v54 = 0;
									_v28 = 0;
									_v27 = 0;
									E00169EF0(E0035A138(_t52, _t104, _t105, __eflags));
									_push("chs");
									_push(0);
									_v8 = 1;
									E0035A138(_t52, _t104, _t105, __eflags);
									E0035A97A(0,  &_v28, 5,  &_v56, 2);
									E00167FD0(_t107,  &_v28);
									_push(E00169DB0());
									_push(0);
									E0035A138(_t52, _t104, _t105, __eflags);
									E0015FA10();
								} else {
									goto L7;
								}
							}
						}
					} else {
						E00168B50(__ecx, 2);
						 *(E00168900(_t107, 1)) = __edx & 0x0000003f | 0x00000080;
						_t32 = E00168900(_t107, 0);
						_t52 = __edx >> 0x00000006 & 0x0000001f | 0x000000c0;
						goto L42;
					}
				} else {
					E00168B50(__ecx, 1);
					_t32 = E00168900(_t107, 0);
					L42:
					 *_t32 = _t52;
				}
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t109);
			}




















0x0020b5d0
0x0020b5d0
0x0020b5d3
0x0020b5d5
0x0020b5e0
0x0020b5e4
0x0020b5e9
0x0020b5eb
0x0020b5ee
0x0020b5f0
0x0020b5f4
0x0020b5fa
0x0020b5fc
0x0020b5fe
0x0020b601
0x0020b604
0x0020b60b
0x0020b610
0x0020b617
0x0020b621
0x0020b63a
0x0020b640
0x0020b675
0x0020b67b
0x0020b8a6
0x0020b8ac
0x0020b8b2
0x0020b8c8
0x0020b8de
0x0020b8f4
0x0020b8fa
0x0020b905
0x0020b905
0x00000000
0x0020b905
0x0020b681
0x0020b681
0x0020b687
0x0020b695
0x0020b695
0x0020b69b
0x0020b6a9
0x0020b6a9
0x0020b6af
0x00000000
0x0020b6b5
0x0020b6b5
0x0020b6bb
0x00000000
0x0020b6c1
0x0020b6c1
0x0020b6c7
0x00000000
0x0020b6cd
0x0020b6cd
0x0020b6d3
0x00000000
0x0020b6d9
0x0020b6d9
0x0020b6df
0x00000000
0x0020b6e5
0x0020b6e5
0x0020b6eb
0x00000000
0x0020b6f1
0x0020b6f1
0x0020b6f7
0x00000000
0x0020b6fd
0x0020b6fd
0x0020b703
0x00000000
0x0020b709
0x0020b709
0x0020b70f
0x00000000
0x0020b715
0x0020b715
0x0020b71b
0x00000000
0x0020b721
0x0020b721
0x0020b727
0x00000000
0x0020b72d
0x0020b72d
0x0020b733
0x00000000
0x0020b739
0x0020b739
0x0020b73f
0x00000000
0x0020b745
0x0020b745
0x0020b74b
0x00000000
0x0020b751
0x0020b751
0x0020b757
0x00000000
0x0020b75d
0x0020b75d
0x0020b763
0x00000000
0x0020b769
0x0020b769
0x0020b76f
0x00000000
0x0020b775
0x0020b775
0x0020b77b
0x00000000
0x0020b781
0x0020b781
0x0020b787
0x00000000
0x0020b78d
0x0020b78d
0x0020b793
0x00000000
0x0020b799
0x0020b799
0x0020b79f
0x00000000
0x0020b7a5
0x0020b7a5
0x0020b7ab
0x00000000
0x0020b7b1
0x0020b7b1
0x0020b7b7
0x00000000
0x0020b7b9
0x0020b7b9
0x0020b7bf
0x00000000
0x0020b7c1
0x0020b7c1
0x0020b7c7
0x00000000
0x0020b7c9
0x0020b7c9
0x0020b7cf
0x00000000
0x0020b7d1
0x0020b7d1
0x0020b7d7
0x00000000
0x0020b7d9
0x0020b7d9
0x0020b7df
0x00000000
0x0020b7e1
0x0020b7e1
0x0020b7e7
0x00000000
0x0020b7e9
0x0020b7ed
0x0020b803
0x0020b819
0x0020b81f
0x0020b82a
0x00000000
0x0020b82a
0x0020b7e7
0x0020b7df
0x0020b7d7
0x0020b7cf
0x0020b7c7
0x0020b7bf
0x0020b7b7
0x0020b7ab
0x0020b79f
0x0020b793
0x0020b787
0x0020b77b
0x0020b76f
0x0020b763
0x0020b757
0x0020b74b
0x0020b73f
0x0020b733
0x0020b727
0x0020b71b
0x0020b70f
0x0020b703
0x0020b6f7
0x0020b6eb
0x0020b6df
0x0020b6d3
0x0020b6c7
0x0020b6bb
0x0020b69d
0x0020b69d
0x0020b6a3
0x00000000
0x00000000
0x00000000
0x00000000
0x0020b6a3
0x0020b689
0x0020b689
0x0020b68f
0x0020b832
0x0020b834
0x0020b838
0x0020b839
0x0020b83a
0x0020b83e
0x0020b841
0x0020b850
0x0020b855
0x0020b85a
0x0020b85c
0x0020b863
0x0020b876
0x0020b884
0x0020b891
0x0020b892
0x0020b894
0x0020b89f
0x00000000
0x00000000
0x00000000
0x0020b68f
0x0020b687
0x0020b642
0x0020b646
0x0020b65c
0x0020b662
0x0020b66d
0x00000000
0x0020b66d
0x0020b623
0x0020b627
0x0020b630
0x0020b908
0x0020b908
0x0020b908
0x0020b90f
0x0020b926

APIs
  • std::ios_base::clear.LIBCPMTD ref: 0020B627
    • Part of subcall function 00168900: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0016890A
  • std::ios_base::clear.LIBCPMTD ref: 0020B646
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: std::ios_base::clear$Base::Concurrency::details::ContextIdentityQueueWork
  • String ID: chs
  • API String ID: 4113138959-3522719042
  • Opcode ID: 20b768051e587e1cd2497f8df71bf82fa477b1fb99df32ba575b8cee6bb8ddf1
  • Instruction ID: 78cb08160fe489623afa277608ef1dd4f0dbf6fa6acd51d9eebfb6f8a730aca0
  • Opcode Fuzzy Hash: 20b768051e587e1cd2497f8df71bf82fa477b1fb99df32ba575b8cee6bb8ddf1
  • Instruction Fuzzy Hash: 417129606A23065AFF3B5E54CCF67BD2B5CDB11B10F18423AE945062F3CB7A0960D693
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 52%
			E00163B90(intOrPtr __ecx, signed int _a4, signed char _a5, signed char _a6, signed char _a7, signed char _a8, signed int _a9, signed int _a10, signed int _a11, signed char _a15) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v152;
				intOrPtr _v156;
				signed int _v160;
				intOrPtr _v164;
				signed int _v168;
				intOrPtr _v172;
				signed int _v176;
				intOrPtr _v180;
				signed int _v184;
				signed int _t53;
				signed int _t54;
				signed int _t60;
				signed int _t62;
				signed int _t64;
				signed int _t119;
				void* _t120;
				intOrPtr _t123;
				intOrPtr _t125;

				_t53 =  *0x414f64; // 0x48591883
				_t54 = _t53 ^ _t119;
				_v20 = _t54;
				 *[fs:0x0] =  &_v16;
				_v156 = __ecx;
				E00163DA0(_v156, _a4 & 0x000000ff);
				E00163F60(_v156, _a5 & 0x000000ff);
				E00164020(_v156, _a6 & 0x000000ff);
				__imp__??0CDuiString@DuiLib@@QAE@XZ(_t54,  *[fs:0x0], 0x371cdc, 0xffffffff);
				_v8 = 0;
				_t60 = _a9 & 0x000000ff;
				__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ( &_v152, L"%d", _t60);
				_t123 = _t120 - 0xa8 + 0xc - 0x84;
				_v164 = _t123;
				__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
				_v168 = _t60;
				L001640E0( &_v152);
				_t62 = _a10 & 0x000000ff;
				__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ( &_v152, L"%d", _t62);
				_t125 = _t123 + 0xc - 0x84;
				_v172 = _t125;
				__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
				_v176 = _t62;
				L00164310( &_v152);
				_t64 = _a11 & 0x000000ff;
				__imp__?Format@CDuiString@DuiLib@@QAAHPB_WZZ(L"%d", _t64);
				_v180 = _t125 + 0xc - 0x84;
				__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
				_v184 = _t64;
				L00164470( &_v152);
				_v160 = (_a9 & 0x000000ff) << 0x00000010 | 0xff000000 | (_a10 & 0x000000ff) << 0x00000008 | _a11 & 0x000000ff;
				E001645D0(_v156, _v160);
				E00164840(_v156, _v160);
				E001648A0(_v156, _a8 & 0x000000ff);
				E00164240(_v156, _a15 & 0x000000ff);
				E00164980(_v156, _a7 & 0x000000ff);
				E00164B20(_v156,  *((intOrPtr*)(_v156 + 0x8d0)), _a4 & 0x000000ff);
				_v8 = 0xffffffff;
				__imp__??1CDuiString@DuiLib@@QAE@XZ();
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t119,  &_v152);
			}
























0x00163ba7
0x00163bac
0x00163bae
0x00163bb5
0x00163bbb
0x00163bcc
0x00163bdc
0x00163bec
0x00163bf7
0x00163bfd
0x00163c04
0x00163c15
0x00163c1e
0x00163c26
0x00163c33
0x00163c39
0x00163c45
0x00163c4a
0x00163c5b
0x00163c64
0x00163c6c
0x00163c79
0x00163c7f
0x00163c8b
0x00163c90
0x00163ca1
0x00163cb2
0x00163cbf
0x00163cc5
0x00163cd1
0x00163cf1
0x00163d04
0x00163d16
0x00163d26
0x00163d36
0x00163d46
0x00163d63
0x00163d68
0x00163d75
0x00163d7e
0x00163d93

APIs
    • Part of subcall function 00163DA0: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(48591883,light_combo_modeSelect), ref: 00163DC2
    • Part of subcall function 00163F60: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(48591883,deng_light_slider), ref: 00163F82
    • Part of subcall function 00164020: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(48591883,deng_speed_slider), ref: 00164042
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB(?,?,?,48591883), ref: 00163BF7
  • ?Format@CDuiString@DuiLib@@QAAHPB_WZZ.DUILIB(?,003C51B4,?), ref: 00163C15
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?), ref: 00163C33
  • ?Format@CDuiString@DuiLib@@QAAHPB_WZZ.DUILIB(?,003C51BC,?), ref: 00163C5B
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?), ref: 00163C79
  • ?Format@CDuiString@DuiLib@@QAAHPB_WZZ.DUILIB(?,003C51C4,?), ref: 00163CA1
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?), ref: 00163CBF
    • Part of subcall function 001645D0: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_Color_Pallet), ref: 001645F2
    • Part of subcall function 00164840: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_colordp_btn,?,?,0016462E,00163D09), ref: 00164862
    • Part of subcall function 001648A0: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_7color_check), ref: 001648C4
    • Part of subcall function 00164240: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,light_combo_ZZCCmodeSelect), ref: 00164262
    • Part of subcall function 00164980: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_FXL_check), ref: 001649A2
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB(?,?,00371CDC,?,?,?,?), ref: 00163D75
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$FindI@2@ManagerName@PaintString@V32@$Format@V01@@
  • String ID:
  • API String ID: 3982660750-0
  • Opcode ID: 7ca9a07cd95b466ba240895cf56ee82bf4a5d2d7a29b40ef74a641f386b89575
  • Instruction ID: e3def9d8c6c363ab69fb1d92b1a26bb2882e78842f08c474c6772eb0ff282c30
  • Opcode Fuzzy Hash: 7ca9a07cd95b466ba240895cf56ee82bf4a5d2d7a29b40ef74a641f386b89575
  • Instruction Fuzzy Hash: C1519DB19042689BCB25EF74DC55BAEBBB9AF4A300F0481D9F55D96282CB345F84CF50
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 86%
			E00214860(void* __eflags, intOrPtr _a4) {
				char _v8;
				char _v16;
				signed char _v20;
				char _v24;
				signed int _v28;
				char _v80;
				void* __ebx;
				void* __edi;
				signed int _t20;
				intOrPtr* _t51;
				intOrPtr* _t54;
				signed int _t56;
				signed int _t57;

				_push(0xffffffff);
				_push(0x37b8c0);
				_push( *[fs:0x0]);
				_t20 =  *0x414f64; // 0x48591883
				_push(_t20 ^ _t57);
				 *[fs:0x0] =  &_v16;
				_t37 = 0;
				_v20 = 0;
				E003463E6( &_v24, 0);
				_v8 = 0;
				_t51 =  *0x427590;
				_t54 = E00168BC0(_a4, E00168B70(0x429c68));
				if(_t54 == 0) {
					if(_t51 == 0) {
						_t56 = E00214952(__eflags, 8);
						_v28 = _t56;
						_v8 = 1;
						__eflags = _t56;
						if(_t56 == 0) {
							_t54 = 0;
							__eflags = 0;
						} else {
							E00169080(0,  &_v80, _t51, __eflags, E00169190(_a4));
							_v8 = 2;
							_t37 = 1;
							_v20 = 1;
							E0016AFE0(0);
							 *_t56 = 0x3b7bd4;
						}
						_v8 = 0;
						__eflags = _t37 & 0x00000001;
						if(__eflags != 0) {
							E00169240(__eflags);
						}
						 *0x427590 = _t54;
						 *((intOrPtr*)( *_t54 + 4))();
						E00346163(__eflags, _t54);
					} else {
						_t54 = _t51;
					}
				}
				E0034643E( &_v24);
				 *[fs:0x0] = _v16;
				return _t54;
			}
















0x00214863
0x00214865
0x00214870
0x00214877
0x0021487e
0x00214882
0x00214888
0x0021488e
0x00214891
0x00214896
0x0021489e
0x002148b2
0x002148b6
0x002148ba
0x002148c7
0x002148cc
0x002148cf
0x002148d3
0x002148d5
0x00214905
0x00214905
0x002148d7
0x002148e3
0x002148e8
0x002148ec
0x002148f5
0x002148f8
0x002148fd
0x002148fd
0x00214907
0x0021490e
0x00214911
0x00214916
0x00214916
0x0021491b
0x00214925
0x00214929
0x002148bc
0x002148bc
0x002148bc
0x002148ba
0x00214934
0x0021493e
0x0021494c

APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 00214891
  • int.LIBCPMTD ref: 002148A4
    • Part of subcall function 00168B70: std::_Lockit::_Lockit.LIBCPMT ref: 00168B86
    • Part of subcall function 00168B70: std::_Lockit::~_Lockit.LIBCPMT ref: 00168BB0
  • std::locale::c_str.LIBCPMTD ref: 002148DA
  • std::_Locinfo::_Locinfo.LIBCPMTD ref: 002148E3
  • std::locale::facet::facet.LIBCPMTD ref: 002148F8
  • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00214916
  • std::_Facet_Register.LIBCPMT ref: 00214929
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00214934
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: std::_$Lockit$LocinfoLockit::_Lockit::~_$Facet_Locinfo::_Locinfo::~_Registerstd::locale::c_strstd::locale::facet::facet
  • String ID:
  • API String ID: 2666033953-0
  • Opcode ID: 552db5c78e9be587f6dc519bc62390bd02ac108ea4b50afa6ff345652bce20f9
  • Instruction ID: c92e70323d7e665a7b869b76f567ce0a7e54cf145567bf57f024b9b9391ae9fe
  • Opcode Fuzzy Hash: 552db5c78e9be587f6dc519bc62390bd02ac108ea4b50afa6ff345652bce20f9
  • Instruction Fuzzy Hash: 3821E1B1A04214ABCB11EF94C8527DFB7F8AF55710F10416AE809AB381DBB05E40C7C1
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 93%
			E002127F0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __fp0, intOrPtr _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v44;
				char _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v84;
				signed int _v88;
				char _v92;
				signed int _t86;
				signed int _t87;
				signed int _t89;
				void* _t111;
				signed int _t115;

				_push(0xffffffff);
				_push(0x37b5f0);
				_push( *[fs:0x0]);
				_t86 =  *0x414f64; // 0x48591883
				_t87 = _t86 ^ _t115;
				_v20 = _t87;
				_push(_t87);
				 *[fs:0x0] =  &_v16;
				_t111 = __ecx;
				_t4 = _a4 + 8; // 0x6e6b6e55
				_t89 =  *_t4;
				if(_t89 > 7) {
					L21:
					 *[fs:0x0] = _v16;
					return E00344CC8(_v20 ^ _t115);
				}
				switch( *((intOrPtr*)(_t89 * 4 +  &M00212B30))) {
					case 0:
						E00169EF0("null");
						_v8 = 0;
						_t92 =  &_v44;
						goto L3;
					case 1:
						__ecx = __ebx;
						__eax = L00207A70(__ebx, __ebx, __edx, __edi, __fp0);
						__ecx =  &_v44;
						__eax = E00211BD0(__ecx, __esi, __eax, __edx);
						_v8 = 1;
						goto L3;
					case 2:
						__ecx = __ebx;
						__eax = L00207C00(__ebx, __edx, __edi, __esi);
						__ecx =  &_v44;
						__eax = E00211C70(__ecx, __esi, __eax, __edx);
						_v8 = 2;
						goto L3;
					case 3:
						__ecx = __ebx;
						__eax = L00207D80(__eax, __ebx, __ebx, __edx, __edi, __esi);
						asm("movaps xmm1, xmm0");
						__ecx =  &_v44;
						__eax = E00211E30(__ecx);
						_v8 = 3;
						goto L3;
					case 4:
						__eax =  &_v76;
						__ecx = __ebx;
						 &_v72 = E00207700(__ebx,  &_v72,  &_v76);
						__ecx =  &_v44;
						__eflags = __al;
						if(__al == 0) {
							__eax = E00169EF0(0x3e5c08);
							_v8 = 5;
							__eax =  &_v44;
						} else {
							__eax = _v76;
							__edx = _v72;
							_v76 - __edx = E002122C0(__ebx,  &_v44, __edx, __edi, __esi, _v76 - __edx);
							_v8 = 4;
						}
						__ecx = __edi;
						__eax = E00212FF0(__edi, __eax);
						__ecx =  &_v44;
						__eax = E0015FA10();
						goto L21;
					case 5:
						__ecx = __ebx;
						__eax = L00207E60(__ebx, __ebx, __edx);
						__ecx =  &_v44;
						__eax = E00211E60(__ecx, __edx);
						_v8 = 6;
						L3:
						_push(_t92);
						if( *((char*)(_t111 + 0x48)) == 0) {
							_t13 = _t111 + 0x10; // 0x3e1518
							E00180AC0(_t13);
							E0015FA10();
						} else {
							E002133A0();
							E0015FA10();
						}
						goto L21;
					case 6:
						__eax = E00212B50(__ebx, __ecx, __edx, __edi, __esi, __eflags, __fp0, __ebx);
						goto L21;
					case 7:
						__eax =  &_v88;
						__ecx = __ebx;
						__eax = E00208A30(__ebx, __ebx, __edi, __esi,  &_v88);
						_v8 = 7;
						__ecx =  &_v44;
						__eax = _v88;
						__eflags = __eax - _v84;
						__eax = __eax & 0xffffff00 | __eax == _v84;
						__eflags = __al;
						if(__al == 0) {
							E00169EF0(0x3e5fc4) =  &_v44;
							_v8 = 9;
							__ecx = __edi;
							__eax = E00213010(__edi, __eflags,  &_v44);
							__ecx =  &_v44;
							_v8 = 7;
							__eax = E0015FA10();
							__ecx = __edi;
							E00213070(__edi, __esi) =  &_v72;
							__ecx =  &_v88;
							__eax = E00213570( &_v88,  &_v72);
							__esi = _v72;
							__ecx = __ebx;
							__eax = E002087A0(__eflags, __esi);
							__ecx = __edi;
							_v76 = __eax;
							__eax = E002130E0(__ebx, __edi, __edi, __esi, __eax);
							__ecx = __esi;
							__edx = E00169DB0();
							__ecx =  &_v44;
							__eax = E00211EA0(__ebx,  &_v44, __eax, __edi, __esi);
							__ecx = __edi;
							_v8 = 0xa;
							__eax = E00213010(__edi, __eflags, __eax);
							__ecx =  &_v44;
							_v8 = 7;
							__eax = E0015FA10();
							_t54 = __edi + 0x10; // 0x3e1518
							__ecx = _t54;
							__eax = E001809D0(_t54, " : ");
							__esi = _v76;
							__ecx = __edi;
							__eax = E002127F0(__ebx, __edi, __edi, __esi, __fp0, __esi);
							_v72 = _v72 + 0x18;
							__eax =  &_v92;
							__ecx =  &_v88;
							__eax = E00213510( &_v88,  &_v92);
							__ecx = _v72;
							__eflags = _v72 -  *__eax;
							if(__eflags == 0) {
								L19:
								__ecx = __edi;
								__eax = E002132A0(__edi, __edi, __esi, __esi);
								_t75 = __edi + 0x28; // 0x3e1530
								__ecx = _t75;
								__eax = E00167FB0(_t75);
								_t76 = __edi + 0x44; // 0x65732074
								__eflags = __eax;
								_t77 = __edi + 0x28; // 0x3e1530
								__ecx = _t77;
								__eax = E00168B50(_t77, __eax);
								__ecx =  &_v68;
								E00169EF0(0x3e5fcc) =  &_v68;
								_v8 = 0xb;
								__ecx = __edi;
								__eax = E00213010(__edi, __eflags,  &_v68);
								__ecx =  &_v68;
								L20:
								__eax = E0015FA10();
								__ecx =  &_v88;
								__eax = E00169D30();
								goto L21;
							} else {
								goto L18;
							}
							do {
								L18:
								_t61 = __edi + 0x10; // 0x3e1518
								__ecx = _t61;
								__eax = E00168A70(_t61, __eflags, 1, 0x2c);
								__ecx = __edi;
								__eax = E002132A0(__edi, __edi, __esi, __esi);
								__esi = _v72;
								__ecx = __ebx;
								__eax = E002087A0(__eflags, __esi);
								__ecx = __edi;
								_v76 = __eax;
								__eax = E002130E0(__ebx, __edi, __edi, __esi, __eax);
								__ecx = __esi;
								__edx = E00169DB0();
								__ecx =  &_v44;
								__eax = E00211EA0(__ebx,  &_v44, __eax, __edi, __esi);
								__ecx = __edi;
								_v8 = 0xa;
								__eax = E00213010(__edi, __eflags, __eax);
								__ecx =  &_v44;
								_v8 = 7;
								__eax = E0015FA10();
								_t68 = __edi + 0x10; // 0x3e1518
								__ecx = _t68;
								__eax = E001809D0(_t68, " : ");
								__esi = _v76;
								__ecx = __edi;
								__eax = E002127F0(__ebx, __edi, __edi, __esi, __fp0, __esi);
								_v72 = _v72 + 0x18;
								__eax =  &_v92;
								__ecx =  &_v88;
								__eax = E00213510( &_v88,  &_v92);
								__ecx = _v72;
								__eflags = _v72 -  *__eax;
							} while (__eflags != 0);
							goto L19;
						}
						E00169EF0(0x3e5fc0) =  &_v44;
						_v8 = 8;
						__ecx = __edi;
						__eax = E00212FF0(__edi,  &_v44);
						__ecx =  &_v44;
						goto L20;
				}
			}


















0x002127f3
0x002127f5
0x00212800
0x00212804
0x00212809
0x0021280b
0x00212811
0x00212815
0x0021281b
0x00212820
0x00212820
0x00212827
0x00212b10
0x00212b13
0x00212b2b
0x00212b2b
0x0021282d
0x00000000
0x0021283c
0x00212841
0x00212848
0x00000000
0x00000000
0x0021287c
0x0021287e
0x00212885
0x00212888
0x00212890
0x00000000
0x00000000
0x00212899
0x0021289b
0x002128a2
0x002128a5
0x002128ad
0x00000000
0x00000000
0x002128b6
0x002128b8
0x002128bd
0x002128c0
0x002128c3
0x002128c8
0x00000000
0x00000000
0x002128d4
0x002128d7
0x002128de
0x002128e3
0x002128e6
0x002128e8
0x00212909
0x0021290e
0x00212915
0x002128ea
0x002128ea
0x002128ed
0x002128f3
0x002128fb
0x002128fb
0x00212919
0x0021291b
0x00212920
0x00212923
0x00000000
0x00000000
0x0021292d
0x0021292f
0x00212936
0x00212939
0x0021293e
0x0021284b
0x0021284f
0x00212850
0x00212867
0x0021286a
0x00212872
0x00212852
0x00212855
0x0021285d
0x0021285d
0x00000000
0x00000000
0x0021294b
0x00000000
0x00000000
0x00212955
0x00212958
0x0021295b
0x00212960
0x00212967
0x0021296a
0x0021296d
0x00212970
0x00212973
0x00212975
0x002129a2
0x002129a5
0x002129aa
0x002129ac
0x002129b1
0x002129b4
0x002129b8
0x002129bd
0x002129c4
0x002129c8
0x002129cb
0x002129d0
0x002129d3
0x002129d6
0x002129dc
0x002129de
0x002129e1
0x002129e6
0x002129ed
0x002129ef
0x002129f2
0x002129f8
0x002129fa
0x002129fe
0x00212a03
0x00212a06
0x00212a0a
0x00212a0f
0x00212a0f
0x00212a17
0x00212a1c
0x00212a1f
0x00212a22
0x00212a27
0x00212a2b
0x00212a2f
0x00212a32
0x00212a37
0x00212a3a
0x00212a3c
0x00212ac8
0x00212ac9
0x00212acb
0x00212ad0
0x00212ad0
0x00212ad3
0x00212ad8
0x00212ad8
0x00212adb
0x00212adb
0x00212adf
0x00212ae9
0x00212af1
0x00212af4
0x00212af9
0x00212afb
0x00212b00
0x00212b03
0x00212b03
0x00212b08
0x00212b0b
0x00000000
0x00000000
0x00000000
0x00000000
0x00212a42
0x00212a42
0x00212a46
0x00212a46
0x00212a49
0x00212a4f
0x00212a51
0x00212a56
0x00212a59
0x00212a5c
0x00212a62
0x00212a64
0x00212a67
0x00212a6c
0x00212a73
0x00212a75
0x00212a78
0x00212a7e
0x00212a80
0x00212a84
0x00212a89
0x00212a8c
0x00212a90
0x00212a9a
0x00212a9a
0x00212a9d
0x00212aa2
0x00212aa5
0x00212aa8
0x00212aad
0x00212ab1
0x00212ab5
0x00212ab8
0x00212abd
0x00212ac0
0x00212ac0
0x00000000
0x00212a42
0x00212981
0x00212984
0x00212989
0x0021298b
0x00212990
0x00000000
0x00000000

APIs
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 002129E8
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00212A6E
  • std::ios_base::clear.LIBCPMTD ref: 00212ADF
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00212B0B
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Container_base12Container_base12::~_std::_$std::ios_base::clear
  • String ID: : $null
  • API String ID: 3552915579-2804279426
  • Opcode ID: 2fcd48e9fa5d8d9850dc6d98a74a1c1e92a020655cd7358bc5ffce23e1d6d946
  • Instruction ID: fa55c5286dac42396d2bb20cb2b84bc6e64d07e7a72857e11683c746e568a46a
  • Opcode Fuzzy Hash: 2fcd48e9fa5d8d9850dc6d98a74a1c1e92a020655cd7358bc5ffce23e1d6d946
  • Instruction Fuzzy Hash: 16918771A20148DBCB05EFA4C891BEEB7B9AF64314F544429F40277282DF746F69CB61
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 73%
			E003626A0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16) {
				signed int _v8;
				signed char _v15;
				char _v16;
				void _v24;
				short _v28;
				char _v31;
				void _v32;
				long _v36;
				intOrPtr _v40;
				void* _v44;
				signed int _v48;
				signed char* _v52;
				long _v56;
				int _v60;
				signed int _t78;
				signed int _t80;
				int _t86;
				void* _t94;
				long _t97;
				void _t105;
				void* _t112;
				signed int _t116;
				signed int _t118;
				signed char _t123;
				signed char _t128;
				intOrPtr _t129;
				signed int _t131;
				signed char* _t133;
				intOrPtr* _t135;
				signed int _t136;
				void* _t137;

				_t78 =  *0x414f64; // 0x48591883
				_v8 = _t78 ^ _t136;
				_t80 = _a8;
				_t118 = _t80 >> 6;
				_t116 = (_t80 & 0x0000003f) * 0x30;
				_t133 = _a12;
				_v52 = _t133;
				_v48 = _t118;
				_t9 = _t116 + 0x18; // 0x14458b08
				_v44 =  *((intOrPtr*)( *((intOrPtr*)(0x422220 + _t118 * 4)) + _t9));
				_v40 = _a16 + _t133;
				_t86 = GetConsoleCP();
				_t135 = _a4;
				_v60 = _t86;
				 *_t135 = 0;
				 *((intOrPtr*)(_t135 + 4)) = 0;
				 *((intOrPtr*)(_t135 + 8)) = 0;
				while(_t133 < _v40) {
					_v28 = 0;
					_v31 =  *_t133;
					_t129 =  *((intOrPtr*)(0x422220 + _v48 * 4));
					_t123 =  *(_t129 + _t116 + 0x2d);
					if((_t123 & 0x00000004) == 0) {
						if(( *(E0035FA79(_t116, _t129) + ( *_t133 & 0x000000ff) * 2) & 0x00008000) == 0) {
							_push(1);
							_push(_t133);
							goto L8;
						} else {
							if(_t133 >= _v40) {
								_t131 = _v48;
								 *((char*)( *((intOrPtr*)(0x422220 + _t131 * 4)) + _t116 + 0x2e)) =  *_t133;
								 *( *((intOrPtr*)(0x422220 + _t131 * 4)) + _t116 + 0x2d) =  *( *((intOrPtr*)(0x422220 + _t131 * 4)) + _t116 + 0x2d) | 0x00000004;
								 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
							} else {
								_t112 = E0036183A( &_v28, _t133, 2);
								_t137 = _t137 + 0xc;
								if(_t112 != 0xffffffff) {
									_t133 =  &(_t133[1]);
									goto L9;
								}
							}
						}
					} else {
						_t128 = _t123 & 0x000000fb;
						_v16 =  *((intOrPtr*)(_t129 + _t116 + 0x2e));
						_push(2);
						_v15 = _t128;
						 *(_t129 + _t116 + 0x2d) = _t128;
						_push( &_v16);
						L8:
						_push( &_v28);
						_t94 = E0036183A();
						_t137 = _t137 + 0xc;
						if(_t94 != 0xffffffff) {
							L9:
							_t133 =  &(_t133[1]);
							_t97 = WideCharToMultiByte(_v60, 0,  &_v28, 1,  &_v24, 5, 0, 0);
							_v56 = _t97;
							if(_t97 != 0) {
								if(WriteFile(_v44,  &_v24, _t97,  &_v36, 0) == 0) {
									L19:
									 *_t135 = GetLastError();
								} else {
									 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 8)) - _v52 + _t133;
									if(_v36 >= _v56) {
										if(_v31 != 0xa) {
											goto L16;
										} else {
											_t105 = 0xd;
											_v32 = _t105;
											if(WriteFile(_v44,  &_v32, 1,  &_v36, 0) == 0) {
												goto L19;
											} else {
												if(_v36 >= 1) {
													 *((intOrPtr*)(_t135 + 8)) =  *((intOrPtr*)(_t135 + 8)) + 1;
													 *((intOrPtr*)(_t135 + 4)) =  *((intOrPtr*)(_t135 + 4)) + 1;
													goto L16;
												}
											}
										}
									}
								}
							}
						}
					}
					goto L20;
					L16:
				}
				L20:
				return E00344CC8(_v8 ^ _t136);
			}


































0x003626a8
0x003626af
0x003626b2
0x003626ba
0x003626be
0x003626ca
0x003626cd
0x003626d0
0x003626d3
0x003626d7
0x003626df
0x003626e2
0x003626e8
0x003626ee
0x003626f3
0x003626f5
0x003626f8
0x003626fd
0x00362707
0x0036270e
0x00362711
0x00362718
0x0036271f
0x0036274b
0x00362771
0x00362773
0x00000000
0x0036274d
0x00362750
0x00362817
0x00362823
0x0036282e
0x00362833
0x00362756
0x0036275d
0x00362762
0x00362768
0x0036276e
0x00000000
0x0036276e
0x00362768
0x00362750
0x00362721
0x00362725
0x00362728
0x0036272e
0x00362730
0x00362733
0x00362737
0x00362774
0x00362777
0x00362778
0x0036277d
0x00362783
0x00362789
0x00362798
0x0036279e
0x003627a4
0x003627a9
0x003627c5
0x00362838
0x0036283e
0x003627c7
0x003627cf
0x003627d8
0x003627de
0x00000000
0x003627e0
0x003627e2
0x003627e5
0x003627fe
0x00000000
0x00362800
0x00362804
0x00362806
0x00362809
0x00000000
0x00362809
0x00362804
0x003627fe
0x003627de
0x003627d8
0x003627c5
0x003627a9
0x00362783
0x00000000
0x0036280c
0x0036280c
0x00362840
0x00362852

APIs
  • GetConsoleCP.KERNEL32(00000000,00363816,04488914,?,?,?,?,?,?,00362E15,0036F0B7,00363816,00000000,00363816,00363816,00000000), ref: 003626E2
  • __fassign.LIBCMT ref: 0036275D
  • __fassign.LIBCMT ref: 00362778
  • WideCharToMultiByte.KERNEL32(?,00000000,00363816,00000001,00000000,00000005,00000000,00000000), ref: 0036279E
  • WriteFile.KERNEL32(?,00000000,00000000,00362E15,00000000,?,?,?,?,?,?,?,?,?,00362E15,0036F0B7), ref: 003627BD
  • WriteFile.KERNEL32(?,0036F0B7,00000001,00362E15,00000000,?,?,?,?,?,?,?,?,?,00362E15,0036F0B7), ref: 003627F6
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
  • String ID:
  • API String ID: 1324828854-0
  • Opcode ID: eeca9461ee925f2c48c33caf2fccc3aae07d9f67de1c74f7014a5f95625c7852
  • Instruction ID: 7edbe3d9fb25128efcdbec5a687a0d440e30555fa29cadd95903a205d3c17243
  • Opcode Fuzzy Hash: eeca9461ee925f2c48c33caf2fccc3aae07d9f67de1c74f7014a5f95625c7852
  • Instruction Fuzzy Hash: 6E51D470A00605AFCB16CFA8DC85EEFBBF8EF18300F15816AE955E7255D7309941CB60
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00369745(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E0036948C(_t45, 7);
					E0036948C(_t45 + 0x1c, 7);
					E0036948C(_t45 + 0x38, 0xc);
					E0036948C(_t45 + 0x68, 0xc);
					E0036948C(_t45 + 0x98, 2);
					E00360415( *((intOrPtr*)(_t45 + 0xa0)));
					E00360415( *((intOrPtr*)(_t45 + 0xa4)));
					E00360415( *((intOrPtr*)(_t45 + 0xa8)));
					E0036948C(_t45 + 0xb4, 7);
					E0036948C(_t45 + 0xd0, 7);
					E0036948C(_t45 + 0xec, 0xc);
					E0036948C(_t45 + 0x11c, 0xc);
					E0036948C(_t45 + 0x14c, 2);
					E00360415( *((intOrPtr*)(_t45 + 0x154)));
					E00360415( *((intOrPtr*)(_t45 + 0x158)));
					E00360415( *((intOrPtr*)(_t45 + 0x15c)));
					return E00360415( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




0x0036974b
0x00369750
0x00369759
0x00369764
0x0036976f
0x0036977a
0x00369788
0x00369793
0x0036979e
0x003697a9
0x003697b7
0x003697c5
0x003697d6
0x003697e4
0x003697f2
0x003697fd
0x00369808
0x00369813
0x00000000
0x00369823
0x00369828

APIs
    • Part of subcall function 0036948C: _free.LIBCMT ref: 003694B5
  • _free.LIBCMT ref: 00369793
    • Part of subcall function 00360415: HeapFree.KERNEL32(00000000,00000000,?,003694BA,?,00000000,?,00000000,?,0036975E,?,00000007,?,?,00369BDA,?), ref: 0036042B
    • Part of subcall function 00360415: GetLastError.KERNEL32(?,?,003694BA,?,00000000,?,00000000,?,0036975E,?,00000007,?,?,00369BDA,?,?), ref: 0036043D
  • _free.LIBCMT ref: 0036979E
  • _free.LIBCMT ref: 003697A9
  • _free.LIBCMT ref: 003697FD
  • _free.LIBCMT ref: 00369808
  • _free.LIBCMT ref: 00369813
  • _free.LIBCMT ref: 0036981E
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: _free$ErrorFreeHeapLast
  • String ID:
  • API String ID: 776569668-0
  • Opcode ID: fe66aa793b3578a7cbc47756d21923e0d1c19428c7d0aa02cf8d30d036a9ffbd
  • Instruction ID: e22efe1cbf06b552c66d49c069a914108164198eea776af25cf9e63d240a4c48
  • Opcode Fuzzy Hash: fe66aa793b3578a7cbc47756d21923e0d1c19428c7d0aa02cf8d30d036a9ffbd
  • Instruction Fuzzy Hash: C8114A31540B08AADE33FBB2CD07FDB7B9C9F40701F40C966B2996A056DE78A5058A91
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 95%
			E0034BF01(void* __ecx) {
				void* _t4;
				void* _t11;
				void* _t16;
				long _t25;
				void* _t28;

				if( *0x414ff0 != 0xffffffff) {
					_t25 = GetLastError();
					_t11 = E0034BD56(__eflags,  *0x414ff0);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E0034BD90(__eflags,  *0x414ff0, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_t28 = E0035FA1C(_t16, 1, 0x28);
								__eflags = _t28;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E0034BD90(__eflags,  *0x414ff0, 0);
								} else {
									__eflags = E0034BD90(__eflags,  *0x414ff0, _t28);
									if(__eflags != 0) {
										_t11 = _t28;
										_t28 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E00360415(_t28);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t25);
					return _t11;
				} else {
					return 0;
				}
			}








0x0034bf08
0x0034bf1b
0x0034bf22
0x0034bf25
0x0034bf28
0x0034bf41
0x0034bf41
0x0034bf2a
0x0034bf2a
0x0034bf2c
0x0034bf36
0x0034bf3c
0x0034bf3d
0x0034bf3f
0x0034bf4f
0x0034bf53
0x0034bf55
0x0034bf69
0x0034bf69
0x0034bf72
0x0034bf57
0x0034bf65
0x0034bf67
0x0034bf7b
0x0034bf7d
0x0034bf7d
0x00000000
0x00000000
0x00000000
0x0034bf67
0x0034bf80
0x00000000
0x00000000
0x00000000
0x0034bf3f
0x0034bf2c
0x0034bf88
0x0034bf92
0x0034bf0a
0x0034bf0c
0x0034bf0c

APIs
  • GetLastError.KERNEL32(?,?,0034BEF8,00348B3D,0017FDAB,48591883,?,00000000,00370E90,000000FF,?,0017FCAF,48591883,48591883,?,0020A6F3), ref: 0034BF0F
  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0034BF1D
  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0034BF36
  • SetLastError.KERNEL32(00000000,0017FCAF,48591883,48591883,?,0020A6F3), ref: 0034BF88
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLastValue___vcrt_
  • String ID:
  • API String ID: 3852720340-0
  • Opcode ID: 67e41d13302922f1b0190bcdd4efe22a649f6f68db4b1f4a955a597383c28d07
  • Instruction ID: bdc5e4384c9734a669361562850ad930879ace532611fc9b054f6256d1d34906
  • Opcode Fuzzy Hash: 67e41d13302922f1b0190bcdd4efe22a649f6f68db4b1f4a955a597383c28d07
  • Instruction Fuzzy Hash: 1901283310C3129FE6172B757C8596AA7D8DB523707214379F4248D1F0EF11EC055A94
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 71%
			E0035F005(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, signed int _a8, intOrPtr _a12) {
				signed int _v8;
				short _v270;
				short _v272;
				char _v528;
				char _v700;
				signed int _v704;
				signed int _v708;
				short _v710;
				signed int* _v712;
				signed int _v716;
				signed int _v720;
				signed int _v724;
				signed int* _v728;
				signed int _v732;
				signed int _v736;
				signed int _v740;
				signed int _v744;
				signed int _t149;
				void* _t156;
				signed int _t157;
				signed int _t158;
				intOrPtr _t159;
				signed int _t162;
				signed int _t166;
				signed int _t167;
				signed int _t172;
				signed int _t173;
				signed int _t175;
				signed int _t195;
				signed int _t196;
				signed int _t199;
				signed int _t204;
				signed int _t207;
				intOrPtr* _t213;
				intOrPtr* _t214;
				signed int _t225;
				signed int _t228;
				intOrPtr* _t229;
				signed int _t231;
				signed int* _t235;
				void* _t243;
				signed int _t244;
				intOrPtr _t246;
				signed int _t251;
				signed int _t253;
				signed int _t257;
				signed int* _t258;
				intOrPtr* _t259;
				short _t260;
				signed int _t262;
				signed int _t264;
				void* _t266;
				void* _t268;

				_t262 = _t264;
				_t149 =  *0x414f64; // 0x48591883
				_v8 = _t149 ^ _t262;
				_push(__ebx);
				_t207 = _a8;
				_push(__esi);
				_push(__edi);
				_t246 = _a4;
				_v744 = _t207;
				_v728 = E0036098D(_t207, __ecx, __edx) + 0x278;
				_push( &_v708);
				_t156 = E0035E74F(_t207, __edx, _t246, _a12, _a12,  &_v272, 0x83,  &_v700, 0x55);
				_t266 = _t264 - 0x2e4 + 0x18;
				if(_t156 != 0) {
					_t11 = _t207 + 2; // 0x6
					_t251 = _t11 << 4;
					__eflags = _t251;
					_t157 =  &_v272;
					_v716 = _t251;
					_t213 =  *((intOrPtr*)(_t251 + _t246));
					while(1) {
						_v704 = _v704 & 0x00000000;
						__eflags =  *_t157 -  *_t213;
						_t253 = _v716;
						if( *_t157 !=  *_t213) {
							break;
						}
						__eflags =  *_t157;
						if( *_t157 == 0) {
							L9:
							_t158 = _v704;
						} else {
							_t260 =  *((intOrPtr*)(_t157 + 2));
							__eflags = _t260 -  *((intOrPtr*)(_t213 + 2));
							_v710 = _t260;
							_t253 = _v716;
							if(_t260 !=  *((intOrPtr*)(_t213 + 2))) {
								break;
							} else {
								_t157 = _t157 + 4;
								_t213 = _t213 + 4;
								__eflags = _v710;
								if(_v710 != 0) {
									continue;
								} else {
									goto L9;
								}
							}
						}
						L11:
						__eflags = _t158;
						if(_t158 != 0) {
							_t214 =  &_v272;
							_t243 = _t214 + 2;
							do {
								_t159 =  *_t214;
								_t214 = _t214 + 2;
								__eflags = _t159 - _v704;
							} while (_t159 != _v704);
							_v720 = (_t214 - _t243 >> 1) + 1;
							_t162 = E003600B9(_t214 - _t243 >> 1, 4 + ((_t214 - _t243 >> 1) + 1) * 2);
							_v732 = _t162;
							__eflags = _t162;
							if(_t162 == 0) {
								goto L2;
							} else {
								_v724 =  *((intOrPtr*)(_t253 + _t246));
								_t35 = _t207 * 4; // 0xb814
								_v736 =  *((intOrPtr*)(_t246 + _t35 + 0xa0));
								_t38 = _t246 + 8; // 0x8b56ff8b
								_v740 =  *_t38;
								_t223 =  &_v272;
								_v712 = _t162 + 4;
								_t166 = E00356EA6(_t162 + 4, _v720,  &_v272);
								_t268 = _t266 + 0xc;
								__eflags = _t166;
								if(_t166 != 0) {
									_t167 = _v704;
									_push(_t167);
									_push(_t167);
									_push(_t167);
									_push(_t167);
									_push(_t167);
									E0034D694();
									asm("int3");
									return  *0x421fe4;
								} else {
									__eflags = _v272 - 0x43;
									 *((intOrPtr*)(_t253 + _t246)) = _v712;
									if(_v272 != 0x43) {
										L20:
										_t172 = E0035E45C(_t207, _t223, _t246,  &_v700);
										_t225 = _v704;
										 *(_t246 + 0xa0 + _t207 * 4) = _t172;
									} else {
										__eflags = _v270;
										if(_v270 != 0) {
											goto L20;
										} else {
											_t225 = _v704;
											 *(_t246 + 0xa0 + _t207 * 4) = _t225;
										}
									}
									__eflags = _t207 - 2;
									if(_t207 != 2) {
										__eflags = _t207 - 1;
										if(_t207 != 1) {
											__eflags = _t207 - 5;
											if(_t207 == 5) {
												 *((intOrPtr*)(_t246 + 0x14)) = _v708;
											}
										} else {
											 *((intOrPtr*)(_t246 + 0x10)) = _v708;
										}
									} else {
										_t258 = _v728;
										_t244 = _t225;
										_t235 = _t258;
										 *(_t246 + 8) = _v708;
										_v712 = _t258;
										_v720 = _t258[8];
										_v708 = _t258[9];
										while(1) {
											_t64 = _t246 + 8; // 0x8b56ff8b
											__eflags =  *_t64 -  *_t235;
											if( *_t64 ==  *_t235) {
												break;
											}
											_t259 = _v712;
											_t244 = _t244 + 1;
											_t204 =  *_t235;
											 *_t259 = _v720;
											_v708 = _t235[1];
											_t235 = _t259 + 8;
											 *((intOrPtr*)(_t259 + 4)) = _v708;
											_t207 = _v744;
											_t258 = _v728;
											_v720 = _t204;
											_v712 = _t235;
											__eflags = _t244 - 5;
											if(_t244 < 5) {
												continue;
											} else {
											}
											L28:
											__eflags = _t244 - 5;
											if(__eflags == 0) {
												_t88 = _t246 + 8; // 0x8b56ff8b
												_t195 = E003698A8(_t207, _t244, _t246, _t258, __eflags, _v704, 1, 0x3ba7b8, 0x7f,  &_v528,  *_t88, 1);
												_t268 = _t268 + 0x1c;
												__eflags = _t195;
												_t196 = _v704;
												if(_t195 == 0) {
													_t258[1] = _t196;
												} else {
													do {
														 *(_t262 + _t196 * 2 - 0x20c) =  *(_t262 + _t196 * 2 - 0x20c) & 0x000001ff;
														_t196 = _t196 + 1;
														__eflags = _t196 - 0x7f;
													} while (_t196 < 0x7f);
													_t199 = E0034A176( &_v528,  *0x415130, 0xfe);
													_t268 = _t268 + 0xc;
													__eflags = _t199;
													_t258[1] = 0 | _t199 == 0x00000000;
												}
												_t103 = _t246 + 8; // 0x8b56ff8b
												 *_t258 =  *_t103;
											}
											 *(_t246 + 0x18) = _t258[1];
											goto L39;
										}
										__eflags = _t244;
										if(_t244 != 0) {
											 *_t258 =  *(_t258 + _t244 * 8);
											_t258[1] =  *(_t258 + 4 + _t244 * 8);
											 *(_t258 + _t244 * 8) = _v720;
											 *(_t258 + 4 + _t244 * 8) = _v708;
										}
										goto L28;
									}
									L39:
									_t173 = _t207 * 0xc;
									_t110 = _t173 + 0x3ba6f8; // 0x265d4a
									 *0x38a1c8(_t246);
									_t175 =  *((intOrPtr*)( *_t110))();
									_t228 = _v724;
									__eflags = _t175;
									if(_t175 == 0) {
										__eflags = _t228 - 0x415208;
										if(_t228 != 0x415208) {
											_t257 = _t207 + _t207;
											__eflags = _t257;
											asm("lock xadd [eax], ecx");
											if(_t257 != 0) {
												goto L44;
											} else {
												_t128 = _t257 * 8; // 0x30ff068b
												E00360415( *((intOrPtr*)(_t246 + _t128 + 0x28)));
												_t131 = _t257 * 8; // 0x30ff0c46
												E00360415( *((intOrPtr*)(_t246 + _t131 + 0x24)));
												_t134 = _t207 * 4; // 0xb814
												E00360415( *((intOrPtr*)(_t246 + _t134 + 0xa0)));
												_t231 = _v704;
												 *((intOrPtr*)(_v716 + _t246)) = _t231;
												 *(_t246 + 0xa0 + _t207 * 4) = _t231;
											}
										}
										_t229 = _v732;
										 *_t229 = 1;
										 *((intOrPtr*)(_t246 + 0x28 + (_t207 + _t207) * 8)) = _t229;
									} else {
										 *(_v716 + _t246) = _t228;
										_t115 = _t207 * 4; // 0xb814
										E00360415( *((intOrPtr*)(_t246 + _t115 + 0xa0)));
										 *(_t246 + 0xa0 + _t207 * 4) = _v736;
										E00360415(_v732);
										 *(_t246 + 8) = _v740;
										goto L2;
									}
									goto L3;
								}
							}
						} else {
							goto L3;
						}
						goto L48;
					}
					asm("sbb eax, eax");
					_t158 = _t157 | 0x00000001;
					__eflags = _t158;
					goto L11;
				} else {
					L2:
					L3:
					return E00344CC8(_v8 ^ _t262);
				}
				L48:
			}
























































0x0035f008
0x0035f010
0x0035f017
0x0035f01a
0x0035f01b
0x0035f01e
0x0035f022
0x0035f023
0x0035f026
0x0035f036
0x0035f042
0x0035f059
0x0035f05e
0x0035f063
0x0035f078
0x0035f07b
0x0035f07b
0x0035f07e
0x0035f084
0x0035f08d
0x0035f08f
0x0035f092
0x0035f099
0x0035f09c
0x0035f0a2
0x00000000
0x00000000
0x0035f0a4
0x0035f0a8
0x0035f0d1
0x0035f0d1
0x0035f0aa
0x0035f0aa
0x0035f0ae
0x0035f0b2
0x0035f0b9
0x0035f0bf
0x00000000
0x0035f0c1
0x0035f0c1
0x0035f0c4
0x0035f0c7
0x0035f0cf
0x00000000
0x00000000
0x00000000
0x00000000
0x0035f0cf
0x0035f0bf
0x0035f0de
0x0035f0de
0x0035f0e0
0x0035f0e6
0x0035f0ec
0x0035f0ef
0x0035f0ef
0x0035f0f2
0x0035f0f5
0x0035f0f5
0x0035f105
0x0035f113
0x0035f118
0x0035f11f
0x0035f121
0x00000000
0x0035f127
0x0035f12d
0x0035f133
0x0035f13a
0x0035f140
0x0035f143
0x0035f149
0x0035f156
0x0035f15d
0x0035f162
0x0035f165
0x0035f167
0x0035f3c0
0x0035f3c6
0x0035f3c7
0x0035f3c8
0x0035f3c9
0x0035f3ca
0x0035f3cb
0x0035f3d0
0x0035f3d6
0x0035f16d
0x0035f16d
0x0035f17b
0x0035f17e
0x0035f199
0x0035f1a0
0x0035f1a6
0x0035f1ac
0x0035f180
0x0035f180
0x0035f188
0x00000000
0x0035f18a
0x0035f18a
0x0035f190
0x0035f190
0x0035f188
0x0035f1b3
0x0035f1b6
0x0035f2d3
0x0035f2d6
0x0035f2e3
0x0035f2e6
0x0035f2ee
0x0035f2ee
0x0035f2d8
0x0035f2de
0x0035f2de
0x0035f1bc
0x0035f1bc
0x0035f1c2
0x0035f1ca
0x0035f1cc
0x0035f1cf
0x0035f1d8
0x0035f1e1
0x0035f1e7
0x0035f1e7
0x0035f1ea
0x0035f1ec
0x00000000
0x00000000
0x0035f1ee
0x0035f1f4
0x0035f1f5
0x0035f200
0x0035f208
0x0035f210
0x0035f213
0x0035f216
0x0035f21c
0x0035f222
0x0035f228
0x0035f22e
0x0035f231
0x00000000
0x00000000
0x0035f233
0x0035f258
0x0035f258
0x0035f25b
0x0035f25f
0x0035f278
0x0035f27d
0x0035f280
0x0035f282
0x0035f288
0x0035f2c3
0x0035f28a
0x0035f28a
0x0035f28f
0x0035f297
0x0035f298
0x0035f298
0x0035f2af
0x0035f2b6
0x0035f2b9
0x0035f2be
0x0035f2be
0x0035f2c6
0x0035f2c9
0x0035f2c9
0x0035f2ce
0x00000000
0x0035f2ce
0x0035f235
0x0035f237
0x0035f23c
0x0035f242
0x0035f24b
0x0035f254
0x0035f254
0x00000000
0x0035f237
0x0035f2f1
0x0035f2f1
0x0035f2f5
0x0035f2fd
0x0035f303
0x0035f306
0x0035f30c
0x0035f30e
0x0035f34e
0x0035f354
0x0035f35b
0x0035f35b
0x0035f361
0x0035f365
0x00000000
0x0035f367
0x0035f367
0x0035f36b
0x0035f370
0x0035f374
0x0035f379
0x0035f380
0x0035f38e
0x0035f394
0x0035f397
0x0035f397
0x0035f365
0x0035f3a6
0x0035f3ae
0x0035f3b7
0x0035f310
0x0035f316
0x0035f319
0x0035f320
0x0035f332
0x0035f339
0x0035f346
0x00000000
0x0035f346
0x00000000
0x0035f30e
0x0035f167
0x0035f0e2
0x00000000
0x0035f0e2
0x00000000
0x0035f0e0
0x0035f0d9
0x0035f0db
0x0035f0db
0x00000000
0x0035f065
0x0035f065
0x0035f067
0x0035f077
0x0035f077
0x00000000

APIs
    • Part of subcall function 0036098D: GetLastError.KERNEL32(?,00000000,0034D338,00000000,?,?,00367A5E,?,00000020,?,?,?,0035D143,?,UTF-8,00000005), ref: 00360991
    • Part of subcall function 0036098D: _free.LIBCMT ref: 003609C4
    • Part of subcall function 0036098D: SetLastError.KERNEL32(00000000,00000020,?,?,?,0035D143,?,UTF-8,00000005,?,0019E626,00000000,00356348,?,?,0019E626), ref: 00360A05
    • Part of subcall function 0036098D: _abort.LIBCMT ref: 00360A0B
  • _memcmp.LIBVCRUNTIME ref: 0035F2AF
  • _free.LIBCMT ref: 0035F320
  • _free.LIBCMT ref: 0035F339
  • _free.LIBCMT ref: 0035F36B
  • _free.LIBCMT ref: 0035F374
  • _free.LIBCMT ref: 0035F380
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: _free$ErrorLast$_abort_memcmp
  • String ID:
  • API String ID: 1679612858-0
  • Opcode ID: 5631163948d98e2cb2dcfe11d28c17fc9bca9aba997590a5a32b3a15d196a4ff
  • Instruction ID: 1fe5248336bd0d34b1d59f2955c7939dccbf7df883af9c828d04df81b1e8dc72
  • Opcode Fuzzy Hash: 5631163948d98e2cb2dcfe11d28c17fc9bca9aba997590a5a32b3a15d196a4ff
  • Instruction Fuzzy Hash: 4EB16975901219DFDB26DF18C885AADB7B4FF08305F5485EAE809A7361D731AE84CF40
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 69%
			E003676F5(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, char* _a16, int _a20, intOrPtr _a24, short* _a28, int _a32, intOrPtr _a36) {
				signed int _v8;
				int _v12;
				void* _v24;
				signed int _t49;
				signed int _t54;
				int _t58;
				signed int _t60;
				short* _t62;
				signed int _t66;
				short* _t70;
				int _t71;
				int _t78;
				short* _t81;
				signed int _t87;
				signed int _t90;
				void* _t95;
				void* _t96;
				int _t98;
				short* _t101;
				int _t103;
				signed int _t106;
				short* _t107;
				void* _t110;

				_push(__ecx);
				_push(__ecx);
				_t49 =  *0x414f64; // 0x48591883
				_v8 = _t49 ^ _t106;
				_push(__esi);
				_t103 = _a20;
				if(_t103 > 0) {
					_t78 = E003603F9(_a16, _t103);
					_t110 = _t78 - _t103;
					_t4 = _t78 + 1; // 0x1
					_t103 = _t4;
					if(_t110 >= 0) {
						_t103 = _t78;
					}
				}
				_t98 = _a32;
				if(_t98 == 0) {
					_t98 =  *( *_a4 + 8);
					_a32 = _t98;
				}
				_t54 = MultiByteToWideChar(_t98, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t103, 0, 0);
				_v12 = _t54;
				if(_t54 == 0) {
					L38:
					return E00344CC8(_v8 ^ _t106);
				} else {
					_t95 = _t54 + _t54;
					_t85 = _t95 + 8;
					asm("sbb eax, eax");
					if((_t95 + 0x00000008 & _t54) == 0) {
						_t81 = 0;
						__eflags = 0;
						L14:
						if(_t81 == 0) {
							L36:
							_t105 = 0;
							L37:
							E00347108(_t81);
							goto L38;
						}
						_t58 = MultiByteToWideChar(_t98, 1, _a16, _t103, _t81, _v12);
						_t121 = _t58;
						if(_t58 == 0) {
							goto L36;
						}
						_t100 = _v12;
						_t60 = E003611B4(_t85, _t103, _t121, _a8, _a12, _t81, _v12, 0, 0, 0, 0, 0);
						_t105 = _t60;
						if(_t105 == 0) {
							goto L36;
						}
						if((_a12 & 0x00000400) == 0) {
							_t96 = _t105 + _t105;
							_t87 = _t96 + 8;
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							__eflags = _t87 & _t60;
							if((_t87 & _t60) == 0) {
								_t101 = 0;
								__eflags = 0;
								L30:
								__eflags = _t101;
								if(__eflags == 0) {
									L35:
									E00347108(_t101);
									goto L36;
								}
								_t62 = E003611B4(_t87, _t105, __eflags, _a8, _a12, _t81, _v12, _t101, _t105, 0, 0, 0);
								__eflags = _t62;
								if(_t62 == 0) {
									goto L35;
								}
								_push(0);
								_push(0);
								__eflags = _a28;
								if(_a28 != 0) {
									_push(_a28);
									_push(_a24);
								} else {
									_push(0);
									_push(0);
								}
								_t105 = WideCharToMultiByte(_a32, 0, _t101, _t105, ??, ??, ??, ??);
								__eflags = _t105;
								if(_t105 != 0) {
									E00347108(_t101);
									goto L37;
								} else {
									goto L35;
								}
							}
							_t90 = _t96 + 8;
							__eflags = _t96 - _t90;
							asm("sbb eax, eax");
							_t66 = _t60 & _t90;
							_t87 = _t96 + 8;
							__eflags = _t66 - 0x400;
							if(_t66 > 0x400) {
								__eflags = _t96 - _t87;
								asm("sbb eax, eax");
								_t101 = E003600B9(_t87, _t66 & _t87);
								_pop(_t87);
								__eflags = _t101;
								if(_t101 == 0) {
									goto L35;
								}
								 *_t101 = 0xdddd;
								L28:
								_t101 =  &(_t101[4]);
								goto L30;
							}
							__eflags = _t96 - _t87;
							asm("sbb eax, eax");
							E003458C0();
							_t101 = _t107;
							__eflags = _t101;
							if(_t101 == 0) {
								goto L35;
							}
							 *_t101 = 0xcccc;
							goto L28;
						}
						_t70 = _a28;
						if(_t70 == 0) {
							goto L37;
						}
						_t125 = _t105 - _t70;
						if(_t105 > _t70) {
							goto L36;
						}
						_t71 = E003611B4(0, _t105, _t125, _a8, _a12, _t81, _t100, _a24, _t70, 0, 0, 0);
						_t105 = _t71;
						if(_t71 != 0) {
							goto L37;
						}
						goto L36;
					}
					asm("sbb eax, eax");
					_t72 = _t54 & _t95 + 0x00000008;
					_t85 = _t95 + 8;
					if((_t54 & _t95 + 0x00000008) > 0x400) {
						__eflags = _t95 - _t85;
						asm("sbb eax, eax");
						_t81 = E003600B9(_t85, _t72 & _t85);
						_pop(_t85);
						__eflags = _t81;
						if(__eflags == 0) {
							goto L36;
						}
						 *_t81 = 0xdddd;
						L12:
						_t81 =  &(_t81[4]);
						goto L14;
					}
					asm("sbb eax, eax");
					E003458C0();
					_t81 = _t107;
					if(_t81 == 0) {
						goto L36;
					}
					 *_t81 = 0xcccc;
					goto L12;
				}
			}


























0x003676fa
0x003676fb
0x003676fc
0x00367703
0x00367707
0x00367708
0x0036770e
0x00367714
0x0036771a
0x0036771d
0x0036771d
0x00367720
0x00367722
0x00367722
0x00367720
0x00367724
0x00367729
0x00367730
0x00367733
0x00367733
0x0036774f
0x00367755
0x0036775a
0x003678ed
0x00367900
0x00367760
0x00367760
0x00367763
0x00367768
0x0036776c
0x003677c0
0x003677c0
0x003677c2
0x003677c4
0x003678e2
0x003678e2
0x003678e4
0x003678e5
0x00000000
0x003678eb
0x003677d5
0x003677db
0x003677dd
0x00000000
0x00000000
0x003677e3
0x003677f5
0x003677fa
0x003677fe
0x00000000
0x00000000
0x0036780b
0x00367845
0x00367848
0x0036784b
0x0036784d
0x0036784f
0x00367851
0x0036789d
0x0036789d
0x0036789f
0x0036789f
0x003678a1
0x003678db
0x003678dc
0x00000000
0x003678e1
0x003678b5
0x003678ba
0x003678bc
0x00000000
0x00000000
0x003678c0
0x003678c1
0x003678c2
0x003678c5
0x00367901
0x00367904
0x003678c7
0x003678c7
0x003678c8
0x003678c8
0x003678d5
0x003678d7
0x003678d9
0x0036790a
0x00000000
0x00000000
0x00000000
0x00000000
0x003678d9
0x00367853
0x00367856
0x00367858
0x0036785a
0x0036785c
0x0036785f
0x00367864
0x0036787f
0x00367881
0x0036788b
0x0036788d
0x0036788e
0x00367890
0x00000000
0x00000000
0x00367892
0x00367898
0x00367898
0x00000000
0x00367898
0x00367866
0x00367868
0x0036786c
0x00367871
0x00367873
0x00367875
0x00000000
0x00000000
0x00367877
0x00000000
0x00367877
0x0036780d
0x00367812
0x00000000
0x00000000
0x00367818
0x0036781a
0x00000000
0x00000000
0x00367831
0x00367836
0x0036783a
0x00000000
0x00000000
0x00000000
0x00367840
0x00367773
0x00367775
0x00367777
0x0036777f
0x0036779e
0x003677a0
0x003677aa
0x003677ac
0x003677ad
0x003677af
0x00000000
0x00000000
0x003677b5
0x003677bb
0x003677bb
0x00000000
0x003677bb
0x00367783
0x00367787
0x0036778c
0x00367790
0x00000000
0x00000000
0x00367796
0x00000000
0x00367796

APIs
  • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,0034F6EB,0034F6EB,?,?,?,00367946,00000001,00000001,ACE85006), ref: 0036774F
  • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00367946,00000001,00000001,ACE85006,?,?,?), ref: 003677D5
  • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,ACE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 003678CF
  • __freea.LIBCMT ref: 003678DC
    • Part of subcall function 003600B9: HeapAlloc.KERNEL32(00000000,?,00000004,?,0036011C,?,00000000,?,0035C240,?,00000004,FFFFFFFF,?,?,?,0035F6AB), ref: 003600EB
  • __freea.LIBCMT ref: 003678E5
  • __freea.LIBCMT ref: 0036790A
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ByteCharMultiWide__freea$AllocHeap
  • String ID:
  • API String ID: 3147120248-0
  • Opcode ID: 06f22071f166b330b7e258783587fad2623c4f406b143ee8d3239dd924965bb4
  • Instruction ID: 103cc1a26b3843258d149176b2c2245fd9a959cecd488213bb8689c478ef08ce
  • Opcode Fuzzy Hash: 06f22071f166b330b7e258783587fad2623c4f406b143ee8d3239dd924965bb4
  • Instruction Fuzzy Hash: FD510472614216AFDB278F64CC46EBF37A9EB44758F668229FC05DB144DB34DC40D6A0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E002104E0(intOrPtr __ecx, void* __eflags, char _a4) {
				intOrPtr* _t7;
				intOrPtr* _t8;
				void* _t12;
				intOrPtr* _t15;
				void* _t18;
				void* _t23;
				void* _t26;
				void* _t27;
				void* _t33;
				intOrPtr* _t36;
				void* _t39;
				intOrPtr* _t43;
				intOrPtr _t44;
				void* _t45;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t55;
				void* _t71;
				void* _t73;
				char _t74;
				void* _t75;
				intOrPtr* _t76;
				void* _t77;

				_t44 = __ecx;
				_t7 = E0015F8E0(__ecx);
				_t74 = _a4;
				_t47 = _t74;
				if( *_t7 < 0x10) {
					_t8 = E0015F8E0(_t47);
					_t48 = _t74;
					if( *_t8 >= 0x10) {
						_a4 =  *((intOrPtr*)(E0015F7E0(_t48)));
						_t12 = E0015E530(E0015F7E0(_t74));
						E0015F790(E0015F0C0(_t44), _t12);
						_t15 = E0015EF30(_t44);
						_t18 = E0015F7E0(_t44);
						E0015F7B0(_t74, E0015F7E0(_t74), _t18,  *_t15 + 1);
						_t55 = _t44;
						goto L4;
					} else {
						_t26 = E0015F7E0(_t48);
						_t58 = _t44;
						_t71 = _t26;
						_t27 = E0015F7E0(_t44);
						_t75 = _t27;
						if(_t75 != _t71) {
							_t4 = _t75 + 0x10; // 0x10
							_t45 = _t4;
							if(_t75 != _t45) {
								_t73 = _t71 - _t75;
								do {
									_t27 = E001C4820(_t58, _t75, _t73 + _t75);
									_t75 = _t75 + 1;
									_t77 = _t77 + 8;
								} while (_t75 != _t45);
							}
						}
						return _t27;
					}
				} else {
					if( *((intOrPtr*)(E0015F8E0(_t47))) < 0x10) {
						_a4 =  *((intOrPtr*)(E0015F7E0(_t44)));
						_t33 = E0015E530(E0015F7E0(_t44));
						E0015F790(E0015F0C0(_t44), _t33);
						_t36 = E0015EF30(_t74);
						_t39 = E0015F7E0(_t74);
						E0015F7B0(_t44, E0015F7E0(_t44), _t39,  *_t36 + 1);
						_t55 = _t74;
						L4:
						_t23 = E0015E530(E0015F7E0(_t55));
						return E0015F2A0(E0015F0C0(_t44), _t23,  &_a4);
					} else {
						_t76 = E0015F7E0(_t74);
						_t43 = E0015F7E0(_t44);
						 *_t43 =  *_t76;
						 *_t76 =  *_t43;
						return _t43;
					}
				}
			}


























0x002104e5
0x002104e7
0x002104ec
0x002104ef
0x002104f4
0x00210599
0x0021059e
0x002105a3
0x002105e5
0x002105ee
0x00210600
0x00210607
0x00210612
0x00210620
0x00210625
0x00000000
0x002105a5
0x002105a6
0x002105ab
0x002105ad
0x002105af
0x002105b4
0x002105b8
0x002105ba
0x002105ba
0x002105bf
0x002105c1
0x002105c3
0x002105c8
0x002105cd
0x002105ce
0x002105d1
0x002105c3
0x002105bf
0x002105d9
0x002105d9
0x002104fa
0x00210502
0x0021052d
0x00210536
0x00210548
0x0021054f
0x0021055a
0x00210568
0x0021056d
0x0021056f
0x0021057c
0x00210596
0x00210504
0x0021050d
0x0021050f
0x00210518
0x0021051a
0x0021051f
0x0021051f
0x00210502

APIs
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: char_traitsconstructswaptype_info::name
  • String ID:
  • API String ID: 1149031155-0
  • Opcode ID: 7d0700c98f9c6989cf694ec60fbb7f6bab04265ff4facadb1acd2cf63d21fedd
  • Instruction ID: 4d198e8ca722011a3a0a0f6e9582737660480e29069d4b0c0656d740b7b909dd
  • Opcode Fuzzy Hash: 7d0700c98f9c6989cf694ec60fbb7f6bab04265ff4facadb1acd2cf63d21fedd
  • Instruction Fuzzy Hash: 333183B5B10214DF8E08BF74949646E768AAFA8346340083EFE26CF242DF359D4E87D4
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(00000000), ref: 00162C3D
  • ?IsEmpty@CDuiString@DuiLib@@QBE_NXZ.DUILIB ref: 00162C50
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00162C6A
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 00162C7B
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB(48591883), ref: 00162CB4
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB(48591883), ref: 00162CC9
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$Empty@V01@@
  • String ID:
  • API String ID: 1300350856-0
  • Opcode ID: db93bb85472532c2662977186cead83fd217548b0f1aaca863b784b6e138c1b6
  • Instruction ID: d57d3b2f8b56fba3f8e45190f0da7080a6a7a90dd8d9410bcdf23e7742678020
  • Opcode Fuzzy Hash: db93bb85472532c2662977186cead83fd217548b0f1aaca863b784b6e138c1b6
  • Instruction Fuzzy Hash: E941D274A00219CFDB28CF24DD84BA9B7B5FB49310F1482E9D95A9B392DB306E85CF40
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 82%
			E00180300(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v52;
				signed int _t33;
				signed int _t70;

				_push(0xffffffff);
				_push(0x371ef8);
				_push( *[fs:0x0]);
				_t33 =  *0x414f64; // 0x48591883
				_push(_t33 ^ _t70);
				 *[fs:0x0] =  &_v16;
				E003463E6( &_v36, 0);
				_v8 = 0;
				_v20 =  *0x424c28;
				_v32 = E00168B70(0x427a1c);
				_v24 = E00168BC0(_a4, _v32);
				if(_v24 == 0) {
					__eflags = _v20;
					if(_v20 == 0) {
						__eflags = E00180400(__ebx, __edi,  &_v20, _a4) - 0xffffffff;
						if(__eflags != 0) {
							_v24 = _v20;
							 *0x424c28 = _v20;
							_v28 = _v20;
							 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4))))();
							E00346163(__eflags, _v28);
						} else {
							E001693F0( &_v52);
							E00349ADA( &_v52, 0x40957c);
						}
					} else {
						_v24 = _v20;
					}
				}
				_v40 = _v24;
				_v8 = 0xffffffff;
				E0034643E( &_v36);
				 *[fs:0x0] = _v16;
				return _v40;
			}














0x00180303
0x00180305
0x00180310
0x00180314
0x0018031b
0x0018031f
0x0018032a
0x0018032f
0x0018033b
0x00180348
0x00180357
0x0018035e
0x00180362
0x00180366
0x00180380
0x00180383
0x001803a0
0x001803a6
0x001803af
0x001803bd
0x001803c3
0x00180385
0x00180388
0x00180396
0x00180396
0x00180368
0x0018036b
0x0018036b
0x00180366
0x001803ce
0x001803d1
0x001803db
0x001803e6
0x001803f1

APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 0018032A
  • int.LIBCPMTD ref: 00180343
    • Part of subcall function 00168B70: std::_Lockit::_Lockit.LIBCPMT ref: 00168B86
    • Part of subcall function 00168B70: std::_Lockit::~_Lockit.LIBCPMT ref: 00168BB0
  • std::_Lockit::~_Lockit.LIBCPMT ref: 001803DB
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lockitstd::_$Lockit::_Lockit::~_
  • String ID:
  • API String ID: 593203224-0
  • Opcode ID: e5ab3b18b335c94c49f31c9908613279b825486ecc02a2a14e655f4b463553a5
  • Instruction ID: 56db817d54ff9ce42ef7b77d6275df03c18ad8559449f14c00a6c232d13f2394
  • Opcode Fuzzy Hash: e5ab3b18b335c94c49f31c9908613279b825486ecc02a2a14e655f4b463553a5
  • Instruction Fuzzy Hash: E7314BB5E04209DFCB05EF98D981AEEB7B4FB4C310F104629E815A7390DB34AA05CFA1
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 82%
			E001694E0(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v52;
				signed int _t33;
				signed int _t70;

				_push(0xffffffff);
				_push(0x371ef8);
				_push( *[fs:0x0]);
				_t33 =  *0x414f64; // 0x48591883
				_push(_t33 ^ _t70);
				 *[fs:0x0] =  &_v16;
				E003463E6( &_v36, 0);
				_v8 = 0;
				_v20 =  *0x422548;
				_v32 = E00168B70(0x421a40);
				_v24 = E00168BC0(_a4, _v32);
				if(_v24 == 0) {
					__eflags = _v20;
					if(_v20 == 0) {
						__eflags = E001692D0(__ebx, __edi,  &_v20, _a4) - 0xffffffff;
						if(__eflags != 0) {
							_v24 = _v20;
							 *0x422548 = _v20;
							_v28 = _v20;
							 *((intOrPtr*)( *((intOrPtr*)( *_v28 + 4))))();
							E00346163(__eflags, _v28);
						} else {
							E001693F0( &_v52);
							E00349ADA( &_v52, 0x40957c);
						}
					} else {
						_v24 = _v20;
					}
				}
				_v40 = _v24;
				_v8 = 0xffffffff;
				E0034643E( &_v36);
				 *[fs:0x0] = _v16;
				return _v40;
			}














0x001694e3
0x001694e5
0x001694f0
0x001694f4
0x001694fb
0x001694ff
0x0016950a
0x0016950f
0x0016951b
0x00169528
0x00169537
0x0016953e
0x00169542
0x00169546
0x00169560
0x00169563
0x00169580
0x00169586
0x0016958f
0x0016959d
0x001695a3
0x00169565
0x00169568
0x00169576
0x00169576
0x00169548
0x0016954b
0x0016954b
0x00169546
0x001695ae
0x001695b1
0x001695bb
0x001695c6
0x001695d1

APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 0016950A
  • int.LIBCPMTD ref: 00169523
    • Part of subcall function 00168B70: std::_Lockit::_Lockit.LIBCPMT ref: 00168B86
    • Part of subcall function 00168B70: std::_Lockit::~_Lockit.LIBCPMT ref: 00168BB0
  • std::_Lockit::~_Lockit.LIBCPMT ref: 001695BB
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lockitstd::_$Lockit::_Lockit::~_
  • String ID:
  • API String ID: 593203224-0
  • Opcode ID: 50463bf277cdf2b29c4762b9a2d30bb094ce379d4b108e10d80eef2d84fe8b9b
  • Instruction ID: 462979152d88a4f842f69eb5b60ed12a7858b9e7233b7293f1b196259c2405aa
  • Opcode Fuzzy Hash: 50463bf277cdf2b29c4762b9a2d30bb094ce379d4b108e10d80eef2d84fe8b9b
  • Instruction Fuzzy Hash: 07314BB5E00209DFCB15DF98DD81AEEB7B4FF48310F10462AE816A7390DB34AA41CB95
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 61%
			E00198100(void* __eflags, void* _a4, void* _a8) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v152;
				char _v156;
				signed int _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				char _v172;
				signed int _t35;
				signed int _t36;
				signed int _t69;
				void* _t73;

				_t73 = __eflags;
				_t35 =  *0x414f64; // 0x48591883
				_t36 = _t35 ^ _t69;
				_v20 = _t36;
				 *[fs:0x0] =  &_v16;
				_v160 = 0;
				_v8 = 0;
				E00169F60( &_v156);
				_v8 = 1;
				_v164 = E001982F0(_t73,  &_v172, E00169DB0());
				_v168 = _v164;
				_v8 = 2;
				E00169960( &_v156, _v168);
				_v8 = 1;
				E0016A0B0( &_v172);
				__imp__??0CDuiString@DuiLib@@QAE@XZ(_t36,  *[fs:0x0], 0x37547a, 0xffffffff);
				_v8 = 3;
				__imp__??4CDuiString@DuiLib@@QAEABV01@PB_W@Z(E0015E800( &_v156));
				__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
				_v160 = _v160 | 0x00000001;
				_v8 = 1;
				__imp__??1CDuiString@DuiLib@@QAE@XZ();
				_v8 = 0;
				E0016A0B0( &_v156);
				_v8 = 0xffffffff;
				E0015FA10();
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t69,  &_v152);
			}
















0x00198100
0x00198117
0x0019811c
0x0019811e
0x00198125
0x0019812b
0x00198135
0x00198142
0x00198147
0x00198163
0x0019816f
0x00198175
0x00198186
0x0019818b
0x00198195
0x001981a0
0x001981a6
0x001981bc
0x001981cc
0x001981db
0x001981e1
0x001981eb
0x001981f1
0x001981fb
0x00198200
0x0019820a
0x00198215
0x0019822a

APIs
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0019814E
    • Part of subcall function 00169DB0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00169DD9
    • Part of subcall function 001982F0: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,48591883), ref: 0019833C
    • Part of subcall function 001982F0: _DebugHeapAllocator.LIBCPMTD ref: 00198377
  • _DebugHeapAllocator.LIBCPMTD ref: 00198186
    • Part of subcall function 0016A0B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 0016A0BA
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB(?,?,48591883), ref: 001981A0
  • ??4CDuiString@DuiLib@@QAEABV01@PB_W@Z.DUILIB(00000000,?,48591883), ref: 001981BC
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?,?,48591883), ref: 001981CC
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB(?,48591883), ref: 001981EB
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueWork$ByteCharContainer_base12Container_base12::~_MultiV01@V01@@Widestd::_
  • String ID:
  • API String ID: 2897124976-0
  • Opcode ID: 7ad9c282f63e9f274651e07320be2756e3dad76003a6ddeced6048d25b364ae3
  • Instruction ID: 7658d8c4ff9c4642790751e46b3a8e8a8d94cff5c0582fe36d05b090826b1d79
  • Opcode Fuzzy Hash: 7ad9c282f63e9f274651e07320be2756e3dad76003a6ddeced6048d25b364ae3
  • Instruction Fuzzy Hash: A0312370904258DFDB15DF64CD55BEDBBB8AF15300F0081E9E44AA7292DB702B88CF52
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 23%
			E001600F0(intOrPtr __ecx, void* __edx, char _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v152;
				char _v156;
				intOrPtr _v160;
				intOrPtr _v164;
				char* _v168;
				signed int _t30;
				signed int _t31;
				intOrPtr _t33;
				void* _t36;
				intOrPtr _t56;
				signed int _t59;
				void* _t60;
				intOrPtr _t61;

				_t61 = _t60 - 0x98;
				_t30 =  *0x414f64; // 0x48591883
				_t31 = _t30 ^ _t59;
				_v20 = _t31;
				 *[fs:0x0] =  &_v16;
				_v160 = __ecx;
				_v8 = 0;
				__imp__??0CDuiString@DuiLib@@QAE@XZ(_t31,  *[fs:0x0], 0x371984, 0xffffffff);
				_v8 = 1;
				_t33 = _v160;
				_t62 =  *((intOrPtr*)(_t33 + 0x8c0));
				if( *((intOrPtr*)(_t33 + 0x8c0)) != 0) {
					_v156 = 0;
					while(1) {
						_t36 = E00163230( &_a4, _t62);
						_t63 = _v156 - _t36;
						if(_v156 >= _t36) {
							break;
						}
						__imp__??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z(E001631F0( &_a4, _v156));
						_t61 = _t61 - 0x84;
						_v164 = _t61;
						__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
						_v168 =  &_v152;
						L00160300(_v160, _t63,  &_v152);
						_t56 = _v156 + 1;
						_t62 = _t56;
						_v156 = _t56;
					}
					__imp__?SelectItem1@CComboUI@DuiLib@@QAE_NH_N0@Z(0xffffffff, 0, 0);
				}
				_v8 = 0;
				__imp__??1CDuiString@DuiLib@@QAE@XZ();
				_v8 = 0xffffffff;
				E001634E0();
				 *[fs:0x0] = _v16;
				__eflags = _v20 ^ _t59;
				return E00344CC8(_v20 ^ _t59);
			}



















0x00160101
0x00160107
0x0016010c
0x0016010e
0x00160115
0x0016011b
0x00160121
0x0016012e
0x00160134
0x00160138
0x0016013e
0x00160145
0x0016014b
0x00160166
0x00160169
0x0016016e
0x00160174
0x00000000
0x00000000
0x0016018c
0x00160192
0x0016019a
0x001601a7
0x001601ad
0x001601b9
0x0016015d
0x0016015d
0x00160160
0x00160160
0x001601d2
0x001601d2
0x001601d8
0x001601e2
0x001601e8
0x001601f2
0x001601fa
0x00160205
0x0016020f

APIs
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB(48591883), ref: 0016012E
  • ??4CDuiString@DuiLib@@QAEABV01@ABV01@@Z.DUILIB(00000000,00000000), ref: 0016018C
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?), ref: 001601A7
  • ?SelectItem1@CComboUI@DuiLib@@QAE_NH_N0@Z.DUILIB(000000FF,00000000,00000000), ref: 001601D2
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 001601E2
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 001601F2
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$V01@@$ComboContainer_base12Container_base12::~_Item1@SelectV01@std::_
  • String ID:
  • API String ID: 4148652981-0
  • Opcode ID: 99ab27cc53953961c4d260a57ee0ffd81126cf15c72848444f16a72ac77dbde1
  • Instruction ID: 38b0c31d4519eec4c89c2aacdda2c7b323caaf9cb339ce7576425256bd52615f
  • Opcode Fuzzy Hash: 99ab27cc53953961c4d260a57ee0ffd81126cf15c72848444f16a72ac77dbde1
  • Instruction Fuzzy Hash: F3313870900218DBDB25DF24CC59BEEB7B5FB09310F1082EAE81A67291DB346A84CF50
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 80%
			E002112B0(void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				void* _v20;
				char _v24;
				char _v36;
				signed int _t15;
				void* _t40;
				intOrPtr* _t43;
				signed int _t45;

				_push(0xffffffff);
				_push(0x37b3b8);
				_push( *[fs:0x0]);
				_t15 =  *0x414f64; // 0x48591883
				_push(_t15 ^ _t45);
				 *[fs:0x0] =  &_v16;
				E003463E6( &_v24, 0);
				_v8 = 0;
				_t40 =  *0x42758c;
				_v20 = _t40;
				_t43 = E00168BC0(_a4, E00168B70(0x429c60));
				if(_t43 == 0) {
					if(_t40 == 0) {
						__eflags = E00211780( &_v20, _a4) - 0xffffffff;
						if(__eflags == 0) {
							E001693F0( &_v36);
							E00349ADA( &_v36, 0x40957c);
						}
						_t43 = _v20;
						 *0x42758c = _t43;
						 *((intOrPtr*)( *_t43 + 4))();
						E00346163(__eflags, _t43);
					} else {
						_t43 = _t40;
					}
				}
				E0034643E( &_v24);
				 *[fs:0x0] = _v16;
				return _t43;
			}












0x002112b3
0x002112b5
0x002112c0
0x002112c6
0x002112cd
0x002112d1
0x002112dc
0x002112e1
0x002112ed
0x002112f3
0x00211304
0x00211308
0x0021130c
0x00211321
0x00211324
0x00211329
0x00211337
0x00211337
0x0021133c
0x00211341
0x00211349
0x0021134d
0x0021130e
0x0021130e
0x0021130e
0x0021130c
0x00211358
0x00211362
0x0021136f

APIs
  • std::_Lockit::_Lockit.LIBCPMT ref: 002112DC
  • int.LIBCPMTD ref: 002112F6
    • Part of subcall function 00168B70: std::_Lockit::_Lockit.LIBCPMT ref: 00168B86
    • Part of subcall function 00168B70: std::_Lockit::~_Lockit.LIBCPMT ref: 00168BB0
  • std::bad_alloc::bad_alloc.LIBCMTD ref: 00211329
  • __CxxThrowException@8.LIBVCRUNTIME ref: 00211337
  • std::_Facet_Register.LIBCPMT ref: 0021134D
  • std::_Lockit::~_Lockit.LIBCPMT ref: 00211358
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrowstd::bad_alloc::bad_alloc
  • String ID:
  • API String ID: 2796190273-0
  • Opcode ID: d58a9954b6abac1349294ff3211ae1fdf567c5699c80106e090dc7b8bc31d527
  • Instruction ID: fba596ee14d2bc524d787d51e7939c61562cd76904e2fca50c3046a52bfc1df9
  • Opcode Fuzzy Hash: d58a9954b6abac1349294ff3211ae1fdf567c5699c80106e090dc7b8bc31d527
  • Instruction Fuzzy Hash: BE110672D001189BCB11EF54DC42BEEB3B8EB54710F00026AF911AB390DB74AD10CBD0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 69%
			E0036098D(void* __ebx, void* __ecx, void* __edx) {
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				void* _t3;
				void* _t4;
				intOrPtr _t9;
				void* _t11;
				void* _t20;
				void* _t21;
				void* _t23;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t31;
				void* _t32;
				long _t36;
				long _t37;
				void* _t40;

				_t29 = __edx;
				_t23 = __ecx;
				_t20 = __ebx;
				_t36 = GetLastError();
				_t2 =  *0x415140; // 0xffffffff
				_t42 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t3 = E0035FA1C(_t23, 1, 0x364);
					_t31 = _t3;
					_pop(_t25);
					if(_t31 != 0) {
						_t4 = E00360F5B(_t25, _t36, __eflags,  *0x415140, _t31);
						__eflags = _t4;
						if(_t4 != 0) {
							E003607FF(_t25, _t31, 0x422144);
							E00360415(0);
							_t40 = _t40 + 0xc;
							__eflags = _t31;
							if(_t31 == 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t31);
							goto L4;
						}
					} else {
						_push(_t3);
						L4:
						E00360415();
						_pop(_t25);
						L9:
						SetLastError(_t36);
						E0035A058(_t20, _t29, _t31, _t36);
						asm("int3");
						_push(_t20);
						_push(_t36);
						_push(_t31);
						_t37 = GetLastError();
						_t21 = 0;
						_t9 =  *0x415140; // 0xffffffff
						_t45 = _t9 - 0xffffffff;
						if(_t9 == 0xffffffff) {
							L12:
							_t32 = E0035FA1C(_t25, 1, 0x364);
							_pop(_t27);
							if(_t32 != 0) {
								_t11 = E00360F5B(_t27, _t37, __eflags,  *0x415140, _t32);
								__eflags = _t11;
								if(_t11 != 0) {
									E003607FF(_t27, _t32, 0x422144);
									E00360415(_t21);
									__eflags = _t32;
									if(_t32 != 0) {
										goto L19;
									} else {
										goto L18;
									}
								} else {
									_push(_t32);
									goto L14;
								}
							} else {
								_push(_t21);
								L14:
								E00360415();
								L18:
								SetLastError(_t37);
							}
						} else {
							_t32 = E00360F05(_t25, _t37, _t45, _t9);
							if(_t32 != 0) {
								L19:
								SetLastError(_t37);
								_t21 = _t32;
							} else {
								goto L12;
							}
						}
						return _t21;
					}
				} else {
					_t31 = E00360F05(_t23, _t36, _t42, _t2);
					if(_t31 != 0) {
						L8:
						SetLastError(_t36);
						return _t31;
					} else {
						goto L2;
					}
				}
			}





















0x0036098d
0x0036098d
0x0036098d
0x00360997
0x00360999
0x0036099e
0x003609a1
0x003609af
0x003609b6
0x003609bb
0x003609be
0x003609c1
0x003609d3
0x003609d8
0x003609da
0x003609e5
0x003609ec
0x003609f1
0x003609f4
0x003609f6
0x00000000
0x00000000
0x00000000
0x00000000
0x003609dc
0x003609dc
0x00000000
0x003609dc
0x003609c3
0x003609c3
0x003609c4
0x003609c4
0x003609c9
0x00360a04
0x00360a05
0x00360a0b
0x00360a10
0x00360a13
0x00360a14
0x00360a15
0x00360a1c
0x00360a1e
0x00360a20
0x00360a25
0x00360a28
0x00360a36
0x00360a42
0x00360a45
0x00360a48
0x00360a5a
0x00360a5f
0x00360a61
0x00360a6c
0x00360a72
0x00360a7a
0x00360a7c
0x00000000
0x00000000
0x00000000
0x00000000
0x00360a63
0x00360a63
0x00000000
0x00360a63
0x00360a4a
0x00360a4a
0x00360a4b
0x00360a4b
0x00360a7e
0x00360a7f
0x00360a7f
0x00360a2a
0x00360a30
0x00360a34
0x00360a87
0x00360a88
0x00360a8e
0x00000000
0x00000000
0x00000000
0x00360a34
0x00360a95
0x00360a95
0x003609a3
0x003609a9
0x003609ad
0x003609f8
0x003609f9
0x00360a03
0x00000000
0x00000000
0x00000000
0x003609ad

APIs
  • GetLastError.KERNEL32(?,00000000,0034D338,00000000,?,?,00367A5E,?,00000020,?,?,?,0035D143,?,UTF-8,00000005), ref: 00360991
  • _free.LIBCMT ref: 003609C4
  • _free.LIBCMT ref: 003609EC
  • SetLastError.KERNEL32(00000000,00000020,?,?,?,0035D143,?,UTF-8,00000005,?,0019E626,00000000,00356348,?,?,0019E626), ref: 003609F9
  • SetLastError.KERNEL32(00000000,00000020,?,?,?,0035D143,?,UTF-8,00000005,?,0019E626,00000000,00356348,?,?,0019E626), ref: 00360A05
  • _abort.LIBCMT ref: 00360A0B
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast$_free$_abort
  • String ID:
  • API String ID: 3160817290-0
  • Opcode ID: 134204720e30da9caac79dfb63daeb87aa4a76731da5c5d20846c6e708dc454f
  • Instruction ID: 6cb314359d384edaeca80a82e7b451a09b26ea79ef0d32bb914380628130fc20
  • Opcode Fuzzy Hash: 134204720e30da9caac79dfb63daeb87aa4a76731da5c5d20846c6e708dc454f
  • Instruction Fuzzy Hash: 8EF02832580A007AD61F3765EC07FBB256A9FC17B5F26C025F814EB1EAEF7088018611
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156F83
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156F92
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156FA1
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156FB0
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156FBF
  • ??1CHorizontalLayoutUI@DuiLib@@UAE@XZ.DUILIB ref: 00156FC8
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$HorizontalLayout
  • String ID:
  • API String ID: 1489182624-0
  • Opcode ID: 64ab1d3dddc497287226d6797505752d5aa5a8f6a7455d4fcb319d5f5ab6a500
  • Instruction ID: 3d699125ca35a3b0a77952fdd2037755af91d852f30a290b41dfa58135417d55
  • Opcode Fuzzy Hash: 64ab1d3dddc497287226d6797505752d5aa5a8f6a7455d4fcb319d5f5ab6a500
  • Instruction Fuzzy Hash: 9F01E438604209DBDB09DF84D96CBACB776FF49305F2841AAD80653391CB352F10DB55
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?Invalidate@CListContainerElementUI@DuiLib@@QAEXXZ.DUILIB ref: 0015621E
  • ?Invalidate@CListContainerElementUI@DuiLib@@QAEXXZ.DUILIB ref: 0015625C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ContainerElementInvalidate@Lib@@List
  • String ID: menu
  • API String ID: 2425070325-2097494675
  • Opcode ID: 64102def7dfee238db9296a5147515f530068563f9b8a08ce95615a06e23fa2d
  • Instruction ID: 092b508fe3c7adfa06698727ccfbf42e542cdfc4c359c6c9273ec1209f7d8221
  • Opcode Fuzzy Hash: 64102def7dfee238db9296a5147515f530068563f9b8a08ce95615a06e23fa2d
  • Instruction Fuzzy Hash: 4B311C34600104EFCB08CF94D994AADB7B1FF89301F6482A8E84A9F355CB30EE41DB80
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(click,000000FF,48591883), ref: 00153281
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D8238,000000FF), ref: 0015329A
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D823C,000000FF), ref: 001532FB
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003D8240,000000FF), ref: 00153311
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$__onexit
  • String ID: click
  • API String ID: 2284767783-3136733728
  • Opcode ID: d87b4244b56a4b5a8482c241ffcbcb2fda46ddc648c6a11a0fa70a0c9e2b3f50
  • Instruction ID: ccf0a7ace77800425e08f936ae18ae942d08b18f464d8d1e08e4edf8c2ca32b1
  • Opcode Fuzzy Hash: d87b4244b56a4b5a8482c241ffcbcb2fda46ddc648c6a11a0fa70a0c9e2b3f50
  • Instruction Fuzzy Hash: 27310CB0A057099BCB14CF94ED58B9DBBB0FB49320F60836EE421673D0DB7919458F98
Uniqueness

Uniqueness Score: -1.00%

APIs
  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00359D19,00000000,?,00359CB9,00000000,00409048,0000000C,00359E10,00000000,00000002), ref: 00359D88
  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00359D9B
  • FreeLibrary.KERNEL32(00000000,?,?,?,00359D19,00000000,?,00359CB9,00000000,00409048,0000000C,00359E10,00000000,00000002), ref: 00359DBE
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: AddressFreeHandleLibraryModuleProc
  • String ID: CorExitProcess$mscoree.dll
  • API String ID: 4061214504-1276376045
  • Opcode ID: 5a31eaf2681418bd029fac292aa49d767222b945960804393fc535b628285eed
  • Instruction ID: 48a34562e5cfc8420b0a69a2543fde1e73357ff24b2b556e27ea35c9d9729689
  • Opcode Fuzzy Hash: 5a31eaf2681418bd029fac292aa49d767222b945960804393fc535b628285eed
  • Instruction Fuzzy Hash: 89F0AF30A00608BBCB139B90DC49BEDBBB9EB48716F0540A6FC05A2260DB709D40CB90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 96%
			E0035A62C(void* __ebx, void* __edx, void* __edi, void* __esi, char* _a4, short* _a8, int _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				int _v20;
				int _v24;
				char* _v28;
				int _v32;
				char _v36;
				intOrPtr _v44;
				char _v48;
				signed int _t59;
				char* _t61;
				intOrPtr _t63;
				int _t64;
				intOrPtr* _t65;
				signed int _t68;
				intOrPtr* _t71;
				short* _t73;
				int _t74;
				int _t76;
				char _t78;
				short* _t83;
				short _t85;
				int _t91;
				int _t93;
				char* _t98;
				int _t103;
				char* _t105;
				void* _t106;
				intOrPtr _t108;
				intOrPtr _t109;
				int _t110;
				short* _t113;
				int _t114;
				int _t116;
				signed int _t117;

				_t106 = __edx;
				_t59 =  *0x414f64; // 0x48591883
				_v8 = _t59 ^ _t117;
				_t61 = _a4;
				_t91 = _a12;
				_t116 = 0;
				_v28 = _t61;
				_v20 = 0;
				_t113 = _a8;
				_v24 = _t113;
				if(_t61 == 0 || _t91 != 0) {
					if(_t113 != 0) {
						E0034D2FA(_t91,  &_v48, _t106, _a16);
						_t98 = _v28;
						if(_t98 == 0) {
							_t63 = _v44;
							if( *((intOrPtr*)(_t63 + 0xa8)) != _t116) {
								_t64 = WideCharToMultiByte( *(_t63 + 8), _t116, _t113, 0xffffffff, _t116, _t116, _t116,  &_v20);
								if(_t64 == 0 || _v20 != _t116) {
									L55:
									_t65 = E0035013D();
									_t114 = _t113 | 0xffffffff;
									 *_t65 = 0x2a;
									goto L56;
								} else {
									_t53 = _t64 - 1; // -1
									_t114 = _t53;
									L56:
									if(_v36 != 0) {
										 *(_v48 + 0x350) =  *(_v48 + 0x350) & 0xfffffffd;
									}
									goto L59;
								}
							}
							_t68 =  *_t113 & 0x0000ffff;
							if(_t68 == 0) {
								L51:
								_t114 = _t116;
								goto L56;
							}
							while(_t68 <= 0xff) {
								_t113 =  &(_t113[1]);
								_t116 = _t116 + 1;
								_t68 =  *_t113 & 0x0000ffff;
								if(_t68 != 0) {
									continue;
								}
								goto L51;
							}
							goto L55;
						}
						_t108 = _v44;
						if( *((intOrPtr*)(_t108 + 0xa8)) != _t116) {
							if( *((intOrPtr*)(_t108 + 4)) != 1) {
								_t114 = WideCharToMultiByte( *(_t108 + 8), _t116, _t113, 0xffffffff, _t98, _t91, _t116,  &_v20);
								if(_t114 == 0) {
									if(_v20 != _t116 || GetLastError() != 0x7a) {
										L45:
										_t71 = E0035013D();
										_t116 = _t116 | 0xffffffff;
										 *_t71 = 0x2a;
										goto L51;
									} else {
										if(_t91 == 0) {
											goto L56;
										}
										_t73 = _v24;
										while(1) {
											_t109 = _v44;
											_t103 =  *(_t109 + 4);
											if(_t103 > 5) {
												_t103 = 5;
											}
											_t74 = WideCharToMultiByte( *(_t109 + 8), _t116, _t73, 1,  &_v16, _t103, _t116,  &_v20);
											_t93 = _a12;
											_t110 = _t74;
											if(_t110 == 0 || _v20 != _t116 || _t110 < 0 || _t110 > 5) {
												goto L55;
											}
											if(_t110 + _t114 > _t93) {
												goto L56;
											}
											_t76 = _t116;
											_v32 = _t76;
											if(_t110 <= 0) {
												L43:
												_t73 = _v24 + 2;
												_v24 = _t73;
												if(_t114 < _t93) {
													continue;
												}
												goto L56;
											}
											_t105 = _v28;
											while(1) {
												_t78 =  *((intOrPtr*)(_t117 + _t76 - 0xc));
												 *((char*)(_t105 + _t114)) = _t78;
												if(_t78 == 0) {
													goto L56;
												}
												_t76 = _v32 + 1;
												_t114 = _t114 + 1;
												_v32 = _t76;
												if(_t76 < _t110) {
													continue;
												}
												goto L43;
											}
											goto L56;
										}
										goto L55;
									}
								}
								if(_v20 != _t116) {
									goto L45;
								}
								_t28 = _t114 - 1; // -1
								_t116 = _t28;
								goto L51;
							}
							if(_t91 == 0) {
								L21:
								_t116 = WideCharToMultiByte( *(_t108 + 8), _t116, _t113, _t91, _t98, _t91, _t116,  &_v20);
								if(_t116 == 0 || _v20 != 0) {
									goto L45;
								} else {
									if(_v28[_t116 - 1] == 0) {
										_t116 = _t116 - 1;
									}
									goto L51;
								}
							}
							_t83 = _t113;
							_v24 = _t91;
							while( *_t83 != _t116) {
								_t83 =  &(_t83[1]);
								_t16 =  &_v24;
								 *_t16 = _v24 - 1;
								if( *_t16 != 0) {
									continue;
								}
								break;
							}
							if(_v24 != _t116 &&  *_t83 == _t116) {
								_t91 = (_t83 - _t113 >> 1) + 1;
							}
							goto L21;
						}
						if(_t91 == 0) {
							goto L51;
						}
						while( *_t113 <= 0xff) {
							_t98[_t116] =  *_t113;
							_t85 =  *_t113;
							_t113 =  &(_t113[1]);
							if(_t85 == 0) {
								goto L51;
							}
							_t116 = _t116 + 1;
							if(_t116 < _t91) {
								continue;
							}
							goto L51;
						}
						goto L45;
					}
					 *((intOrPtr*)(E0035013D())) = 0x16;
					E0034D667();
					goto L59;
				} else {
					L59:
					return E00344CC8(_v8 ^ _t117);
				}
			}






































0x0035a62c
0x0035a634
0x0035a63b
0x0035a63e
0x0035a642
0x0035a646
0x0035a648
0x0035a64b
0x0035a64f
0x0035a652
0x0035a657
0x0035a666
0x0035a686
0x0035a68b
0x0035a690
0x0035a82d
0x0035a836
0x0035a868
0x0035a870
0x0035a87c
0x0035a87c
0x0035a881
0x0035a884
0x00000000
0x0035a877
0x0035a877
0x0035a877
0x0035a88a
0x0035a88e
0x0035a893
0x0035a893
0x00000000
0x0035a89a
0x0035a870
0x0035a838
0x0035a83e
0x0035a856
0x0035a856
0x00000000
0x0035a856
0x0035a845
0x0035a84a
0x0035a84d
0x0035a84e
0x0035a854
0x00000000
0x00000000
0x00000000
0x0035a854
0x00000000
0x0035a845
0x0035a696
0x0035a69f
0x0035a6d9
0x0035a752
0x0035a756
0x0035a76c
0x0035a81d
0x0035a81d
0x0035a822
0x0035a825
0x00000000
0x0035a781
0x0035a783
0x00000000
0x00000000
0x0035a789
0x0035a78c
0x0035a78c
0x0035a78f
0x0035a795
0x0035a799
0x0035a799
0x0035a7ab
0x0035a7b1
0x0035a7b4
0x0035a7b8
0x00000000
0x00000000
0x0035a7dd
0x00000000
0x00000000
0x0035a7e3
0x0035a7e5
0x0035a7ea
0x0035a80a
0x0035a80d
0x0035a810
0x0035a815
0x00000000
0x00000000
0x00000000
0x0035a81b
0x0035a7ec
0x0035a7ef
0x0035a7ef
0x0035a7f3
0x0035a7f8
0x00000000
0x00000000
0x0035a801
0x0035a802
0x0035a803
0x0035a808
0x00000000
0x00000000
0x00000000
0x0035a808
0x00000000
0x0035a7ef
0x00000000
0x0035a78c
0x0035a76c
0x0035a75b
0x00000000
0x00000000
0x0035a761
0x0035a761
0x00000000
0x0035a761
0x0035a6dd
0x0035a703
0x0035a716
0x0035a71a
0x00000000
0x0035a72a
0x0035a732
0x0035a738
0x0035a738
0x00000000
0x0035a732
0x0035a71a
0x0035a6df
0x0035a6e1
0x0035a6e4
0x0035a6e9
0x0035a6ec
0x0035a6ec
0x0035a6f0
0x00000000
0x00000000
0x00000000
0x0035a6f0
0x0035a6f5
0x0035a702
0x0035a702
0x00000000
0x0035a6f5
0x0035a6a3
0x00000000
0x00000000
0x0035a6ae
0x0035a6b9
0x0035a6bc
0x0035a6bf
0x0035a6c5
0x00000000
0x00000000
0x0035a6cb
0x0035a6ce
0x00000000
0x00000000
0x00000000
0x0035a6d0
0x00000000
0x0035a6ae
0x0035a66d
0x0035a673
0x00000000
0x0035a65d
0x0035a89c
0x0035a8ac
0x0035a8ac

Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: d29afd0dd371e596f40ddcceb4d28c683008983cb22571422a5ac8df7eecf48c
  • Instruction ID: 656093f94327b79c7a446886defe07c9c8e40599e260192ce21e534092757e30
  • Opcode Fuzzy Hash: d29afd0dd371e596f40ddcceb4d28c683008983cb22571422a5ac8df7eecf48c
  • Instruction Fuzzy Hash: 2671B231900A169BCF238F94C844EBEBF79EF45352F1A4369EC11571A0D7709D4AEBA2
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 73%
			E0035EB87(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _v56;
				char _v276;
				short _v278;
				short _v280;
				char _v448;
				signed int _v452;
				signed int _v456;
				short _v458;
				intOrPtr _v460;
				intOrPtr _v464;
				signed int _v468;
				signed int _v472;
				intOrPtr _v508;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				signed int _v556;
				char _v708;
				signed int _v712;
				signed int _v716;
				short _v718;
				signed int* _v720;
				signed int _v724;
				signed int _v728;
				signed int _v732;
				signed int* _v736;
				signed int _v740;
				signed int _v744;
				signed int _v748;
				signed int _v752;
				char _v820;
				char _v1248;
				char _v1256;
				intOrPtr _v1276;
				signed int _v1292;
				signed int _t241;
				void* _t244;
				signed int _t247;
				signed int _t249;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t261;
				signed int _t263;
				void* _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t270;
				signed int _t273;
				signed int _t280;
				signed int _t281;
				signed int _t282;
				intOrPtr _t283;
				signed int _t286;
				signed int _t290;
				signed int _t291;
				signed int _t296;
				signed int _t297;
				signed int _t299;
				signed int _t319;
				signed int _t320;
				signed int _t323;
				signed int _t328;
				void* _t330;
				signed int _t332;
				void* _t333;
				intOrPtr _t334;
				signed int _t339;
				signed int _t340;
				intOrPtr* _t343;
				signed int _t357;
				signed int _t359;
				signed int _t361;
				intOrPtr* _t362;
				signed int _t364;
				signed int _t370;
				intOrPtr* _t374;
				intOrPtr* _t377;
				void* _t380;
				intOrPtr* _t381;
				intOrPtr* _t382;
				signed int _t393;
				signed int _t396;
				intOrPtr* _t397;
				signed int _t399;
				signed int* _t403;
				intOrPtr* _t410;
				intOrPtr* _t411;
				intOrPtr _t420;
				signed int _t421;
				short _t422;
				void* _t424;
				signed int _t425;
				signed int _t427;
				intOrPtr _t428;
				signed int _t431;
				intOrPtr _t432;
				signed int _t434;
				signed int _t437;
				intOrPtr _t443;
				signed int _t444;
				signed int _t446;
				signed int _t447;
				signed int _t450;
				signed int _t452;
				signed int _t456;
				signed int* _t457;
				intOrPtr* _t458;
				short _t459;
				void* _t461;
				signed int _t463;
				signed int _t465;
				void* _t467;
				void* _t468;
				void* _t470;
				signed int _t471;
				void* _t472;
				void* _t474;
				signed int _t475;
				void* _t477;
				void* _t479;
				intOrPtr _t491;

				_t420 = __edx;
				_t461 = _t467;
				_t468 = _t467 - 0xc;
				_push(__ebx);
				_push(__esi);
				_v12 = 1;
				_t357 = E003600B9(__ecx, 0x6a6);
				_t240 = 0;
				_pop(_t370);
				if(_t357 == 0) {
					L20:
					return _t240;
				} else {
					_push(__edi);
					_t2 = _t357 + 4; // 0x4
					_t427 = _t2;
					 *_t427 = 0;
					 *_t357 = 1;
					_t443 = _a4;
					_t4 = _t443 + 0x30; // 0x35e386
					_t241 = _t4;
					_push( *_t241);
					_v16 = _t241;
					_push(0x3ba840);
					_push( *0x3ba6fc);
					E0035EAC6(_t357, _t370, _t427, _t443, _t427, 0x351, 3);
					_t470 = _t468 + 0x18;
					_v8 = 0x3ba6fc;
					while(1) {
						L2:
						_t244 = E00359E63(_t427, 0x351, ";");
						_t471 = _t470 + 0xc;
						if(_t244 != 0) {
							break;
						} else {
							_t8 = _v16 + 0x10; // 0x10
							_t410 = _t8;
							_t339 =  *_v16;
							_v16 = _t410;
							_t411 =  *_t410;
							goto L4;
						}
						while(1) {
							L4:
							_t420 =  *_t339;
							if(_t420 !=  *_t411) {
								break;
							}
							if(_t420 == 0) {
								L8:
								_t340 = 0;
							} else {
								_t420 =  *((intOrPtr*)(_t339 + 2));
								if(_t420 !=  *((intOrPtr*)(_t411 + 2))) {
									break;
								} else {
									_t339 = _t339 + 4;
									_t411 = _t411 + 4;
									if(_t420 != 0) {
										continue;
									} else {
										goto L8;
									}
								}
							}
							L10:
							asm("sbb eax, eax");
							_t370 = _v8 + 0xc;
							_v8 = _t370;
							_v12 = _v12 &  !( ~_t340);
							_t343 = _v16;
							_v16 = _t343;
							_push( *_t343);
							_push(0x3ba840);
							_push( *_t370);
							E0035EAC6(_t357, _t370, _t427, _t443, _t427, 0x351, 3);
							_t470 = _t471 + 0x18;
							if(_v8 < 0x3ba72c) {
								goto L2;
							} else {
								if(_v12 != 0) {
									E00360415(_t357);
									_t31 = _t443 + 0x28; // 0x30ff068b
									_t434 = _t427 | 0xffffffff;
									__eflags =  *_t31;
									if(__eflags != 0) {
										asm("lock xadd [ecx], eax");
										if(__eflags == 0) {
											_t32 = _t443 + 0x28; // 0x30ff068b
											E00360415( *_t32);
										}
									}
									_t33 = _t443 + 0x24; // 0x30ff0c46
									__eflags =  *_t33;
									if( *_t33 != 0) {
										asm("lock xadd [eax], edi");
										__eflags = _t434 == 1;
										if(_t434 == 1) {
											_t34 = _t443 + 0x24; // 0x30ff0c46
											E00360415( *_t34);
										}
									}
									 *(_t443 + 0x24) = 0;
									 *(_t443 + 0x1c) = 0;
									 *(_t443 + 0x28) = 0;
									 *((intOrPtr*)(_t443 + 0x20)) = 0;
									_t39 = _t443 + 0x40; // 0x10468b00
									_t240 =  *_t39;
								} else {
									_t20 = _t443 + 0x28; // 0x30ff068b
									_t437 = _t427 | 0xffffffff;
									_t491 =  *_t20;
									if(_t491 != 0) {
										asm("lock xadd [ecx], eax");
										if(_t491 == 0) {
											_t21 = _t443 + 0x28; // 0x30ff068b
											E00360415( *_t21);
										}
									}
									_t22 = _t443 + 0x24; // 0x30ff0c46
									if( *_t22 != 0) {
										asm("lock xadd [eax], edi");
										if(_t437 == 1) {
											_t23 = _t443 + 0x24; // 0x30ff0c46
											E00360415( *_t23);
										}
									}
									 *(_t443 + 0x24) =  *(_t443 + 0x24) & 0x00000000;
									_t26 = _t357 + 4; // 0x4
									_t240 = _t26;
									 *(_t443 + 0x1c) =  *(_t443 + 0x1c) & 0x00000000;
									 *(_t443 + 0x28) = _t357;
									 *((intOrPtr*)(_t443 + 0x20)) = _t240;
								}
								goto L20;
							}
							goto L132;
						}
						asm("sbb eax, eax");
						_t340 = _t339 | 0x00000001;
						__eflags = _t340;
						goto L10;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0034D694();
					asm("int3");
					_push(_t461);
					_t463 = _t471;
					_t472 = _t471 - 0x1d0;
					_t247 =  *0x414f64; // 0x48591883
					_v56 = _t247 ^ _t463;
					_t249 = _v40;
					_push(_t357);
					_push(_t443);
					_t444 = _v36;
					_push(_t427);
					_t428 = _v44;
					_v508 = _t428;
					__eflags = _t249;
					if(_t249 == 0) {
						_v456 = 1;
						_v468 = 0;
						_t359 = 0;
						_v452 = 0;
						__eflags = _t444;
						if(__eflags == 0) {
							L80:
							E0035EB87(_t359, _t370, _t420, _t428, _t444, __eflags, _t428);
							goto L81;
						} else {
							__eflags =  *_t444 - 0x4c;
							if( *_t444 != 0x4c) {
								L59:
								_push(0);
								_t255 = E0035E74F(_t359, _t420, _t428, _t444, _t444,  &_v276, 0x83,  &_v448, 0x55);
								_t474 = _t472 + 0x18;
								__eflags = _t255;
								if(_t255 != 0) {
									_t370 = 0;
									__eflags = 0;
									_t76 = _t428 + 0x20; // 0x35e376
									_t421 = _t76;
									_t446 = 0;
									_v452 = _t421;
									do {
										__eflags = _t446;
										if(_t446 == 0) {
											L74:
											_t256 = _v456;
										} else {
											_t374 =  *_t421;
											_t257 =  &_v276;
											while(1) {
												__eflags =  *_t257 -  *_t374;
												_t428 = _v464;
												if( *_t257 !=  *_t374) {
													break;
												}
												__eflags =  *_t257;
												if( *_t257 == 0) {
													L67:
													_t370 = 0;
													_t258 = 0;
												} else {
													_t422 =  *((intOrPtr*)(_t257 + 2));
													__eflags = _t422 -  *((intOrPtr*)(_t374 + 2));
													_v458 = _t422;
													_t421 = _v452;
													if(_t422 !=  *((intOrPtr*)(_t374 + 2))) {
														break;
													} else {
														_t257 = _t257 + 4;
														_t374 = _t374 + 4;
														__eflags = _v458;
														if(_v458 != 0) {
															continue;
														} else {
															goto L67;
														}
													}
												}
												L69:
												__eflags = _t258;
												if(_t258 == 0) {
													_t359 = _t359 + 1;
													__eflags = _t359;
													goto L74;
												} else {
													_t259 =  &_v276;
													_push(_t259);
													_push(_t446);
													_push(_t428);
													L84();
													_t421 = _v452;
													_t474 = _t474 + 0xc;
													__eflags = _t259;
													if(_t259 == 0) {
														_t370 = 0;
														_t256 = 0;
														_v456 = 0;
													} else {
														_t359 = _t359 + 1;
														_t370 = 0;
														goto L74;
													}
												}
												goto L75;
											}
											asm("sbb eax, eax");
											_t258 = _t257 | 0x00000001;
											_t370 = 0;
											__eflags = 0;
											goto L69;
										}
										L75:
										_t446 = _t446 + 1;
										_t421 = _t421 + 0x10;
										_v452 = _t421;
										__eflags = _t446 - 5;
									} while (_t446 <= 5);
									__eflags = _t256;
									if(__eflags != 0) {
										goto L80;
									} else {
										__eflags = _t359;
										goto L78;
									}
								}
								goto L81;
							} else {
								__eflags =  *(_t444 + 2) - 0x43;
								if( *(_t444 + 2) != 0x43) {
									goto L59;
								} else {
									__eflags =  *((short*)(_t444 + 4)) - 0x5f;
									if( *((short*)(_t444 + 4)) != 0x5f) {
										goto L59;
									} else {
										while(1) {
											_t261 = E0035BB4B(_t444, 0x3ba838);
											_t361 = _t261;
											_v472 = _t361;
											_pop(_t376);
											__eflags = _t361;
											if(_t361 == 0) {
												break;
											}
											_t263 = _t261 - _t444;
											__eflags = _t263;
											_v456 = _t263 >> 1;
											if(_t263 == 0) {
												break;
											} else {
												_t265 = 0x3b;
												__eflags =  *_t361 - _t265;
												if( *_t361 == _t265) {
													break;
												} else {
													_t431 = _v456;
													_t362 = 0x3ba6fc;
													_v460 = 1;
													do {
														_t266 = E0035C047( *_t362, _t444, _t431);
														_t472 = _t472 + 0xc;
														__eflags = _t266;
														if(_t266 != 0) {
															goto L46;
														} else {
															_t377 =  *_t362;
															_t420 = _t377 + 2;
															do {
																_t334 =  *_t377;
																_t377 = _t377 + 2;
																__eflags = _t334 - _v468;
															} while (_t334 != _v468);
															_t376 = _t377 - _t420 >> 1;
															__eflags = _t431 - _t377 - _t420 >> 1;
															if(_t431 != _t377 - _t420 >> 1) {
																goto L46;
															}
														}
														break;
														L46:
														_v460 = _v460 + 1;
														_t362 = _t362 + 0xc;
														__eflags = _t362 - 0x3ba72c;
													} while (_t362 <= 0x3ba72c);
													_t359 = _v472 + 2;
													_t267 = E0035B081(_t376, _t359, ";");
													_t428 = _v464;
													_t447 = _t267;
													_pop(_t380);
													__eflags = _t447;
													if(_t447 != 0) {
														L49:
														__eflags = _v460 - 5;
														if(_v460 > 5) {
															_t268 = _v452;
															goto L55;
														} else {
															_push(_t447);
															_t270 = E0035AC4F(_t380,  &_v276, 0x83, _t359);
															_t475 = _t472 + 0x10;
															__eflags = _t270;
															if(_t270 != 0) {
																L83:
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																_push(0);
																E0034D694();
																asm("int3");
																_push(_t463);
																_t465 = _t475;
																_t273 =  *0x414f64; // 0x48591883
																_v556 = _t273 ^ _t465;
																_push(_t359);
																_t364 = _v540;
																_push(_t447);
																_push(_t428);
																_t432 = _v544;
																_v1292 = _t364;
																_v1276 = E0036098D(_t364, _t380, _t420) + 0x278;
																_push( &_v1256);
																_t280 = E0035E74F(_t364, _t420, _t432, _v536, _v536,  &_v820, 0x83,  &_v1248, 0x55);
																_t477 = _t475 - 0x2e4 + 0x18;
																__eflags = _t280;
																if(_t280 != 0) {
																	_t101 = _t364 + 2; // 0x6
																	_t450 = _t101 << 4;
																	__eflags = _t450;
																	_t281 =  &_v280;
																	_v724 = _t450;
																	_t381 =  *((intOrPtr*)(_t450 + _t432));
																	while(1) {
																		_v712 = _v712 & 0x00000000;
																		__eflags =  *_t281 -  *_t381;
																		_t452 = _v724;
																		if( *_t281 !=  *_t381) {
																			break;
																		}
																		__eflags =  *_t281;
																		if( *_t281 == 0) {
																			L93:
																			_t282 = _v712;
																		} else {
																			_t459 =  *((intOrPtr*)(_t281 + 2));
																			__eflags = _t459 -  *((intOrPtr*)(_t381 + 2));
																			_v718 = _t459;
																			_t452 = _v724;
																			if(_t459 !=  *((intOrPtr*)(_t381 + 2))) {
																				break;
																			} else {
																				_t281 = _t281 + 4;
																				_t381 = _t381 + 4;
																				__eflags = _v718;
																				if(_v718 != 0) {
																					continue;
																				} else {
																					goto L93;
																				}
																			}
																		}
																		L95:
																		__eflags = _t282;
																		if(_t282 != 0) {
																			_t382 =  &_v280;
																			_t424 = _t382 + 2;
																			do {
																				_t283 =  *_t382;
																				_t382 = _t382 + 2;
																				__eflags = _t283 - _v712;
																			} while (_t283 != _v712);
																			_v728 = (_t382 - _t424 >> 1) + 1;
																			_t286 = E003600B9(_t382 - _t424 >> 1, 4 + ((_t382 - _t424 >> 1) + 1) * 2);
																			_v740 = _t286;
																			__eflags = _t286;
																			if(_t286 == 0) {
																				goto L86;
																			} else {
																				_v732 =  *((intOrPtr*)(_t452 + _t432));
																				_t125 = _t364 * 4; // 0xb814
																				_v744 =  *((intOrPtr*)(_t432 + _t125 + 0xa0));
																				_t128 = _t432 + 8; // 0x8b56ff8b
																				_v748 =  *_t128;
																				_t391 =  &_v280;
																				_v720 = _t286 + 4;
																				_t290 = E00356EA6(_t286 + 4, _v728,  &_v280);
																				_t479 = _t477 + 0xc;
																				__eflags = _t290;
																				if(_t290 != 0) {
																					_t291 = _v712;
																					_push(_t291);
																					_push(_t291);
																					_push(_t291);
																					_push(_t291);
																					_push(_t291);
																					E0034D694();
																					asm("int3");
																					return  *0x421fe4;
																				} else {
																					__eflags = _v280 - 0x43;
																					 *((intOrPtr*)(_t452 + _t432)) = _v720;
																					if(_v280 != 0x43) {
																						L104:
																						_t296 = E0035E45C(_t364, _t391, _t432,  &_v708);
																						_t393 = _v712;
																						 *(_t432 + 0xa0 + _t364 * 4) = _t296;
																					} else {
																						__eflags = _v278;
																						if(_v278 != 0) {
																							goto L104;
																						} else {
																							_t393 = _v712;
																							 *(_t432 + 0xa0 + _t364 * 4) = _t393;
																						}
																					}
																					__eflags = _t364 - 2;
																					if(_t364 != 2) {
																						__eflags = _t364 - 1;
																						if(_t364 != 1) {
																							__eflags = _t364 - 5;
																							if(_t364 == 5) {
																								 *((intOrPtr*)(_t432 + 0x14)) = _v716;
																							}
																						} else {
																							 *((intOrPtr*)(_t432 + 0x10)) = _v716;
																						}
																					} else {
																						_t457 = _v736;
																						_t425 = _t393;
																						_t403 = _t457;
																						 *(_t432 + 8) = _v716;
																						_v720 = _t457;
																						_v728 = _t457[8];
																						_v716 = _t457[9];
																						while(1) {
																							_t154 = _t432 + 8; // 0x8b56ff8b
																							__eflags =  *_t154 -  *_t403;
																							if( *_t154 ==  *_t403) {
																								break;
																							}
																							_t458 = _v720;
																							_t425 = _t425 + 1;
																							_t328 =  *_t403;
																							 *_t458 = _v728;
																							_v716 = _t403[1];
																							_t403 = _t458 + 8;
																							 *((intOrPtr*)(_t458 + 4)) = _v716;
																							_t364 = _v752;
																							_t457 = _v736;
																							_v728 = _t328;
																							_v720 = _t403;
																							__eflags = _t425 - 5;
																							if(_t425 < 5) {
																								continue;
																							} else {
																							}
																							L112:
																							__eflags = _t425 - 5;
																							if(__eflags == 0) {
																								_t178 = _t432 + 8; // 0x8b56ff8b
																								_t319 = E003698A8(_t364, _t425, _t432, _t457, __eflags, _v712, 1, 0x3ba7b8, 0x7f,  &_v536,  *_t178, 1);
																								_t479 = _t479 + 0x1c;
																								__eflags = _t319;
																								_t320 = _v712;
																								if(_t319 == 0) {
																									_t457[1] = _t320;
																								} else {
																									do {
																										 *(_t465 + _t320 * 2 - 0x20c) =  *(_t465 + _t320 * 2 - 0x20c) & 0x000001ff;
																										_t320 = _t320 + 1;
																										__eflags = _t320 - 0x7f;
																									} while (_t320 < 0x7f);
																									_t323 = E0034A176( &_v536,  *0x415130, 0xfe);
																									_t479 = _t479 + 0xc;
																									__eflags = _t323;
																									_t457[1] = 0 | _t323 == 0x00000000;
																								}
																								_t193 = _t432 + 8; // 0x8b56ff8b
																								 *_t457 =  *_t193;
																							}
																							 *(_t432 + 0x18) = _t457[1];
																							goto L123;
																						}
																						__eflags = _t425;
																						if(_t425 != 0) {
																							 *_t457 =  *(_t457 + _t425 * 8);
																							_t457[1] =  *(_t457 + 4 + _t425 * 8);
																							 *(_t457 + _t425 * 8) = _v728;
																							 *(_t457 + 4 + _t425 * 8) = _v716;
																						}
																						goto L112;
																					}
																					L123:
																					_t297 = _t364 * 0xc;
																					_t200 = _t297 + 0x3ba6f8; // 0x265d4a
																					 *0x38a1c8(_t432);
																					_t299 =  *((intOrPtr*)( *_t200))();
																					_t396 = _v732;
																					__eflags = _t299;
																					if(_t299 == 0) {
																						__eflags = _t396 - 0x415208;
																						if(_t396 != 0x415208) {
																							_t456 = _t364 + _t364;
																							__eflags = _t456;
																							asm("lock xadd [eax], ecx");
																							if(_t456 != 0) {
																								goto L128;
																							} else {
																								_t218 = _t456 * 8; // 0x30ff068b
																								E00360415( *((intOrPtr*)(_t432 + _t218 + 0x28)));
																								_t221 = _t456 * 8; // 0x30ff0c46
																								E00360415( *((intOrPtr*)(_t432 + _t221 + 0x24)));
																								_t224 = _t364 * 4; // 0xb814
																								E00360415( *((intOrPtr*)(_t432 + _t224 + 0xa0)));
																								_t399 = _v712;
																								 *((intOrPtr*)(_v724 + _t432)) = _t399;
																								 *(_t432 + 0xa0 + _t364 * 4) = _t399;
																							}
																						}
																						_t397 = _v740;
																						 *_t397 = 1;
																						 *((intOrPtr*)(_t432 + 0x28 + (_t364 + _t364) * 8)) = _t397;
																					} else {
																						 *(_v724 + _t432) = _t396;
																						_t205 = _t364 * 4; // 0xb814
																						E00360415( *((intOrPtr*)(_t432 + _t205 + 0xa0)));
																						 *(_t432 + 0xa0 + _t364 * 4) = _v744;
																						E00360415(_v740);
																						 *(_t432 + 8) = _v748;
																						goto L86;
																					}
																					goto L87;
																				}
																			}
																		} else {
																			goto L87;
																		}
																		goto L132;
																	}
																	asm("sbb eax, eax");
																	_t282 = _t281 | 0x00000001;
																	__eflags = _t282;
																	goto L95;
																} else {
																	L86:
																	__eflags = 0;
																	L87:
																	__eflags = _v16 ^ _t465;
																	return E00344CC8(_v16 ^ _t465);
																}
															} else {
																_t330 = _t447 + _t447;
																__eflags = _t330 - 0x106;
																if(_t330 >= 0x106) {
																	E0034542E();
																	goto L83;
																} else {
																	 *((short*)(_t463 + _t330 - 0x10c)) = 0;
																	_t332 =  &_v276;
																	_push(_t332);
																	_push(_v460);
																	_push(_t428);
																	L84();
																	_t472 = _t475 + 0xc;
																	__eflags = _t332;
																	_t268 = _v452;
																	if(_t332 != 0) {
																		_t268 = _t268 + 1;
																		_v452 = _t268;
																	}
																	L55:
																	_t444 = _t359 + _t447 * 2;
																	_t370 = 0;
																	__eflags =  *_t444;
																	if( *_t444 == 0) {
																		L57:
																		__eflags = _t268;
																		L78:
																		if(__eflags != 0) {
																			goto L80;
																		} else {
																		}
																		goto L81;
																	} else {
																		_t444 = _t444 + 2;
																		__eflags =  *_t444;
																		if( *_t444 != 0) {
																			continue;
																		} else {
																			goto L57;
																		}
																	}
																}
															}
														}
													} else {
														_t333 = 0x3b;
														__eflags =  *_t359 - _t333;
														if( *_t359 != _t333) {
															break;
														} else {
															goto L49;
														}
													}
												}
											}
											goto L132;
										}
										goto L81;
									}
								}
							}
						}
					} else {
						__eflags = _t444;
						if(_t444 != 0) {
							_push(_t444);
							_push(_t249);
							_push(_t428);
							L84();
						}
						L81:
						__eflags = _v12 ^ _t463;
						return E00344CC8(_v12 ^ _t463);
					}
				}
				L132:
			}






































































































































0x0035eb87
0x0035eb8a
0x0035eb8c
0x0035eb8f
0x0035eb90
0x0035eb99
0x0035eba1
0x0035eba3
0x0035eba5
0x0035eba8
0x0035ecc1
0x0035ecc6
0x0035ebae
0x0035ebae
0x0035ebaf
0x0035ebaf
0x0035ebb2
0x0035ebb5
0x0035ebb7
0x0035ebba
0x0035ebba
0x0035ebbd
0x0035ebbf
0x0035ebc2
0x0035ebc7
0x0035ebd5
0x0035ebdf
0x0035ebe2
0x0035ebe5
0x0035ebe5
0x0035ebf0
0x0035ebf5
0x0035ebfa
0x00000000
0x0035ec00
0x0035ec03
0x0035ec03
0x0035ec06
0x0035ec08
0x0035ec0b
0x0035ec0b
0x0035ec0b
0x0035ec0d
0x0035ec0d
0x0035ec0d
0x0035ec13
0x00000000
0x00000000
0x0035ec18
0x0035ec2f
0x0035ec2f
0x0035ec1a
0x0035ec1a
0x0035ec22
0x00000000
0x0035ec24
0x0035ec24
0x0035ec27
0x0035ec2d
0x00000000
0x00000000
0x00000000
0x00000000
0x0035ec2d
0x0035ec22
0x0035ec38
0x0035ec3d
0x0035ec3f
0x0035ec44
0x0035ec47
0x0035ec4a
0x0035ec4d
0x0035ec50
0x0035ec52
0x0035ec57
0x0035ec61
0x0035ec69
0x0035ec71
0x00000000
0x0035ec77
0x0035ec7b
0x0035ecc8
0x0035ecce
0x0035ecd1
0x0035ecd4
0x0035ecd6
0x0035ecda
0x0035ecde
0x0035ece0
0x0035ece3
0x0035ece8
0x0035ecde
0x0035ece9
0x0035ecec
0x0035ecee
0x0035ecf0
0x0035ecf4
0x0035ecf5
0x0035ecf7
0x0035ecfa
0x0035ecff
0x0035ecf5
0x0035ed02
0x0035ed05
0x0035ed08
0x0035ed0b
0x0035ed0e
0x0035ed0e
0x0035ec7d
0x0035ec7d
0x0035ec80
0x0035ec83
0x0035ec85
0x0035ec89
0x0035ec8d
0x0035ec8f
0x0035ec92
0x0035ec97
0x0035ec8d
0x0035ec98
0x0035ec9d
0x0035ec9f
0x0035eca4
0x0035eca6
0x0035eca9
0x0035ecae
0x0035eca4
0x0035ecaf
0x0035ecb3
0x0035ecb3
0x0035ecb6
0x0035ecba
0x0035ecbd
0x0035ecbd
0x00000000
0x0035ecc0
0x00000000
0x0035ec71
0x0035ec33
0x0035ec35
0x0035ec35
0x00000000
0x0035ec35
0x0035ed15
0x0035ed16
0x0035ed17
0x0035ed18
0x0035ed19
0x0035ed1a
0x0035ed1f
0x0035ed22
0x0035ed23
0x0035ed25
0x0035ed2b
0x0035ed32
0x0035ed35
0x0035ed38
0x0035ed39
0x0035ed3a
0x0035ed3d
0x0035ed3e
0x0035ed41
0x0035ed47
0x0035ed49
0x0035ed6e
0x0035ed78
0x0035ed7e
0x0035ed80
0x0035ed86
0x0035ed88
0x0035efdb
0x0035efdc
0x00000000
0x0035ed8e
0x0035ed8e
0x0035ed92
0x0035eef9
0x0035eef9
0x0035ef10
0x0035ef15
0x0035ef18
0x0035ef1a
0x0035ef20
0x0035ef20
0x0035ef22
0x0035ef22
0x0035ef25
0x0035ef27
0x0035ef2d
0x0035ef2d
0x0035ef2f
0x0035efb6
0x0035efb6
0x0035ef35
0x0035ef35
0x0035ef37
0x0035ef3d
0x0035ef40
0x0035ef43
0x0035ef49
0x00000000
0x00000000
0x0035ef4b
0x0035ef4f
0x0035ef78
0x0035ef78
0x0035ef7a
0x0035ef51
0x0035ef51
0x0035ef55
0x0035ef59
0x0035ef60
0x0035ef66
0x00000000
0x0035ef68
0x0035ef68
0x0035ef6b
0x0035ef6e
0x0035ef76
0x00000000
0x00000000
0x00000000
0x00000000
0x0035ef76
0x0035ef66
0x0035ef85
0x0035ef85
0x0035ef87
0x0035efb5
0x0035efb5
0x00000000
0x0035ef89
0x0035ef89
0x0035ef8f
0x0035ef90
0x0035ef91
0x0035ef92
0x0035ef97
0x0035ef9d
0x0035efa0
0x0035efa2
0x0035efa9
0x0035efab
0x0035efad
0x0035efa4
0x0035efa4
0x0035efa5
0x00000000
0x0035efa5
0x0035efa2
0x00000000
0x0035ef87
0x0035ef7e
0x0035ef80
0x0035ef83
0x0035ef83
0x00000000
0x0035ef83
0x0035efbc
0x0035efbc
0x0035efbd
0x0035efc0
0x0035efc6
0x0035efc6
0x0035efcf
0x0035efd1
0x00000000
0x0035efd3
0x0035efd3
0x00000000
0x0035efd3
0x0035efd1
0x00000000
0x0035ed98
0x0035ed98
0x0035ed9d
0x00000000
0x0035eda3
0x0035eda3
0x0035eda8
0x00000000
0x0035edae
0x0035edae
0x0035edb4
0x0035edb9
0x0035edbb
0x0035edc2
0x0035edc3
0x0035edc5
0x00000000
0x00000000
0x0035edcb
0x0035edcb
0x0035edcf
0x0035edd5
0x00000000
0x0035eddb
0x0035eddd
0x0035edde
0x0035ede1
0x00000000
0x0035ede7
0x0035ede7
0x0035eded
0x0035edf2
0x0035edfc
0x0035ee00
0x0035ee05
0x0035ee08
0x0035ee0a
0x00000000
0x0035ee0c
0x0035ee0c
0x0035ee0e
0x0035ee11
0x0035ee11
0x0035ee14
0x0035ee17
0x0035ee17
0x0035ee22
0x0035ee24
0x0035ee26
0x00000000
0x00000000
0x0035ee26
0x00000000
0x0035ee28
0x0035ee28
0x0035ee2e
0x0035ee31
0x0035ee31
0x0035ee3f
0x0035ee48
0x0035ee4d
0x0035ee53
0x0035ee56
0x0035ee57
0x0035ee59
0x0035ee67
0x0035ee67
0x0035ee6e
0x0035eecf
0x00000000
0x0035ee70
0x0035ee70
0x0035ee7e
0x0035ee83
0x0035ee86
0x0035ee88
0x0035eff8
0x0035effa
0x0035effb
0x0035effc
0x0035effd
0x0035effe
0x0035efff
0x0035f004
0x0035f007
0x0035f008
0x0035f010
0x0035f017
0x0035f01a
0x0035f01b
0x0035f01e
0x0035f022
0x0035f023
0x0035f026
0x0035f036
0x0035f042
0x0035f059
0x0035f05e
0x0035f061
0x0035f063
0x0035f078
0x0035f07b
0x0035f07b
0x0035f07e
0x0035f084
0x0035f08d
0x0035f08f
0x0035f092
0x0035f099
0x0035f09c
0x0035f0a2
0x00000000
0x00000000
0x0035f0a4
0x0035f0a8
0x0035f0d1
0x0035f0d1
0x0035f0aa
0x0035f0aa
0x0035f0ae
0x0035f0b2
0x0035f0b9
0x0035f0bf
0x00000000
0x0035f0c1
0x0035f0c1
0x0035f0c4
0x0035f0c7
0x0035f0cf
0x00000000
0x00000000
0x00000000
0x00000000
0x0035f0cf
0x0035f0bf
0x0035f0de
0x0035f0de
0x0035f0e0
0x0035f0e6
0x0035f0ec
0x0035f0ef
0x0035f0ef
0x0035f0f2
0x0035f0f5
0x0035f0f5
0x0035f105
0x0035f113
0x0035f118
0x0035f11f
0x0035f121
0x00000000
0x0035f127
0x0035f12d
0x0035f133
0x0035f13a
0x0035f140
0x0035f143
0x0035f149
0x0035f156
0x0035f15d
0x0035f162
0x0035f165
0x0035f167
0x0035f3c0
0x0035f3c6
0x0035f3c7
0x0035f3c8
0x0035f3c9
0x0035f3ca
0x0035f3cb
0x0035f3d0
0x0035f3d6
0x0035f16d
0x0035f16d
0x0035f17b
0x0035f17e
0x0035f199
0x0035f1a0
0x0035f1a6
0x0035f1ac
0x0035f180
0x0035f180
0x0035f188
0x00000000
0x0035f18a
0x0035f18a
0x0035f190
0x0035f190
0x0035f188
0x0035f1b3
0x0035f1b6
0x0035f2d3
0x0035f2d6
0x0035f2e3
0x0035f2e6
0x0035f2ee
0x0035f2ee
0x0035f2d8
0x0035f2de
0x0035f2de
0x0035f1bc
0x0035f1bc
0x0035f1c2
0x0035f1ca
0x0035f1cc
0x0035f1cf
0x0035f1d8
0x0035f1e1
0x0035f1e7
0x0035f1e7
0x0035f1ea
0x0035f1ec
0x00000000
0x00000000
0x0035f1ee
0x0035f1f4
0x0035f1f5
0x0035f200
0x0035f208
0x0035f210
0x0035f213
0x0035f216
0x0035f21c
0x0035f222
0x0035f228
0x0035f22e
0x0035f231
0x00000000
0x00000000
0x0035f233
0x0035f258
0x0035f258
0x0035f25b
0x0035f25f
0x0035f278
0x0035f27d
0x0035f280
0x0035f282
0x0035f288
0x0035f2c3
0x0035f28a
0x0035f28a
0x0035f28f
0x0035f297
0x0035f298
0x0035f298
0x0035f2af
0x0035f2b6
0x0035f2b9
0x0035f2be
0x0035f2be
0x0035f2c6
0x0035f2c9
0x0035f2c9
0x0035f2ce
0x00000000
0x0035f2ce
0x0035f235
0x0035f237
0x0035f23c
0x0035f242
0x0035f24b
0x0035f254
0x0035f254
0x00000000
0x0035f237
0x0035f2f1
0x0035f2f1
0x0035f2f5
0x0035f2fd
0x0035f303
0x0035f306
0x0035f30c
0x0035f30e
0x0035f34e
0x0035f354
0x0035f35b
0x0035f35b
0x0035f361
0x0035f365
0x00000000
0x0035f367
0x0035f367
0x0035f36b
0x0035f370
0x0035f374
0x0035f379
0x0035f380
0x0035f38e
0x0035f394
0x0035f397
0x0035f397
0x0035f365
0x0035f3a6
0x0035f3ae
0x0035f3b7
0x0035f310
0x0035f316
0x0035f319
0x0035f320
0x0035f332
0x0035f339
0x0035f346
0x00000000
0x0035f346
0x00000000
0x0035f30e
0x0035f167
0x0035f0e2
0x00000000
0x0035f0e2
0x00000000
0x0035f0e0
0x0035f0d9
0x0035f0db
0x0035f0db
0x00000000
0x0035f065
0x0035f065
0x0035f065
0x0035f067
0x0035f06c
0x0035f077
0x0035f077
0x0035ee8e
0x0035ee8e
0x0035ee91
0x0035ee96
0x0035eff3
0x00000000
0x0035ee9c
0x0035ee9e
0x0035eea6
0x0035eeac
0x0035eead
0x0035eeb3
0x0035eeb4
0x0035eeb9
0x0035eebc
0x0035eebe
0x0035eec4
0x0035eec6
0x0035eec7
0x0035eec7
0x0035eed5
0x0035eed5
0x0035eed8
0x0035eeda
0x0035eedd
0x0035eeeb
0x0035eeeb
0x0035efd5
0x0035efd5
0x00000000
0x0035efd7
0x0035efd7
0x00000000
0x0035eedf
0x0035eedf
0x0035eee2
0x0035eee5
0x00000000
0x00000000
0x00000000
0x00000000
0x0035eee5
0x0035eedd
0x0035ee96
0x0035ee88
0x0035ee5b
0x0035ee5d
0x0035ee5e
0x0035ee61
0x00000000
0x00000000
0x00000000
0x00000000
0x0035ee61
0x0035ee59
0x0035ede1
0x00000000
0x0035edd5
0x00000000
0x0035eef2
0x0035eda8
0x0035ed9d
0x0035ed92
0x0035ed4b
0x0035ed4b
0x0035ed4d
0x0035ed4f
0x0035ed50
0x0035ed51
0x0035ed52
0x0035ed57
0x0035efe2
0x0035efe7
0x0035eff2
0x0035eff2
0x0035ed49
0x00000000

APIs
    • Part of subcall function 003600B9: HeapAlloc.KERNEL32(00000000,?,00000004,?,0036011C,?,00000000,?,0035C240,?,00000004,FFFFFFFF,?,?,?,0035F6AB), ref: 003600EB
  • _free.LIBCMT ref: 0035EC92
  • _free.LIBCMT ref: 0035ECA9
  • _free.LIBCMT ref: 0035ECC8
  • _free.LIBCMT ref: 0035ECE3
  • _free.LIBCMT ref: 0035ECFA
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: _free$AllocHeap
  • String ID:
  • API String ID: 1835388192-0
  • Opcode ID: a045bfcc1da75b620b9cbd7afe85e0be9e0989b161b14346884ce4b7365452bb
  • Instruction ID: f9ab43c110ad220c24e0b8cf214942f4641aca2c9e59f84ee4ca7e2e9706f714
  • Opcode Fuzzy Hash: a045bfcc1da75b620b9cbd7afe85e0be9e0989b161b14346884ce4b7365452bb
  • Instruction Fuzzy Hash: C151C471A00704EFDB2ADF6AC842FAA77F4EF58721B154569ED09DB260E731EA05CB40
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 86%
			E0017F940(signed char _a4) {
				intOrPtr _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v21;
				intOrPtr* _v28;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v64;
				char _v72;
				void* __ebx;
				void* __ecx;
				void* __edi;
				signed int _t65;
				signed int _t72;
				signed int _t78;
				intOrPtr _t83;
				signed char _t90;
				signed char _t91;
				void* _t101;
				intOrPtr* _t103;
				void* _t154;
				signed int _t158;
				void* _t159;
				intOrPtr _t160;
				void* _t161;
				void* _t162;

				_push(0xffffffff);
				_push(0x3739e8);
				_push( *[fs:0x0]);
				_push(_t103);
				_t160 = _t159 - 0x34;
				_push(_t101);
				_push(_t154);
				_t65 =  *0x414f64; // 0x48591883
				_push(_t65 ^ _t158);
				 *[fs:0x0] =  &_v16;
				_v20 = _t160;
				_v28 = _t103;
				if((E001808B0(_v28 +  *((intOrPtr*)( *_v28 + 4))) & 0x000000ff) == 0) {
					L16:
					E0017F2F0(_v28 +  *((intOrPtr*)( *_v28 + 4)), 2, 0);
					_t72 = 0;
					__eflags = 0;
				} else {
					if(E0017FD60(_v28 +  *((intOrPtr*)( *_v28 + 4))) != 0) {
						E0017FC10(E0017FD60(_v28 +  *((intOrPtr*)( *_v28 + 4))));
					}
					if((_a4 & 0x000000ff) == 0) {
						_t78 = E00180890(_v28 +  *((intOrPtr*)( *_v28 + 4)));
						_t167 = _t78 & 0x00000001;
						if((_t78 & 0x00000001) != 0) {
							_v36 = E00180850(_v28 +  *((intOrPtr*)( *_v28 + 4)), _t167,  &_v72);
							_v40 = _v36;
							_v8 = 0;
							_t83 = E001694E0(_t101, _t154, _t167, _v40);
							_t161 = _t160 + 4;
							_v64 = _t83;
							_v8 = 0xffffffff;
							E00169700( &_v72);
							_v8 = 1;
							_v44 = E0017F880(_v28 +  *((intOrPtr*)( *_v28 + 4)));
							_v48 = E0017F6B0(_v44, _v28);
							_t127 = _v48;
							_v32 = _v48;
							while(1) {
								_v60 = E00181830(_t87);
								_t90 = E00181840(_t127,  &_v60,  &_v32);
								_t162 = _t161 + 8;
								if((_t90 & 0x000000ff) != 0) {
									break;
								}
								_t91 = E00181750( &_v32);
								_t161 = _t162 + 4;
								_v21 = E00168920(_v64, 0x48, _t91 & 0x000000ff);
								__eflags = _v21 & 0x000000ff;
								if((_v21 & 0x000000ff) != 0) {
									__eflags = _v28 +  *((intOrPtr*)( *_v28 + 4));
									_v52 = E0017F880(_v28 +  *((intOrPtr*)( *_v28 + 4)));
									_v56 = E0017FCD0(_v52, _v28);
									_t127 = _v56;
									_v32 = _v56;
									continue;
								} else {
								}
								L12:
								_v8 = 0xffffffff;
								goto L14;
							}
							E0017F2F0(_v28 +  *((intOrPtr*)( *_v28 + 4)), 1, 0);
							goto L12;
						}
					}
					L14:
					if((E001808B0(_v28 +  *((intOrPtr*)( *_v28 + 4))) & 0x000000ff) == 0) {
						goto L16;
					} else {
						_t72 = 1;
					}
				}
				 *[fs:0x0] = _v16;
				return _t72;
			}



































0x0017f943
0x0017f945
0x0017f950
0x0017f951
0x0017f952
0x0017f955
0x0017f957
0x0017f958
0x0017f95f
0x0017f963
0x0017f969
0x0017f96c
0x0017f986
0x0017fb1d
0x0017fb2c
0x0017fb31
0x0017fb31
0x0017f98c
0x0017f99e
0x0017f9b4
0x0017f9b4
0x0017f9bf
0x0017f9d0
0x0017f9d5
0x0017f9d8
0x0017f9f2
0x0017f9f8
0x0017f9fb
0x0017fa06
0x0017fa0b
0x0017fa0e
0x0017fa11
0x0017fa1b
0x0017fa20
0x0017fa37
0x0017fa42
0x0017fa45
0x0017fa48
0x0017fa71
0x0017fa76
0x0017fa81
0x0017fa86
0x0017fa8e
0x00000000
0x00000000
0x0017faac
0x0017fab1
0x0017fac2
0x0017fac9
0x0017facb
0x0017fa55
0x0017fa5d
0x0017fa68
0x0017fa6b
0x0017fa6e
0x00000000
0x00000000
0x0017facd
0x0017fad4
0x0017faf0
0x00000000
0x0017faf0
0x0017fa9f
0x00000000
0x0017fa9f
0x0017f9d8
0x0017fb00
0x0017fb17
0x00000000
0x0017fb19
0x0017fb19
0x0017fb19
0x0017fb17
0x0017fb36
0x0017fb44

APIs
  • std::ios_base::good.LIBCPMTD ref: 0017F97C
  • std::ios_base::getloc.LIBCPMTD ref: 0017F9ED
  • char_traits.LIBCPMTD ref: 0017FA81
  • std::ios_base::good.LIBCPMTD ref: 0017FB0D
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: std::ios_base::good$char_traitsstd::ios_base::getloc
  • String ID:
  • API String ID: 1920461149-0
  • Opcode ID: bca1e005f12637106f1c35fdd2853811070a9382d279e2c05df7531385ca6f95
  • Instruction ID: 7e5557307ecfb2d0176e4397388cab0d63b18cb9ab2622385c3a59900e19c9a5
  • Opcode Fuzzy Hash: bca1e005f12637106f1c35fdd2853811070a9382d279e2c05df7531385ca6f95
  • Instruction Fuzzy Hash: 0F51FEB4E002099FCB08DF94D892ABFBBB5BF59314F14816DE6156B391DB31A942CF90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 83%
			E0035F61E(signed int* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _t28;
				signed int _t29;
				intOrPtr _t33;
				signed int _t37;
				signed int _t38;
				signed int _t40;
				void* _t50;
				signed int _t56;
				intOrPtr* _t57;
				signed int _t68;
				signed int _t71;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t78;
				signed int _t80;
				signed int* _t81;
				signed int _t85;
				void* _t86;

				_t72 = __edx;
				_v12 = __ecx;
				_t28 =  *__ecx;
				_t81 =  *_t28;
				if(_t81 != 0) {
					_t29 =  *0x414f64; // 0x48591883
					_t56 =  *_t81 ^ _t29;
					_t78 = _t81[1] ^ _t29;
					_t83 = _t81[2] ^ _t29;
					asm("ror edi, cl");
					asm("ror esi, cl");
					asm("ror ebx, cl");
					if(_t78 != _t83) {
						L14:
						 *_t78 = E00360C28( *((intOrPtr*)( *((intOrPtr*)(_v12 + 4)))));
						_t33 = E00344CFC(_t56);
						_t57 = _v12;
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)))) = _t33;
						_t24 = _t78 + 4; // 0x4
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 4)) = E00344CFC(_t24);
						 *((intOrPtr*)( *((intOrPtr*)( *_t57)) + 8)) = E00344CFC(_t83);
						_t37 = 0;
						L15:
						return _t37;
					}
					_t38 = 0x200;
					_t85 = _t83 - _t56 >> 2;
					if(_t85 <= 0x200) {
						_t38 = _t85;
					}
					_t80 = _t38 + _t85;
					if(_t80 == 0) {
						_t80 = 0x20;
					}
					if(_t80 < _t85) {
						L9:
						_push(4);
						_t80 = _t85 + 4;
						_push(_t80);
						_v8 = E0035C1EC(_t56);
						_t40 = E00360415(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							goto L11;
						}
						_t37 = _t40 | 0xffffffff;
						goto L15;
					} else {
						_push(4);
						_push(_t80);
						_v8 = E0035C1EC(_t56);
						E00360415(0);
						_t68 = _v8;
						_t86 = _t86 + 0x10;
						if(_t68 != 0) {
							L11:
							_t56 = _t68;
							_v8 = _t68 + _t85 * 4;
							_t83 = _t68 + _t80 * 4;
							_t78 = _v8;
							_push(0x20);
							asm("ror eax, cl");
							_t71 = _t78;
							_v16 = 0 ^  *0x414f64;
							asm("sbb edx, edx");
							_t74 =  !_t72 & _t68 + _t80 * 0x00000004 - _t78 + 0x00000003 >> 0x00000002;
							_v8 = _t74;
							if(_t74 == 0) {
								goto L14;
							}
							_t75 = _v16;
							_t50 = 0;
							do {
								_t50 = _t50 + 1;
								 *_t71 = _t75;
								_t71 = _t71 + 4;
							} while (_t50 != _v8);
							goto L14;
						}
						goto L9;
					}
				}
				return _t28 | 0xffffffff;
			}

























0x0035f61e
0x0035f628
0x0035f62c
0x0035f62e
0x0035f632
0x0035f63c
0x0035f64d
0x0035f652
0x0035f654
0x0035f656
0x0035f658
0x0035f65a
0x0035f65e
0x0035f718
0x0035f726
0x0035f728
0x0035f72d
0x0035f734
0x0035f736
0x0035f744
0x0035f753
0x0035f756
0x0035f758
0x00000000
0x0035f759
0x0035f666
0x0035f66b
0x0035f670
0x0035f672
0x0035f672
0x0035f674
0x0035f679
0x0035f67d
0x0035f67d
0x0035f680
0x0035f69f
0x0035f69f
0x0035f6a1
0x0035f6a4
0x0035f6ad
0x0035f6b0
0x0035f6b5
0x0035f6b8
0x0035f6bd
0x00000000
0x00000000
0x0035f6bf
0x00000000
0x0035f682
0x0035f682
0x0035f684
0x0035f68d
0x0035f690
0x0035f695
0x0035f698
0x0035f69d
0x0035f6c7
0x0035f6ca
0x0035f6cc
0x0035f6cf
0x0035f6d7
0x0035f6dd
0x0035f6e4
0x0035f6e6
0x0035f6ee
0x0035f6fd
0x0035f701
0x0035f703
0x0035f706
0x00000000
0x00000000
0x0035f708
0x0035f70b
0x0035f70d
0x0035f70d
0x0035f70e
0x0035f710
0x0035f713
0x00000000
0x0035f70d
0x00000000
0x0035f69d
0x0035f680
0x00000000

APIs
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: _free
  • String ID:
  • API String ID: 269201875-0
  • Opcode ID: 137dba1d001ae3002651054b0d06bbcd6d037b4680712fe04bdfa5d92b7da4ba
  • Instruction ID: f2c8724feee02acb7aa83ef16b010dec917e37e3e0d9577c15d8b150b1260fa8
  • Opcode Fuzzy Hash: 137dba1d001ae3002651054b0d06bbcd6d037b4680712fe04bdfa5d92b7da4ba
  • Instruction Fuzzy Hash: 5741D432A003049FCB15DF78C881E6AB7E5EF89314B1645B9E915EF3A1DB31AE05CB80
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CHorizontalLayoutUI@DuiLib@@QAE@XZ.DUILIB(48591883,00000000,00000000,00371021,000000FF,?,001586AA), ref: 00158709
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00158735
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00158748
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015875B
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015876E
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$HorizontalLayout
  • String ID:
  • API String ID: 1489182624-0
  • Opcode ID: 0e9ca3825a4647b43590367457b110d486bc9ff539f5f1008de1398e55dd3252
  • Instruction ID: 1c77e86af4ddaec3f665644beb4cea9e2a882bc4fbdc0d5553c1913fc850c0df
  • Opcode Fuzzy Hash: 0e9ca3825a4647b43590367457b110d486bc9ff539f5f1008de1398e55dd3252
  • Instruction Fuzzy Hash: 8051A7B4A0035ACFDB04CF84C868BAFBBB1FB49318F1446A8D4256B782C77A5945CF91
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(00000000), ref: 00162D8A
  • ?IsEmpty@CDuiString@DuiLib@@QBE_NXZ.DUILIB ref: 00162D9D
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00162DC3
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB ref: 00162DD7
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00162E11
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$Empty@V01@@
  • String ID:
  • API String ID: 1300350856-0
  • Opcode ID: e0b976ede5458b18a9e3b465b5d0f217b10d988688fcfffc646945526bf53bab
  • Instruction ID: 2bb5b166a3bb856fb1a9c87a81f01e649793ac95d9a617cc0a424755f5819073
  • Opcode Fuzzy Hash: e0b976ede5458b18a9e3b465b5d0f217b10d988688fcfffc646945526bf53bab
  • Instruction Fuzzy Hash: 2A31D474A00219DFDB24CF24DC85BA9B7B5BB49310F1082EAE85EA7391DB306E85CF41
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB(48591883), ref: 00155CF7
  • ?Format@CDuiString@DuiLib@@QAAHPB_WZZ.DUILIB(?,003C32C8,?), ref: 00155D14
  • KillTimer.USER32(?,00000001), ref: 00155D3D
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00155D5A
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00155D88
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$Format@KillTimer
  • String ID:
  • API String ID: 64913436-0
  • Opcode ID: 0307b795342dbfe134363d90259a05f05c0f26829b08e8f5fe2bfcdf7e3ce5ce
  • Instruction ID: d2820ecf96d23de1dbff33e6ade113da9f85325ee841b1392c330d8510561aa3
  • Opcode Fuzzy Hash: 0307b795342dbfe134363d90259a05f05c0f26829b08e8f5fe2bfcdf7e3ce5ce
  • Instruction Fuzzy Hash: 3A214975900218DFDB25CF64DD59BADB7B5FB09310F1086DAE82A6B391DB356A48CF00
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 82%
			E00360A11(void* __ecx) {
				void* __esi;
				intOrPtr _t2;
				void* _t4;
				void* _t10;
				void* _t11;
				void* _t13;
				void* _t15;
				long _t16;

				_t11 = __ecx;
				_t16 = GetLastError();
				_t10 = 0;
				_t2 =  *0x415140; // 0xffffffff
				_t19 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L2:
					_t15 = E0035FA1C(_t11, 1, 0x364);
					_pop(_t13);
					if(_t15 != 0) {
						_t4 = E00360F5B(_t13, _t16, __eflags,  *0x415140, _t15);
						__eflags = _t4;
						if(_t4 != 0) {
							E003607FF(_t13, _t15, 0x422144);
							E00360415(_t10);
							__eflags = _t15;
							if(_t15 != 0) {
								goto L9;
							} else {
								goto L8;
							}
						} else {
							_push(_t15);
							goto L4;
						}
					} else {
						_push(_t10);
						L4:
						E00360415();
						L8:
						SetLastError(_t16);
					}
				} else {
					_t15 = E00360F05(_t11, _t16, _t19, _t2);
					if(_t15 != 0) {
						L9:
						SetLastError(_t16);
						_t10 = _t15;
					} else {
						goto L2;
					}
				}
				return _t10;
			}











0x00360a11
0x00360a1c
0x00360a1e
0x00360a20
0x00360a25
0x00360a28
0x00360a36
0x00360a42
0x00360a45
0x00360a48
0x00360a5a
0x00360a5f
0x00360a61
0x00360a6c
0x00360a72
0x00360a7a
0x00360a7c
0x00000000
0x00000000
0x00000000
0x00000000
0x00360a63
0x00360a63
0x00000000
0x00360a63
0x00360a4a
0x00360a4a
0x00360a4b
0x00360a4b
0x00360a7e
0x00360a7f
0x00360a7f
0x00360a2a
0x00360a30
0x00360a34
0x00360a87
0x00360a88
0x00360a8e
0x00000000
0x00000000
0x00000000
0x00360a34
0x00360a95

APIs
  • GetLastError.KERNEL32(?,?,?,00350142,0036013A,?,0035C240,?,00000004,FFFFFFFF,?,?,?,0035F6AB,?,FFFFFFFF), ref: 00360A16
  • _free.LIBCMT ref: 00360A4B
  • _free.LIBCMT ref: 00360A72
  • SetLastError.KERNEL32(00000000,?,?,?,00000000,00000000,00000000), ref: 00360A7F
  • SetLastError.KERNEL32(00000000,?,?,?,00000000,00000000,00000000), ref: 00360A88
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ErrorLast$_free
  • String ID:
  • API String ID: 3170660625-0
  • Opcode ID: de3b88f47c787e0658bd03a0117c4efe43fac8c19ba581509d1d7fcc891c12a4
  • Instruction ID: 39438314b22437041e5addcc372b56e4e5eb413ea9480cd5e3e97f8dd5fa5555
  • Opcode Fuzzy Hash: de3b88f47c787e0658bd03a0117c4efe43fac8c19ba581509d1d7fcc891c12a4
  • Instruction Fuzzy Hash: FD01A9366407007A862FAAF5EC87E7B266D9BC17F0B26C125F9159B199EF74CC018520
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?RemoveAll@CContainerUI@DuiLib@@UAEXXZ.DUILIB ref: 0015655F
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015656E
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015657D
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015658C
  • ??1CListContainerElementUI@DuiLib@@UAE@XZ.DUILIB ref: 00156595
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$Container$All@ElementListRemove
  • String ID:
  • API String ID: 692529482-0
  • Opcode ID: 61fd627ebbf126a992391a280b14a201a827c1a492162e18b2893cf05cf385f6
  • Instruction ID: a9cb571789f8cd47aca3425e38393c893960677dc9d14feb5a590703e5fdbd28
  • Opcode Fuzzy Hash: 61fd627ebbf126a992391a280b14a201a827c1a492162e18b2893cf05cf385f6
  • Instruction Fuzzy Hash: F21109B890425ACFDB09CF85DC58BBEB7B5FB49314F044A6AE82697391CB756800CF54
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E00369207(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x4150d0; // 0x4150c4
					if(_t23 != 0) {
						E00360415(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x4150d4; // 0x421d85
					if(_t24 != 0) {
						E00360415(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x4150d8; // 0x421d85
					if(_t25 != 0) {
						E00360415(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x415100; // 0x4150c8
					if(_t26 != 0) {
						E00360415(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x415104; // 0x421d88
					if(_t27 != 0) {
						return E00360415(_t6);
					}
				}
				return _t6;
			}










0x0036920d
0x00369212
0x00369216
0x0036921c
0x0036921f
0x00369224
0x00369228
0x0036922e
0x00369231
0x00369236
0x0036923a
0x00369240
0x00369243
0x00369248
0x0036924c
0x00369252
0x00369255
0x0036925a
0x0036925b
0x0036925e
0x00369264
0x00000000
0x0036926c
0x00369264
0x0036926f

APIs
  • _free.LIBCMT ref: 0036921F
    • Part of subcall function 00360415: HeapFree.KERNEL32(00000000,00000000,?,003694BA,?,00000000,?,00000000,?,0036975E,?,00000007,?,?,00369BDA,?), ref: 0036042B
    • Part of subcall function 00360415: GetLastError.KERNEL32(?,?,003694BA,?,00000000,?,00000000,?,0036975E,?,00000007,?,?,00369BDA,?,?), ref: 0036043D
  • _free.LIBCMT ref: 00369231
  • _free.LIBCMT ref: 00369243
  • _free.LIBCMT ref: 00369255
  • _free.LIBCMT ref: 00369267
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: _free$ErrorFreeHeapLast
  • String ID:
  • API String ID: 776569668-0
  • Opcode ID: adb61d1b8591f566585f0b3e983bfbb82f57bf15656028d50c83e4c653327a77
  • Instruction ID: ac732e81b41425a4d4fc056ba273eec1f2bc060ca4c789679730ce17a82bea4a
  • Opcode Fuzzy Hash: adb61d1b8591f566585f0b3e983bfbb82f57bf15656028d50c83e4c653327a77
  • Instruction Fuzzy Hash: 33F06232504608F78627DF56E892DE67BEDAA84710765CC16F108DB508CB30FC808A64
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 21%
			E00158940(intOrPtr* __ecx) {
				intOrPtr* _v8;
				void* _t16;

				_v8 = __ecx;
				 *_v8 = 0x3e0bb0;
				 *((intOrPtr*)(_v8 + 0x6f0)) = 0x3e0b88;
				E0015F700(E002073E0(_v8 + 0xaa0), _v8 + 0xa98);
				_t16 = E002073E0(_v8 + 0xa80);
				__imp__??1CDuiString@DuiLib@@QAE@XZ(__ecx);
				__imp__??1CDuiString@DuiLib@@QAE@XZ();
				__imp__??1CDuiString@DuiLib@@QAE@XZ();
				__imp__??1CDuiString@DuiLib@@QAE@XZ();
				__imp__??1CHorizontalLayoutUI@DuiLib@@UAE@XZ();
				return _t16;
			}





0x00158944
0x0015894a
0x00158953
0x00158974
0x00158982
0x00158990
0x0015899f
0x001589ae
0x001589bd
0x001589c6
0x001589cf

APIs
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00158990
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015899F
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 001589AE
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 001589BD
  • ??1CHorizontalLayoutUI@DuiLib@@UAE@XZ.DUILIB ref: 001589C6
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$HorizontalLayout
  • String ID:
  • API String ID: 1489182624-0
  • Opcode ID: 2d0c798ac2df5b20544d8e2accbe85186c6c1e5704331cd0fbe62ff8652238ba
  • Instruction ID: dbfa71f88fc2c9334a67d7021857c5b12c29342f7af35cc8fe0c2efa1caa8479
  • Opcode Fuzzy Hash: 2d0c798ac2df5b20544d8e2accbe85186c6c1e5704331cd0fbe62ff8652238ba
  • Instruction Fuzzy Hash: 3E01D634A04209DBDB09DB94D9A8BBCB776EF49304F2441A9E90357392CF352F10DB55
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 89%
			E0020A650(intOrPtr* __ecx, signed int __edx, void* __eflags) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr* _v36;
				char _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				char _v56;
				char _v64;
				signed int _t52;
				intOrPtr _t56;
				void* _t57;
				signed int _t61;
				void* _t65;
				signed int _t72;
				signed int _t80;
				signed int _t81;
				signed int _t89;
				void* _t91;
				intOrPtr _t95;
				signed int _t96;
				signed int _t133;
				intOrPtr* _t135;
				signed int _t138;
				signed int _t140;
				void* _t141;
				intOrPtr _t142;
				void* _t143;
				signed int _t145;
				signed int _t147;

				_t133 = __edx;
				_push(0xffffffff);
				_push(0x37ab08);
				_push( *[fs:0x0]);
				_t142 = _t141 - 0x34;
				_t52 =  *0x414f64; // 0x48591883
				_push(_t52 ^ _t140);
				 *[fs:0x0] =  &_v16;
				_v20 = _t142;
				_v56 = __edx;
				_t135 = __ecx;
				_v36 = __ecx;
				_t138 = 0;
				_v28 = 0;
				_t56 = E00169E70(__edx);
				_t143 = _t142 + 4;
				_t95 = _t56;
				_v32 = _t95;
				_t57 = E00180810( *((intOrPtr*)( *_t135 + 4)) + _t135);
				_t145 = _t133;
				if(_t145 < 0 || _t145 <= 0 && _t57 == 0) {
					L7:
					asm("xorps xmm0, xmm0");
					asm("movlpd [ebp-0x30], xmm0");
					_t133 = _v48;
					_t96 = _v52;
				} else {
					_t91 = E00180810( *((intOrPtr*)( *_t135 + 4)) + _t135);
					_t147 = _t133;
					if(_t147 < 0 || _t147 <= 0 && _t91 <= _t95) {
						goto L7;
					} else {
						_t96 = E00180810( *((intOrPtr*)( *_t135 + 4)) + _t135) - _v32;
						asm("sbb edx, esi");
					}
				}
				_v24 = _t133;
				E0017FDE0(_t135);
				_v8 = 0;
				if(E0017F4A0( &_v64) != 0) {
					_v8 = 1;
					_t61 = E00180890( *((intOrPtr*)( *_t135 + 4)) + _t135);
					__eflags = (_t61 & 0x000001c0) - 0x40;
					if((_t61 & 0x000001c0) == 0x40) {
						L18:
						_t65 = E0019F170(E0017F880( *((intOrPtr*)( *_t135 + 4)) + _t135), _v56, _v32, 0);
						__eflags = _t65 - _v32;
						if(_t65 != _v32) {
							goto L27;
						} else {
							__eflags = _t133;
							if(_t133 != 0) {
								goto L27;
							} else {
								_t72 = _v24;
								while(1) {
									__eflags = _t72;
									if(__eflags < 0) {
										goto L29;
									}
									if(__eflags > 0) {
										L24:
										_v56 = E00180560( *((intOrPtr*)( *_t135 + 4)) + _t135);
										_v48 = E001804F0(E0017F880( *((intOrPtr*)( *_t135 + 4)) + _t135), _t133, _v56);
										_v44 = E00181830(_t76);
										_t80 = E00181840(_t75,  &_v44,  &_v48);
										_t143 = _t143 + 8;
										__eflags = _t80;
										if(_t80 == 0) {
											_t72 = _v24;
											_t96 = _t96 + 0xffffffff;
											asm("adc eax, 0xffffffff");
											_v24 = _t72;
											continue;
										} else {
											_t138 = _t138 | 0x00000004;
											goto L28;
										}
									} else {
										__eflags = _t96;
										if(_t96 != 0) {
											goto L24;
										}
									}
									goto L29;
								}
							}
						}
					} else {
						_t81 = _v24;
						while(1) {
							__eflags = _t81;
							if(__eflags < 0) {
								break;
							}
							if(__eflags > 0) {
								L15:
								_v40 = E00180560( *((intOrPtr*)( *_t135 + 4)) + _t135);
								_v44 = E001804F0(E0017F880( *((intOrPtr*)( *_t135 + 4)) + _t135), _t133, _v40);
								_v48 = E00181830(_t85);
								_t89 = E00181840(_t84,  &_v48,  &_v44);
								_t143 = _t143 + 8;
								__eflags = _t89;
								if(_t89 != 0) {
									L27:
									_t138 = 4;
									L28:
									_v28 = _t138;
								} else {
									_t81 = _v24;
									_t96 = _t96 + 0xffffffff;
									asm("adc eax, 0xffffffff");
									_v24 = _t81;
									continue;
								}
							} else {
								__eflags = _t96;
								if(_t96 == 0) {
									break;
								} else {
									goto L15;
								}
							}
							goto L29;
						}
						__eflags = _t138;
						if(_t138 == 0) {
							goto L18;
						}
					}
					L29:
					E001807D0( *((intOrPtr*)( *_t135 + 4)) + _t135, 0, 0);
					_v8 = 0;
				} else {
					_t138 = 4;
				}
				E0017F2F0( *((intOrPtr*)( *_t135 + 4)) + _t135, _t138, 0);
				E0017FD80( *((intOrPtr*)( *_t135 + 4)) + _t135);
				 *[fs:0x0] = _v16;
				return _t135;
			}





































0x0020a650
0x0020a653
0x0020a655
0x0020a660
0x0020a661
0x0020a667
0x0020a66e
0x0020a672
0x0020a678
0x0020a67d
0x0020a680
0x0020a682
0x0020a685
0x0020a688
0x0020a68b
0x0020a692
0x0020a695
0x0020a697
0x0020a69f
0x0020a6a4
0x0020a6a6
0x0020a6d9
0x0020a6d9
0x0020a6dc
0x0020a6e1
0x0020a6e4
0x0020a6ae
0x0020a6b5
0x0020a6ba
0x0020a6bc
0x00000000
0x0020a6c4
0x0020a6d2
0x0020a6d5
0x0020a6d5
0x0020a6bc
0x0020a6eb
0x0020a6ee
0x0020a6f6
0x0020a704
0x0020a710
0x0020a71b
0x0020a725
0x0020a728
0x0020a798
0x0020a7ae
0x0020a7b3
0x0020a7b6
0x00000000
0x0020a7b8
0x0020a7b8
0x0020a7ba
0x00000000
0x0020a7bc
0x0020a7bc
0x0020a7c0
0x0020a7c0
0x0020a7c2
0x00000000
0x00000000
0x0020a7c4
0x0020a7ca
0x0020a7d8
0x0020a7ef
0x0020a7f7
0x0020a802
0x0020a807
0x0020a80a
0x0020a80c
0x0020a813
0x0020a816
0x0020a819
0x0020a81c
0x00000000
0x0020a80e
0x0020a80e
0x00000000
0x0020a80e
0x0020a7c6
0x0020a7c6
0x0020a7c8
0x00000000
0x00000000
0x0020a7c8
0x00000000
0x0020a7c4
0x0020a7c0
0x0020a7ba
0x0020a72a
0x0020a72a
0x0020a730
0x0020a730
0x0020a732
0x00000000
0x00000000
0x0020a734
0x0020a73a
0x0020a748
0x0020a75f
0x0020a767
0x0020a772
0x0020a777
0x0020a77a
0x0020a77c
0x0020a821
0x0020a821
0x0020a826
0x0020a826
0x0020a782
0x0020a782
0x0020a785
0x0020a788
0x0020a78b
0x00000000
0x0020a78b
0x0020a736
0x0020a736
0x0020a738
0x00000000
0x00000000
0x00000000
0x00000000
0x0020a738
0x00000000
0x0020a734
0x0020a790
0x0020a792
0x00000000
0x00000000
0x0020a792
0x0020a829
0x0020a834
0x0020a85a
0x0020a706
0x0020a706
0x0020a706
0x0020a86b
0x0020a873
0x0020a87d
0x0020a88b

APIs
Strings
  • in Json::Value::setComment(): Comments must start with /, xrefs: 0020A687
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: char_traits$std::ios_base::width
  • String ID: in Json::Value::setComment(): Comments must start with /
  • API String ID: 735177774-1557452193
  • Opcode ID: 4ff76f7ae0d9b3a6d6fa863d9df5f8100b0ff7f3b79ab6fb5b41cdae331f805b
  • Instruction ID: 4fce0f1ea679125bd0e6e04632591f924e24c8435487586634a13b0d96eb9e3d
  • Opcode Fuzzy Hash: 4ff76f7ae0d9b3a6d6fa863d9df5f8100b0ff7f3b79ab6fb5b41cdae331f805b
  • Instruction Fuzzy Hash: 31619531E103099BCF05EFA8D981BBEB7B5BF59310F188129E815A7392DB319911CF92
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 81%
			E0020D1E0(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v36;
				char _v44;
				char _v68;
				char _v92;
				char _v116;
				intOrPtr _v120;
				char _v144;
				intOrPtr _v148;
				char _v156;
				char _v157;
				intOrPtr _v164;
				intOrPtr _v168;
				char _v180;
				char _v252;
				char _v324;
				char _v332;
				char _v348;
				signed int _t75;
				signed int _t76;
				void* _t79;
				void* _t84;
				void* _t104;
				void* _t109;
				void* _t111;
				void* _t112;
				intOrPtr _t124;
				void* _t173;
				void* _t176;
				signed int _t180;
				void* _t191;
				void* _t194;

				_push(0xffffffff);
				_push(0x37afcc);
				_push( *[fs:0x0]);
				_t75 =  *0x414f64; // 0x48591883
				_t76 = _t75 ^ _t180;
				_v20 = _t76;
				_push(_t76);
				 *[fs:0x0] =  &_v16;
				_v164 = __ecx;
				_t124 = _a4;
				asm("xorps xmm0, xmm0");
				_v168 = _a8;
				asm("movsd [ebp-0xb0], xmm0");
				_t79 = E0015ECE0( &_v157);
				_t169 =  *((intOrPtr*)(_t124 + 4));
				E0015EE60( &_v68, _t79);
				E0015EDD0( &_v68);
				_v8 = 0;
				E0015F950( &_v68, 0, 0);
				_t173 = E0015E530( *((intOrPtr*)(_t124 + 8)));
				_t84 = E0015E530( *((intOrPtr*)(_t124 + 4)));
				if(_t84 != _t173) {
					_t191 = _t173 - _t84;
					E00169DF0( &_v68, _t84, _t173 - _t84);
				}
				_v8 = 1;
				E0020DFE0( &_v348,  &_v68);
				_v8 = 2;
				if(E001818F0( *((intOrPtr*)( *((intOrPtr*)(E0020E0B0( &_v348, _t191,  &_v180))) + 4)) + _t88) == 0) {
					asm("movsd xmm0, [ebp-0xb0]");
					_v36 = 3;
					_t50 =  &_v36;
					 *_t50 = _v36 & 0xfffffeff;
					__eflags =  *_t50;
					_v32 = 0;
					_v28 = 0;
					_v24 = 0;
					asm("movsd [ebp-0x28], xmm0");
					E00207590(_v168,  &_v44);
					E002073E0( &_v44);
				} else {
					_t104 = E0015ECE0( &_v157);
					_t169 =  *((intOrPtr*)(_t124 + 4));
					E0015EE60( &_v44, _t104);
					E0015EDD0( &_v44);
					_v8 = 3;
					E0015F950( &_v44, 0, 0);
					_t176 = E0015E530( *((intOrPtr*)(_t124 + 8)));
					_t109 = E0015E530( *((intOrPtr*)(_t124 + 4)));
					if(_t109 != _t176) {
						_t194 = _t176 - _t109;
						E00169DF0( &_v44, _t109, _t176 - _t109);
					}
					_v8 = 4;
					_t111 = E00211150( &_v116, "\'",  &_v44);
					_v8 = 5;
					_t112 = E00211190( &_v92, _t111, "\' is not a number.");
					E0015ED50();
					_v8 = 7;
					asm("movq xmm0, [ebx]");
					_v148 =  *((intOrPtr*)(_t124 + 8));
					asm("movq [ebp-0x98], xmm0");
					E00191CD0( &_v144, _t112);
					_v120 = 0;
					E0020DEA0(_v164 + 0x14, _t194,  &_v156);
					E00168720( &_v156);
					E0015FA10();
					E0015FA10();
					E0015FA10();
				}
				 *((intOrPtr*)(_t180 +  *((intOrPtr*)(_v348 + 4)) - 0x158)) = 0x3e5f4c;
				_t60 =  &_v348; // 0x3e5f4c
				_t62 =  *((intOrPtr*)( *_t60 + 4)) - 0x60; // -96
				 *((intOrPtr*)(_t180 +  *((intOrPtr*)( *_t60 + 4)) - 0x15c)) = _t62;
				_v8 = 8;
				_v332 = 0x3e5bb8;
				E0020A3C0( &_v332, _t169);
				E0017E280( &_v332);
				E0017DEA0( &_v324);
				E0017E2D0( &_v252);
				E0015FA10();
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t180);
			}








































0x0020d1e3
0x0020d1e5
0x0020d1f0
0x0020d1f7
0x0020d1fc
0x0020d1fe
0x0020d204
0x0020d208
0x0020d20e
0x0020d21d
0x0020d220
0x0020d223
0x0020d229
0x0020d231
0x0020d23c
0x0020d240
0x0020d248
0x0020d254
0x0020d25b
0x0020d269
0x0020d26c
0x0020d276
0x0020d278
0x0020d27f
0x0020d27f
0x0020d287
0x0020d298
0x0020d2a3
0x0020d2c1
0x0020d3c0
0x0020d3d1
0x0020d3d5
0x0020d3d5
0x0020d3d5
0x0020d3dd
0x0020d3e4
0x0020d3eb
0x0020d3f2
0x0020d3f7
0x0020d3ff
0x0020d2c7
0x0020d2cd
0x0020d2d8
0x0020d2dc
0x0020d2e4
0x0020d2f0
0x0020d2f4
0x0020d302
0x0020d305
0x0020d30f
0x0020d311
0x0020d318
0x0020d318
0x0020d320
0x0020d32d
0x0020d33c
0x0020d343
0x0020d353
0x0020d358
0x0020d35f
0x0020d363
0x0020d370
0x0020d378
0x0020d38d
0x0020d394
0x0020d39f
0x0020d3a7
0x0020d3af
0x0020d3b7
0x0020d3bc
0x0020d40f
0x0020d41a
0x0020d423
0x0020d426
0x0020d42d
0x0020d437
0x0020d441
0x0020d44c
0x0020d457
0x0020d462
0x0020d46a
0x0020d474
0x0020d48c

APIs
    • Part of subcall function 00169DF0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00169E11
  • std::bad_exception::~bad_exception.LIBCMTD ref: 0020D462
    • Part of subcall function 0017E2D0: std::ios_base::~ios_base.LIBCPMTD ref: 0017E2E3
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Base::Concurrency::details::ContextIdentityQueueWorkstd::bad_exception::~bad_exceptionstd::ios_base::~ios_base
  • String ID: ' is not a number.$L_>$|]>
  • API String ID: 3755302621-2207969064
  • Opcode ID: b7f40c947011dde776b248fe1c6a2e8b63fcbac3ee119820633fa79fe6244b69
  • Instruction ID: 30f21710eb80d4b90113a4f4b2298b1597c521c6939308acc3f2ae183475bb69
  • Opcode Fuzzy Hash: b7f40c947011dde776b248fe1c6a2e8b63fcbac3ee119820633fa79fe6244b69
  • Instruction Fuzzy Hash: CA715E71C10259DFCB15EFA4CC55BEEB7B8AF25314F4441A8E8097B282EB306A49CF61
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 86%
			E00208A30(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, intOrPtr* _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v44;
				char _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr* _v64;
				char _v68;
				char _v72;
				char _v224;
				signed int _t48;
				signed int _t49;
				intOrPtr _t51;
				intOrPtr _t55;
				intOrPtr* _t77;
				intOrPtr* _t104;
				intOrPtr _t106;
				signed int _t111;

				_push(0xffffffff);
				_push(0x37a951);
				_push( *[fs:0x0]);
				_t48 =  *0x414f64; // 0x48591883
				_t49 = _t48 ^ _t111;
				_v20 = _t49;
				_push(_t49);
				 *[fs:0x0] =  &_v16;
				_t104 = __ecx;
				_t3 = _t104 + 8; // 0x6e6b6e55
				_t51 =  *_t3;
				_t77 = _a4;
				_v64 = _t77;
				_v72 = 0;
				if(_t51 == 0) {
					L4:
					 *_t77 = 0;
					 *((intOrPtr*)(_t77 + 4)) = 0;
					 *((intOrPtr*)(_t77 + 8)) = 0;
				} else {
					_t116 = _t51 - 7;
					if(_t51 != 7) {
						E00209510(_t77,  &_v224);
						_v8 = 0;
						E0020A650( &_v224, "in Json::Value::getMemberNames(), value must be objectValue", _t116);
						E002094F0( &_v224,  &_v44);
						_v8 = 1;
						_t51 = E00206AB0();
					}
					if(_t51 != 0) {
						_v60 = 0;
						_v56 = 0;
						_v52 = 0;
						_v8 = 2;
						_t55 =  *((intOrPtr*)( *_t104 + 4));
						__eflags = _t55;
						if(_t55 != 0) {
							__eflags = _t55 - 0xaaaaaaa;
							if(__eflags > 0) {
								_t55 = E00345F89("vector<T> too long");
							}
							E0020A200( &_v60, __eflags, _t55);
						}
						_t109 =  *((intOrPtr*)(E002092E0( *_t104,  &_v48)));
						_v48 = _t109;
						_t106 =  *((intOrPtr*)(E00209290( *_t104,  &_v68)));
						__eflags = _t109 - _t106;
						if(__eflags != 0) {
							do {
								E0015ED30( &_v44);
								_v8 = 3;
								E0015F950( &_v44, 0, 0);
								E00169DF0( &_v44,  *((intOrPtr*)(_t109 + 0x10)),  *(_t109 + 0x14) >> 2);
								_v8 = 4;
								E00209360( &_v60,  &_v44);
								_v8 = 2;
								E0015FA10();
								E00209EA0( &_v48);
								_t109 = _v48;
								__eflags = _v48 - _t106;
							} while (__eflags != 0);
							_t77 = _v64;
						}
						_v8 = 5;
						E0015F0C0( &_v60);
						_push(_v68);
						 *_t77 = 0;
						 *((intOrPtr*)(_t77 + 4)) = 0;
						 *((intOrPtr*)(_t77 + 8)) = 0;
						E0020A330(_t77, __eflags,  &_v60);
						E00169D30();
					} else {
						goto L4;
					}
				}
				 *[fs:0x0] = _v16;
				_t46 =  &_v20; // 0x212960
				return E00344CC8( *_t46 ^ _t111);
			}























0x00208a33
0x00208a35
0x00208a40
0x00208a47
0x00208a4c
0x00208a4e
0x00208a54
0x00208a58
0x00208a5e
0x00208a60
0x00208a60
0x00208a63
0x00208a66
0x00208a69
0x00208a72
0x00208abb
0x00208abb
0x00208ac1
0x00208ac8
0x00208a74
0x00208a74
0x00208a76
0x00208a81
0x00208a8b
0x00208a98
0x00208aa7
0x00208aae
0x00208ab2
0x00208ab2
0x00208ab9
0x00208ad4
0x00208adb
0x00208ae2
0x00208ae9
0x00208af2
0x00208af5
0x00208af7
0x00208af9
0x00208afe
0x00208b05
0x00208b05
0x00208b0e
0x00208b0e
0x00208b20
0x00208b26
0x00208b2e
0x00208b30
0x00208b32
0x00208b34
0x00208b40
0x00208b4c
0x00208b50
0x00208b5a
0x00208b62
0x00208b6a
0x00208b72
0x00208b76
0x00208b7e
0x00208b83
0x00208b86
0x00208b86
0x00208b8a
0x00208b8a
0x00208b90
0x00208b94
0x00208b99
0x00208b9f
0x00208ba8
0x00208baf
0x00208bb6
0x00208bbe
0x00000000
0x00000000
0x00000000
0x00208ab9
0x00208bc8
0x00208bd3
0x00208be0

APIs
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 00208BBE
    • Part of subcall function 00209510: Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 0020954C
    • Part of subcall function 00206AB0: __CxxThrowException@8.LIBVCRUNTIME ref: 00206B0B
    • Part of subcall function 00206AB0: std::exception::exception.LIBCMTD ref: 00206B4E
Strings
  • in Json::Value::getMemberNames(), value must be objectValue, xrefs: 00208A86
  • `)!, xrefs: 00208BD3
  • vector<T> too long, xrefs: 00208B00
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ProcessorVirtual$Concurrency::Container_base12Container_base12::~_Exception@8RootRoot::Throwstd::_std::exception::exception
  • String ID: `)!$in Json::Value::getMemberNames(), value must be objectValue$vector<T> too long
  • API String ID: 2352577172-1974440074
  • Opcode ID: da9074ea816b4a9e3bbcceff50e24f6762dfb0f9f661ae3a0a80bff55226fa4f
  • Instruction ID: 2d89c14eceb66e819d2d09f6b54efa07b638e70d84040c82b313a23aa6cc0bb6
  • Opcode Fuzzy Hash: da9074ea816b4a9e3bbcceff50e24f6762dfb0f9f661ae3a0a80bff55226fa4f
  • Instruction Fuzzy Hash: BA517D71910349DFDB10EF94C881BDEBBB8EF18314F148069E815AB2C2DB746A59CFA1
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?SetAttribute@CContainerUI@DuiLib@@UAEXPB_W0@Z.DUILIB(?,?), ref: 00156CAF
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Attribute@ContainerLib@@
  • String ID: 06<$H6<$\6<
  • API String ID: 453163119-3198869379
  • Opcode ID: f88c86cb5ea7033fe1d50593b59ba66a90c8301af3e7da9d2a23f2f884743ffe
  • Instruction ID: c7e223f975a7a61aa60def1bf978445e8fa41dab3e542ae6f5d09637d8aab569
  • Opcode Fuzzy Hash: f88c86cb5ea7033fe1d50593b59ba66a90c8301af3e7da9d2a23f2f884743ffe
  • Instruction Fuzzy Hash: 6E41D674D00209DBCF18DF94C4846EEB7B1FF28315F908059D856AB390E7765E89CB95
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 51%
			E00164980(intOrPtr __ecx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t41;
				intOrPtr _t42;

				_push(__ecx);
				_v8 = __ecx;
				_t41 = _v8;
				if( *((intOrPtr*)(_t41 + 0x894)) == 0) {
					__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_FXL_check");
					 *((intOrPtr*)(_v8 + 0x894)) = _t41;
				}
				if( *((intOrPtr*)(_v8 + 0x894)) != 0) {
					_t42 = _v8;
					if( *((intOrPtr*)(_t42 + 0x898)) == 0) {
						__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"deng_FXR_check");
						 *((intOrPtr*)(_v8 + 0x898)) = _t42;
					}
					if( *((intOrPtr*)(_v8 + 0x898)) != 0) {
						if(_a4 == 0) {
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x894)))) + 0x1c0))))(0, 0);
							return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x898)))) + 0x1c0))))(1, 0);
						}
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x894)))) + 0x1c0))))(1, 0);
						return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x898)))) + 0x1c0))))(0, 0);
					} else {
						return _t42;
					}
				} else {
					return _t41;
				}
			}






0x00164983
0x00164984
0x00164987
0x00164991
0x001649a2
0x001649ab
0x001649ab
0x001649bb
0x001649c2
0x001649cc
0x001649dd
0x001649e6
0x001649e6
0x001649f6
0x00164a01
0x00164a63
0x00000000
0x00164a83
0x00164a21
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_FXL_check), ref: 001649A2
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_FXR_check), ref: 001649DD
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Control$FindI@2@Lib@@ManagerName@PaintV32@
  • String ID: deng_FXL_check$deng_FXR_check
  • API String ID: 1102601444-1376727720
  • Opcode ID: 03a56065184f590694966498eb02724a816784e52ce4d785d25a588cbab3adb9
  • Instruction ID: 6e2eb90d00d4d22a8d012bb2a262b767368de2f76635d7bc253d954f0d9b45a1
  • Opcode Fuzzy Hash: 03a56065184f590694966498eb02724a816784e52ce4d785d25a588cbab3adb9
  • Instruction Fuzzy Hash: 6F318734640109EFD704DB94C995FB9B3F2FB89704F2982E8E9495B391CB71AE41DB84
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 64%
			E0015A160(void* __ebx, intOrPtr __ecx, void* __eflags) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				signed int _t22;
				signed int _t23;
				void* _t51;
				void* _t52;
				signed int _t53;
				void* _t54;

				_t22 =  *0x414f64; // 0x48591883
				_t23 = _t22 ^ _t53;
				_v20 = _t23;
				 *[fs:0x0] =  &_v16;
				_v156 = __ecx;
				__imp__??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z(_t23,  *[fs:0x0], 0x3711fc, 0xffffffff);
				_v8 = 0;
				_v168 = _t54 - 0x84;
				_v172 = E0019E920(__ebx, _v156 + 0xa98, _t51, _t52, __eflags, _t54 - 0x84,  &_v152);
				E00207520(_v156 + 0xaa0,  &_v152);
				_v160 = E00207F30(__ebx, E00208830(_v156 + 0xaa0, "profilelist"),  &_v152);
				_v164 = _v160;
				_v8 = 0xffffffff;
				__imp__??1CDuiString@DuiLib@@QAE@XZ();
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t53, L"ProfileList.ini");
			}


















0x0015a177
0x0015a17c
0x0015a17e
0x0015a185
0x0015a18b
0x0015a1a9
0x0015a1af
0x0015a1bb
0x0015a1da
0x0015a1ec
0x0015a20e
0x0015a21a
0x0015a220
0x0015a22d
0x0015a23c
0x0015a251

APIs
  • ??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z.DUILIB(?,ProfileList.ini,48591883), ref: 0015A1A9
    • Part of subcall function 0019E920: ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(00158AFA), ref: 0019E9A1
    • Part of subcall function 0019E920: ?GetData@CDuiString@DuiLib@@QBEPB_WXZ.DUILIB(?), ref: 0019E9D8
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB(profilelist,?,?), ref: 0015A22D
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$Data@V01@V01@@
  • String ID: ProfileList.ini$profilelist
  • API String ID: 3377710922-993712376
  • Opcode ID: c11010ddcc6fe07927f25d059b5859e259a963ba21818d289605beb1432180c6
  • Instruction ID: 945eea1a85410c031f68bc362b3ec9bcbcc8f32c71cfa1ff2939963b2f34cfa3
  • Opcode Fuzzy Hash: c11010ddcc6fe07927f25d059b5859e259a963ba21818d289605beb1432180c6
  • Instruction Fuzzy Hash: 7F213874E102189FDB64DF68CC55BADB7B4EB4A704F4086E9E90EA7382DB342A44CF45
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 72%
			E00181190(void* __esi) {
				intOrPtr _v8;
				char _v16;
				signed int _t7;
				signed int _t22;

				_push(0xffffffff);
				_push(0x373bdc);
				_push( *[fs:0x0]);
				_t7 =  *0x414f64; // 0x48591883
				_push(_t7 ^ _t22);
				 *[fs:0x0] =  &_v16;
				_t2 =  *((intOrPtr*)( *[fs:0x2c])) + 4; // 0xcccc0004
				if( *0x424c2c >  *_t2) {
					E00345207(0x424c2c);
					_t28 =  *0x424c2c - 0xffffffff;
					if( *0x424c2c == 0xffffffff) {
						_v8 = 0;
						E00181150(0x424c30);
						E00344F6C(_t28, 0x387ff0);
						_v8 = 0xffffffff;
						E003451C8(__esi, 0x424c2c);
					}
				}
				 *[fs:0x0] = _v16;
				return 0x424c30;
			}







0x00181193
0x00181195
0x001811a0
0x001811a1
0x001811a8
0x001811ac
0x001811c0
0x001811c6
0x001811cd
0x001811d5
0x001811dc
0x001811de
0x001811ea
0x001811f4
0x001811fc
0x00181208
0x0018120d
0x001811dc
0x00181218
0x00181223

APIs
  • _Immortalizer.LIBCPMTD ref: 001811EA
    • Part of subcall function 00181150: std::_Iostream_error_category::_Iostream_error_category.LIBCPMTD ref: 00181173
    • Part of subcall function 00344F6C: __onexit.LIBCMT ref: 00344F72
  • __Init_thread_footer.LIBCMT ref: 00181208
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ImmortalizerInit_thread_footerIostream_error_categoryIostream_error_category::___onexitstd::_
  • String ID: 0LB$0LB
  • API String ID: 2694474063-2692957790
  • Opcode ID: 80ac36cb9bba35d216541c643d1b6a35bb96115ac591b391b4f974045390b4b0
  • Instruction ID: d393e31d357dd57b9075d657f0c75a967fecfe3f0682f6e292d9ad5781d783c9
  • Opcode Fuzzy Hash: 80ac36cb9bba35d216541c643d1b6a35bb96115ac591b391b4f974045390b4b0
  • Instruction Fuzzy Hash: 4B012BB2F40644EBC721DB99EC02B4573A4E748B20F204735E5254B7C0DF7579018F49
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 64%
			E00215341(void* __ecx) {
				char _v8;
				char _v16;
				intOrPtr _v28;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t17;
				void* _t19;
				void* _t21;

				_t16 = __ecx;
				_t19 = _t21;
				_push(__ecx);
				_v8 = 0x414120;
				E00349ADA( &_v8, 0x3fb9c0);
				asm("int3");
				_push(_t19);
				_push(_t16);
				_t3 =  &_v16; // 0x414120
				_v16 = 0x414008;
				E00349ADA(_t3, 0x3fba20);
				asm("int3");
				_push(4);
				E00345555(0x38775d);
				_t17 = E00218B17(0x164);
				_v28 = _t17;
				_t14 = 0;
				_v16 = 0;
				if(_t17 != 0) {
					_t14 = E00215BD9(_t17);
				}
				return E0034551E(_t14);
			}











0x00215341
0x00215342
0x00215344
0x0021534d
0x00215355
0x0021535a
0x0021535b
0x0021535e
0x00215364
0x00215367
0x0021536f
0x00215374
0x00215375
0x0021537c
0x0021538b
0x0021538d
0x00215390
0x00215392
0x00215397
0x00215399
0x00215399
0x002153a3

APIs
  • __CxxThrowException@8.LIBVCRUNTIME ref: 00215355
    • Part of subcall function 00349ADA: RaiseException.KERNEL32(?,?,?,00345F88,00000000,?,?,?,?,?,?,?,00345F88,?,00408BFC), ref: 00349B39
  • __CxxThrowException@8.LIBVCRUNTIME ref: 0021536F
  • __EH_prolog3.LIBCMT ref: 0021537C
    • Part of subcall function 00218B17: LocalAlloc.KERNEL32(00000040,8007000E,?,0021538B,00000164,00000004, AA,003FBA20,?,?,80004005,003FB9C0,00000000,?,0016AB81), ref: 00218B1F
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Exception@8Throw$AllocExceptionH_prolog3LocalRaise
  • String ID: AA
  • API String ID: 793778368-800428208
  • Opcode ID: 7aad4de1a1d0dc8442323473958a0ac2302aaca2e918dfae3f9691afc0c68af4
  • Instruction ID: 4f7005e2ee52fe809cfbcbcf71f71b8a2526f3b54acb14868385cf44abd10110
  • Opcode Fuzzy Hash: 7aad4de1a1d0dc8442323473958a0ac2302aaca2e918dfae3f9691afc0c68af4
  • Instruction Fuzzy Hash: 75F082F091470DBBCB05FFA48806EEEBAEEDB41304F5004A5B6009B641EBB0AF005624
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??8CDuiString@DuiLib@@QBE_NPB_W@Z.DUILIB(selectchanged), ref: 001567EF
  • ??8CDuiString@DuiLib@@QBE_NPB_W@Z.DUILIB(return), ref: 00156810
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@
  • String ID: return$selectchanged
  • API String ID: 514026501-2279799863
  • Opcode ID: a014f16153693f7fc83df7db94cca4a5126e6b1e9390e9c76345d0939839d410
  • Instruction ID: 4e8ef439539f86080872b82e907000329295985dd0078ceafbe13cee5abe4c03
  • Opcode Fuzzy Hash: a014f16153693f7fc83df7db94cca4a5126e6b1e9390e9c76345d0939839d410
  • Instruction Fuzzy Hash: 34F06D70704204EBCB45CB40D844AED7BA5EB56301F9481A9EC445F351CB71EE45DB90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 75%
			E00361A1C(void* __edx, signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				char _v40;
				intOrPtr _v48;
				char _v52;
				void* __ebx;
				void* __edi;
				void* _t86;
				signed int _t92;
				signed int _t93;
				signed int _t94;
				signed int _t100;
				void* _t101;
				void* _t102;
				void* _t104;
				void* _t107;
				void* _t109;
				void* _t111;
				void* _t115;
				char* _t116;
				void* _t119;
				signed int _t121;
				signed int _t128;
				signed int* _t129;
				signed int _t136;
				signed int _t137;
				char _t138;
				signed int _t139;
				signed int _t142;
				signed int _t146;
				signed int _t151;
				char _t156;
				char _t157;
				void* _t161;
				unsigned int _t162;
				signed int _t164;
				signed int _t166;
				signed int _t170;
				void* _t171;
				signed int* _t172;
				signed int _t174;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t187;

				_t171 = __edx;
				_t181 = _a24;
				if(_t181 < 0) {
					_t181 = 0;
				}
				_t184 = _a8;
				 *_t184 = 0;
				E0034D2FA(0,  &_v52, _t171, _a36);
				_t5 = _t181 + 0xb; // 0xb
				if(_a12 > _t5) {
					_t172 = _a4;
					_t142 = _t172[1];
					_v36 =  *_t172;
					__eflags = (_t142 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if((_t142 >> 0x00000014 & 0x000007ff) != 0x7ff) {
						L11:
						__eflags = _t142 & 0x80000000;
						if((_t142 & 0x80000000) != 0) {
							 *_t184 = 0x2d;
							_t184 = _t184 + 1;
							__eflags = _t184;
						}
						__eflags = _a28;
						_v16 = 0x3ff;
						_t136 = ((0 | _a28 == 0x00000000) - 0x00000001 & 0xffffffe0) + 0x27;
						__eflags = _t172[1] & 0x7ff00000;
						_v32 = _t136;
						_t86 = 0x30;
						if((_t172[1] & 0x7ff00000) != 0) {
							 *_t184 = 0x31;
							_t185 = _t184 + 1;
							__eflags = _t185;
						} else {
							 *_t184 = _t86;
							_t185 = _t184 + 1;
							_t164 =  *_t172 | _t172[1] & 0x000fffff;
							__eflags = _t164;
							if(_t164 != 0) {
								_v16 = 0x3fe;
							} else {
								_v16 = _v16 & _t164;
							}
						}
						_t146 = _t185;
						_t186 = _t185 + 1;
						_v28 = _t146;
						__eflags = _t181;
						if(_t181 != 0) {
							_t30 = _v48 + 0x88; // 0xffce8305
							 *_t146 =  *((intOrPtr*)( *((intOrPtr*)( *_t30))));
						} else {
							 *_t146 = 0;
						}
						_t92 = _t172[1] & 0x000fffff;
						__eflags = _t92;
						_v20 = _t92;
						if(_t92 > 0) {
							L23:
							_t33 =  &_v8;
							 *_t33 = _v8 & 0x00000000;
							__eflags =  *_t33;
							_t147 = 0xf0000;
							_t93 = 0x30;
							_v12 = _t93;
							_v20 = 0xf0000;
							do {
								__eflags = _t181;
								if(_t181 <= 0) {
									break;
								}
								_t119 = E0036F970( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
								_t161 = 0x30;
								_t121 = _t119 + _t161 & 0x0000ffff;
								__eflags = _t121 - 0x39;
								if(_t121 > 0x39) {
									_t121 = _t121 + _t136;
									__eflags = _t121;
								}
								_t162 = _v20;
								_t172 = _a4;
								 *_t186 = _t121;
								_t186 = _t186 + 1;
								_v8 = (_t162 << 0x00000020 | _v8) >> 4;
								_t147 = _t162 >> 4;
								_t93 = _v12 - 4;
								_t181 = _t181 - 1;
								_v20 = _t162 >> 4;
								_v12 = _t93;
								__eflags = _t93;
							} while (_t93 >= 0);
							__eflags = _t93;
							if(_t93 < 0) {
								goto L39;
							}
							_t115 = E0036F970( *_t172 & _v8, _v12, _t172[1] & _t147 & 0x000fffff);
							__eflags = _t115 - 8;
							if(_t115 <= 8) {
								goto L39;
							}
							_t116 = _t186 - 1;
							_t138 = 0x30;
							while(1) {
								_t156 =  *_t116;
								__eflags = _t156 - 0x66;
								if(_t156 == 0x66) {
									goto L33;
								}
								__eflags = _t156 - 0x46;
								if(_t156 != 0x46) {
									_t139 = _v32;
									__eflags = _t116 - _v28;
									if(_t116 == _v28) {
										_t57 = _t116 - 1;
										 *_t57 =  *(_t116 - 1) + 1;
										__eflags =  *_t57;
									} else {
										_t157 =  *_t116;
										__eflags = _t157 - 0x39;
										if(_t157 != 0x39) {
											 *_t116 = _t157 + 1;
										} else {
											 *_t116 = _t139 + 0x3a;
										}
									}
									goto L39;
								}
								L33:
								 *_t116 = _t138;
								_t116 = _t116 - 1;
							}
						} else {
							__eflags =  *_t172;
							if( *_t172 <= 0) {
								L39:
								__eflags = _t181;
								if(_t181 > 0) {
									_push(_t181);
									_t111 = 0x30;
									_push(_t111);
									_push(_t186);
									E00349980(_t181);
									_t186 = _t186 + _t181;
									__eflags = _t186;
								}
								_t94 = _v28;
								__eflags =  *_t94;
								if( *_t94 == 0) {
									_t186 = _t94;
								}
								__eflags = _a28;
								 *_t186 = ((_t94 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								_t174 = _a4[1];
								_t100 = E0036F970( *_a4, 0x34, _t174);
								_t137 = 0;
								_t151 = (_t100 & 0x000007ff) - _v16;
								__eflags = _t151;
								asm("sbb ebx, ebx");
								if(__eflags < 0) {
									L47:
									 *(_t186 + 1) = 0x2d;
									_t187 = _t186 + 2;
									__eflags = _t187;
									_t151 =  ~_t151;
									asm("adc ebx, 0x0");
									_t137 =  ~_t137;
									goto L48;
								} else {
									if(__eflags > 0) {
										L46:
										 *(_t186 + 1) = 0x2b;
										_t187 = _t186 + 2;
										L48:
										_t182 = _t187;
										_t101 = 0x30;
										 *_t187 = _t101;
										__eflags = _t137;
										if(__eflags < 0) {
											L56:
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L60:
												_push(0);
												_push(0xa);
												_push(_t137);
												_push(_t151);
												_t102 = E0036FA50();
												_v32 = _t174;
												 *_t187 = _t102 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												L61:
												_t104 = 0x30;
												_t183 = 0;
												__eflags = 0;
												 *_t187 = _t151 + _t104;
												 *(_t187 + 1) = 0;
												goto L62;
											}
											__eflags = _t137;
											if(__eflags < 0) {
												goto L61;
											}
											if(__eflags > 0) {
												goto L60;
											}
											__eflags = _t151 - 0xa;
											if(_t151 < 0xa) {
												goto L61;
											}
											goto L60;
										}
										if(__eflags > 0) {
											L51:
											_push(0);
											_push(0x3e8);
											_push(_t137);
											_push(_t151);
											_t107 = E0036FA50();
											_v32 = _t174;
											 *_t187 = _t107 + 0x30;
											_t187 = _t187 + 1;
											__eflags = _t187 - _t182;
											if(_t187 != _t182) {
												L55:
												_push(0);
												_push(0x64);
												_push(_t137);
												_push(_t151);
												_t109 = E0036FA50();
												_v32 = _t174;
												 *_t187 = _t109 + 0x30;
												_t187 = _t187 + 1;
												__eflags = _t187;
												goto L56;
											}
											L52:
											__eflags = _t137;
											if(__eflags < 0) {
												goto L56;
											}
											if(__eflags > 0) {
												goto L55;
											}
											__eflags = _t151 - 0x64;
											if(_t151 < 0x64) {
												goto L56;
											}
											goto L55;
										}
										__eflags = _t151 - 0x3e8;
										if(_t151 < 0x3e8) {
											goto L52;
										}
										goto L51;
									}
									__eflags = _t151;
									if(_t151 < 0) {
										goto L47;
									}
									goto L46;
								}
							}
							goto L23;
						}
					}
					__eflags = 0;
					if(0 != 0) {
						goto L11;
					} else {
						_t183 = E00361D1F(0, _t142, 0, _t172, _t184, _a12, _a16, _a20, _t181, 0, _a32, 0);
						__eflags = _t183;
						if(_t183 == 0) {
							_t128 = E0036FB40(_t184, 0x65);
							_pop(_t166);
							__eflags = _t128;
							if(_t128 != 0) {
								__eflags = _a28;
								_t170 = ((_t166 & 0xffffff00 | _a28 == 0x00000000) - 0x00000001 & 0x000000e0) + 0x70;
								__eflags = _t170;
								 *_t128 = _t170;
								 *((char*)(_t128 + 3)) = 0;
							}
							_t183 = 0;
						} else {
							 *_t184 = 0;
						}
						goto L62;
					}
				} else {
					_t129 = E0035013D();
					_t183 = 0x22;
					 *_t129 = _t183;
					E0034D667();
					L62:
					if(_v40 != 0) {
						 *(_v52 + 0x350) =  *(_v52 + 0x350) & 0xfffffffd;
					}
					return _t183;
				}
			}
























































0x00361a1c
0x00361a27
0x00361a2e
0x00361a30
0x00361a30
0x00361a32
0x00361a3b
0x00361a3d
0x00361a42
0x00361a48
0x00361a5e
0x00361a63
0x00361a66
0x00361a73
0x00361a78
0x00361acc
0x00361ad4
0x00361ad6
0x00361ad8
0x00361adb
0x00361adb
0x00361adb
0x00361ae1
0x00361ae9
0x00361afc
0x00361aff
0x00361b01
0x00361b04
0x00361b05
0x00361b26
0x00361b29
0x00361b29
0x00361b07
0x00361b07
0x00361b09
0x00361b14
0x00361b14
0x00361b16
0x00361b1d
0x00361b18
0x00361b18
0x00361b18
0x00361b16
0x00361b2a
0x00361b2c
0x00361b2d
0x00361b30
0x00361b32
0x00361b3c
0x00361b46
0x00361b34
0x00361b34
0x00361b34
0x00361b4b
0x00361b4b
0x00361b50
0x00361b53
0x00361b5e
0x00361b5e
0x00361b5e
0x00361b5e
0x00361b62
0x00361b69
0x00361b6a
0x00361b6d
0x00361b70
0x00361b70
0x00361b72
0x00000000
0x00000000
0x00361b8a
0x00361b91
0x00361b95
0x00361b98
0x00361b9b
0x00361b9d
0x00361b9d
0x00361b9d
0x00361b9f
0x00361ba2
0x00361ba5
0x00361ba7
0x00361baf
0x00361bb5
0x00361bb8
0x00361bbb
0x00361bbc
0x00361bbf
0x00361bc2
0x00361bc2
0x00361bc7
0x00361bca
0x00000000
0x00000000
0x00361be2
0x00361be7
0x00361beb
0x00000000
0x00000000
0x00361bef
0x00361bf2
0x00361bf3
0x00361bf3
0x00361bf5
0x00361bf8
0x00000000
0x00000000
0x00361bfa
0x00361bfd
0x00361c04
0x00361c07
0x00361c0a
0x00361c20
0x00361c20
0x00361c20
0x00361c0c
0x00361c0c
0x00361c0e
0x00361c11
0x00361c1c
0x00361c13
0x00361c16
0x00361c16
0x00361c11
0x00000000
0x00361c0a
0x00361bff
0x00361bff
0x00361c01
0x00361c01
0x00361b55
0x00361b55
0x00361b58
0x00361c23
0x00361c23
0x00361c25
0x00361c27
0x00361c2a
0x00361c2b
0x00361c2c
0x00361c2d
0x00361c35
0x00361c35
0x00361c35
0x00361c37
0x00361c3a
0x00361c3d
0x00361c3f
0x00361c3f
0x00361c41
0x00361c53
0x00361c57
0x00361c5a
0x00361c61
0x00361c69
0x00361c69
0x00361c6c
0x00361c6e
0x00361c7f
0x00361c7f
0x00361c83
0x00361c83
0x00361c86
0x00361c88
0x00361c8b
0x00000000
0x00361c70
0x00361c70
0x00361c76
0x00361c76
0x00361c7a
0x00361c8d
0x00361c8d
0x00361c91
0x00361c92
0x00361c94
0x00361c96
0x00361cd7
0x00361cd7
0x00361cd9
0x00361ce6
0x00361ce6
0x00361ce8
0x00361cea
0x00361ceb
0x00361cec
0x00361cf3
0x00361cf6
0x00361cf8
0x00361cf8
0x00361cf9
0x00361cfb
0x00361cfe
0x00361cfe
0x00361d00
0x00361d02
0x00000000
0x00361d02
0x00361cdb
0x00361cdd
0x00000000
0x00000000
0x00361cdf
0x00000000
0x00000000
0x00361ce1
0x00361ce4
0x00000000
0x00000000
0x00000000
0x00361ce4
0x00361c9d
0x00361ca3
0x00361ca3
0x00361ca5
0x00361ca6
0x00361ca7
0x00361ca8
0x00361caf
0x00361cb2
0x00361cb4
0x00361cb5
0x00361cb7
0x00361cc4
0x00361cc4
0x00361cc6
0x00361cc8
0x00361cc9
0x00361cca
0x00361cd1
0x00361cd4
0x00361cd6
0x00361cd6
0x00000000
0x00361cd6
0x00361cb9
0x00361cb9
0x00361cbb
0x00000000
0x00000000
0x00361cbd
0x00000000
0x00000000
0x00361cbf
0x00361cc2
0x00000000
0x00000000
0x00000000
0x00361cc2
0x00361c9f
0x00361ca1
0x00000000
0x00000000
0x00000000
0x00361ca1
0x00361c72
0x00361c74
0x00000000
0x00000000
0x00000000
0x00361c74
0x00361c6e
0x00000000
0x00361b58
0x00361b53
0x00361a7a
0x00361a7c
0x00000000
0x00361a7e
0x00361a94
0x00361a99
0x00361a9b
0x00361aa7
0x00361aad
0x00361aae
0x00361ab0
0x00361ab2
0x00361abd
0x00361abd
0x00361ac0
0x00361ac2
0x00361ac2
0x00361ac5
0x00361a9d
0x00361a9d
0x00361a9d
0x00000000
0x00361a9b
0x00361a4a
0x00361a4a
0x00361a51
0x00361a52
0x00361a54
0x00361d06
0x00361d0a
0x00361d0f
0x00361d0f
0x00361d1e
0x00361d1e

APIs
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: __alldvrm$_strrchr
  • String ID:
  • API String ID: 1036877536-0
  • Opcode ID: 07cca60c983d0fb665ffa44e571f6200ee450a47b7e2a168dbd9c62fa1a22f9a
  • Instruction ID: 1f7deb05b3dbaa4c04a06c4ea2175f09969e6aebbaadda3bd2a7cd1a21d075f4
  • Opcode Fuzzy Hash: 07cca60c983d0fb665ffa44e571f6200ee450a47b7e2a168dbd9c62fa1a22f9a
  • Instruction Fuzzy Hash: 09A14472A407869FDB23CF68C8917BEBBE5EF16310F1D816EE4859B285D3348941C750
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 94%
			E0019ED40(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				intOrPtr _v20;
				signed char _v21;
				signed char _v22;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v52;
				char _v56;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char _v72;
				char _v76;
				char _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char _v116;
				void* __ecx;
				signed int _t113;
				signed char _t139;
				signed char _t155;
				signed int _t192;
				signed int _t208;
				intOrPtr _t214;
				intOrPtr _t226;
				signed int _t242;
				void* _t243;
				intOrPtr _t244;
				intOrPtr _t245;

				_push(0xffffffff);
				_push(0x375d78);
				_push( *[fs:0x0]);
				_t244 = _t243 - 0x60;
				_t113 =  *0x414f64; // 0x48591883
				_push(_t113 ^ _t242);
				 *[fs:0x0] =  &_v16;
				_v20 = _t244;
				_v28 = 0;
				_v36 = E00167FB0(_a8);
				_t214 = _a4 +  *((intOrPtr*)( *_a4 + 4));
				_v92 = E00180810(_t214);
				_v88 = _t214;
				_t245 = _v88;
				if(_t245 < 0 || _t245 <= 0 && _v92 <= 0 || E00180810(_a4 +  *((intOrPtr*)( *_a4 + 4))) <= _v36) {
					_v40 = 0;
				} else {
					_v40 = E00180810(_a4 +  *((intOrPtr*)( *_a4 + 4))) - _v36;
				}
				_v32 = _v40;
				E0017FDE0(_a4);
				_v8 = 0;
				if((E0017F4A0( &_v116) & 0x000000ff) != 0) {
					_v8 = 1;
					_v44 = E00180890(_a4 +  *((intOrPtr*)( *_a4 + 4)));
					__eflags = (_v44 & 0x000001c0) - 0x40;
					if((_v44 & 0x000001c0) != 0x40) {
						while(1) {
							__eflags = _v32;
							if(_v32 <= 0) {
								goto L15;
							}
							_t42 =  *_a4 + 4; // 0x8458b0a
							_v21 = E00180560(_a4 +  *_t42);
							_v48 = E0017F880(_a4 +  *((intOrPtr*)( *_a4 + 4)));
							_v52 = E001804F0(_v48,  *_a4, _v21 & 0x000000ff);
							_v56 = _v52;
							_v60 = E00181830(_t152);
							_t155 = E00181840(_v52,  &_v60,  &_v56);
							_t244 = _t244 + 8;
							__eflags = _t155 & 0x000000ff;
							if((_t155 & 0x000000ff) == 0) {
								_t208 = _v32 - 1;
								__eflags = _t208;
								_v32 = _t208;
								continue;
							} else {
								_v28 = _v28 | 0x00000004;
							}
							goto L15;
						}
					}
					L15:
					__eflags = _v28;
					if(_v28 != 0) {
						L19:
						while(1) {
							__eflags = _v32;
							if(_v32 <= 0) {
								goto L25;
							}
							_t82 =  *_a4 + 4; // 0x8458b0a
							_v22 = E00180560(_a4 +  *_t82);
							_v68 = E0017F880(_a4 +  *((intOrPtr*)( *_a4 + 4)));
							_v72 = E001804F0(_v68,  *_a4, _v22 & 0x000000ff);
							_v76 = _v72;
							_v80 = E00181830(_t136);
							_t139 = E00181840(_v72,  &_v80,  &_v76);
							_t244 = _t244 + 8;
							__eflags = _t139 & 0x000000ff;
							if((_t139 & 0x000000ff) == 0) {
								_t192 = _v32 - 1;
								__eflags = _t192;
								_v32 = _t192;
								continue;
							} else {
								_v28 = _v28 | 0x00000004;
							}
							goto L25;
						}
					} else {
						_t226 = _a4 +  *((intOrPtr*)( *_a4 + 4));
						_v64 = E0017F880(_t226);
						_v100 = E0019F170(_v64, E00169DB0(), _v36, 0);
						_v96 = _t226;
						_v108 = _v36;
						_v104 = 0;
						__eflags = _v100 - _v108;
						if(_v100 != _v108) {
							L18:
							_v28 = _v28 | 0x00000004;
						} else {
							__eflags = _v96 - _v104;
							if(_v96 == _v104) {
								goto L19;
							} else {
								goto L18;
							}
						}
					}
					L25:
					E001807D0(_a4 +  *((intOrPtr*)( *_a4 + 4)), 0, 0);
					_v8 = 0;
				} else {
					_v28 = _v28 | 0x00000004;
				}
				E0017F2F0(_a4 +  *((intOrPtr*)( *_a4 + 4)), _v28, 0);
				_v84 = _a4;
				_v8 = 0xffffffff;
				E0017FD80(_a4 +  *((intOrPtr*)( *_a4 + 4)));
				 *[fs:0x0] = _v16;
				return _v84;
			}










































0x0019ed43
0x0019ed45
0x0019ed50
0x0019ed52
0x0019ed58
0x0019ed5f
0x0019ed63
0x0019ed69
0x0019ed6c
0x0019ed7b
0x0019ed86
0x0019ed90
0x0019ed93
0x0019ed96
0x0019ed9a
0x0019edd5
0x0019edbb
0x0019edd0
0x0019edd0
0x0019eddf
0x0019ede9
0x0019edee
0x0019ee02
0x0019ee12
0x0019ee26
0x0019ee31
0x0019ee34
0x0019ee41
0x0019ee41
0x0019ee45
0x00000000
0x00000000
0x0019ee4f
0x0019ee57
0x0019ee6a
0x0019ee7a
0x0019ee80
0x0019ee88
0x0019ee93
0x0019ee98
0x0019ee9e
0x0019eea0
0x0019ee3b
0x0019ee3b
0x0019ee3e
0x00000000
0x0019eea2
0x0019eea8
0x0019eea8
0x00000000
0x0019eea0
0x0019ee41
0x0019eeaf
0x0019eeaf
0x0019eeb3
0x0019ef0e
0x0019ef19
0x0019ef19
0x0019ef1d
0x00000000
0x00000000
0x0019ef27
0x0019ef2f
0x0019ef42
0x0019ef52
0x0019ef58
0x0019ef60
0x0019ef6b
0x0019ef70
0x0019ef76
0x0019ef78
0x0019ef13
0x0019ef13
0x0019ef16
0x00000000
0x0019ef7a
0x0019ef80
0x0019ef80
0x00000000
0x0019ef78
0x0019eeb5
0x0019eebd
0x0019eec7
0x0019eee2
0x0019eee5
0x0019eeed
0x0019eef0
0x0019eef6
0x0019eef9
0x0019ef03
0x0019ef09
0x0019eefb
0x0019eefe
0x0019ef01
0x00000000
0x00000000
0x00000000
0x00000000
0x0019ef01
0x0019eef9
0x0019ef87
0x0019ef98
0x0019efbb
0x0019ee04
0x0019ee0a
0x0019ee0a
0x0019efdc
0x0019efe4
0x0019efe7
0x0019eff1
0x0019effc
0x0019f00a

APIs
  • char_traits.LIBCPMTD ref: 0019EE93
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0019EED4
  • char_traits.LIBCPMTD ref: 0019EF6B
  • std::ios_base::width.LIBCPMTD ref: 0019EF98
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: char_traits$Container_base12Container_base12::~_std::_std::ios_base::width
  • String ID:
  • API String ID: 1883241956-0
  • Opcode ID: bf05e86de9bfab445ed4423badbfd2163ccc81c7a3b9b0e751bc4a03de23ecac
  • Instruction ID: 9f823a497b568acc3c5d2372701ccfc3baa6999d72b8229825d2124b2e6ecc18
  • Opcode Fuzzy Hash: bf05e86de9bfab445ed4423badbfd2163ccc81c7a3b9b0e751bc4a03de23ecac
  • Instruction Fuzzy Hash: 8BA1C874E00209DFDF08DF94C891AAEBBF1BF98304F248129E516AB355DB35AA45CF90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 94%
			E0036EFF6(signed int __edx, intOrPtr _a4, intOrPtr _a8, int _a12) {
				int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t16;
				signed int _t17;
				int _t20;
				signed int _t21;
				int _t23;
				signed int _t25;
				int _t28;
				intOrPtr* _t30;
				int _t34;
				int _t35;
				void* _t36;
				intOrPtr* _t37;
				intOrPtr* _t38;
				int _t46;
				void* _t54;
				void* _t56;
				signed int _t58;
				int _t61;
				int _t63;
				void* _t64;
				void* _t65;
				void* _t66;

				_t58 = __edx;
				_t59 = _a4;
				_t61 = 0;
				_t16 = E003630C5(_a4, 0, 0, 1);
				_v20 = _t16;
				_v16 = __edx;
				_t65 = _t64 + 0x10;
				if((_t16 & __edx) != 0xffffffff) {
					_t17 = E003630C5(_t59, 0, 0, 2);
					_t66 = _t65 + 0x10;
					_t51 = _t17 & __edx;
					__eflags = (_t17 & __edx) - 0xffffffff;
					if((_t17 & __edx) == 0xffffffff) {
						goto L1;
					}
					_t46 = _a8 - _t17;
					__eflags = _t46;
					_t20 = _a12;
					asm("sbb eax, edx");
					_v8 = _t20;
					if(__eflags < 0) {
						L24:
						__eflags = _t20 - _t61;
						if(__eflags > 0) {
							L19:
							_t21 = E003630C5(_t59, _v20, _v16, _t61);
							__eflags = (_t21 & _t58) - 0xffffffff;
							if((_t21 & _t58) != 0xffffffff) {
								_t23 = 0;
								__eflags = 0;
								L31:
								return _t23;
							}
							L20:
							_t23 =  *((intOrPtr*)(E0035013D()));
							goto L31;
						}
						if(__eflags < 0) {
							L27:
							_t25 = E003630C5(_t59, _a8, _a12, _t61);
							_t66 = _t66 + 0x10;
							__eflags = (_t25 & _t58) - 0xffffffff;
							if((_t25 & _t58) == 0xffffffff) {
								goto L20;
							}
							_t28 = SetEndOfFile(E0035D696(_t59));
							__eflags = _t28;
							if(_t28 != 0) {
								goto L19;
							}
							 *((intOrPtr*)(E0035013D())) = 0xd;
							_t30 = E0035012A();
							 *_t30 = GetLastError();
							goto L20;
						}
						__eflags = _t46 - _t61;
						if(_t46 >= _t61) {
							goto L19;
						}
						goto L27;
					}
					if(__eflags > 0) {
						L6:
						_t63 = E0035FA1C(_t51, 0x1000, 1);
						_pop(_t54);
						__eflags = _t63;
						if(_t63 != 0) {
							_v12 = E0035E18B(_t54, _t59, 0x8000);
							_t34 = _v8;
							_pop(_t56);
							do {
								__eflags = _t34;
								if(__eflags < 0) {
									L13:
									_t35 = _t46;
									L14:
									_t36 = E00362D1B(_t46, _t59, _t63, _t59, _t63, _t35);
									_t66 = _t66 + 0xc;
									__eflags = _t36 - 0xffffffff;
									if(_t36 == 0xffffffff) {
										_t37 = E0035012A();
										__eflags =  *_t37 - 5;
										if( *_t37 == 5) {
											 *((intOrPtr*)(E0035013D())) = 0xd;
										}
										L23:
										_t38 = E0035013D();
										E00360415(_t63);
										_t23 =  *_t38;
										goto L31;
									}
									asm("cdq");
									_t46 = _t46 - _t36;
									_t34 = _v8;
									asm("sbb eax, edx");
									_v8 = _t34;
									__eflags = _t34;
									if(__eflags > 0) {
										L12:
										_t35 = 0x1000;
										goto L14;
									}
									if(__eflags < 0) {
										break;
									}
									goto L17;
								}
								if(__eflags > 0) {
									goto L12;
								}
								__eflags = _t46 - 0x1000;
								if(_t46 < 0x1000) {
									goto L13;
								}
								goto L12;
								L17:
								__eflags = _t46;
							} while (_t46 != 0);
							E0035E18B(_t56, _t59, _v12);
							E00360415(_t63);
							_t66 = _t66 + 0xc;
							_t61 = 0;
							__eflags = 0;
							goto L19;
						}
						 *((intOrPtr*)(E0035013D())) = 0xc;
						goto L23;
					}
					__eflags = _t46;
					if(_t46 <= 0) {
						goto L24;
					}
					goto L6;
				}
				L1:
				return  *((intOrPtr*)(E0035013D()));
			}
































0x0036eff6
0x0036f000
0x0036f003
0x0036f00a
0x0036f011
0x0036f016
0x0036f019
0x0036f01f
0x0036f032
0x0036f039
0x0036f03c
0x0036f03e
0x0036f041
0x00000000
0x00000000
0x0036f047
0x0036f047
0x0036f049
0x0036f04c
0x0036f04e
0x0036f051
0x0036f12f
0x0036f12f
0x0036f131
0x0036f0e8
0x0036f0f0
0x0036f0fa
0x0036f0fd
0x0036f17e
0x0036f17e
0x0036f180
0x00000000
0x0036f180
0x0036f0ff
0x0036f104
0x00000000
0x0036f104
0x0036f133
0x0036f139
0x0036f141
0x0036f148
0x0036f14b
0x0036f14e
0x00000000
0x00000000
0x0036f158
0x0036f15e
0x0036f160
0x00000000
0x00000000
0x0036f167
0x0036f16d
0x0036f17a
0x00000000
0x0036f17a
0x0036f135
0x0036f137
0x00000000
0x00000000
0x00000000
0x0036f137
0x0036f057
0x0036f061
0x0036f06d
0x0036f070
0x0036f071
0x0036f073
0x0036f091
0x0036f094
0x0036f097
0x0036f098
0x0036f098
0x0036f09a
0x0036f0ad
0x0036f0ad
0x0036f0af
0x0036f0b2
0x0036f0b7
0x0036f0ba
0x0036f0bd
0x0036f108
0x0036f10d
0x0036f110
0x0036f117
0x0036f117
0x0036f11d
0x0036f11d
0x0036f125
0x0036f12b
0x00000000
0x0036f12b
0x0036f0bf
0x0036f0c0
0x0036f0c2
0x0036f0c5
0x0036f0c7
0x0036f0ca
0x0036f0cc
0x0036f0a6
0x0036f0a6
0x00000000
0x0036f0a6
0x0036f0ce
0x00000000
0x00000000
0x00000000
0x0036f0ce
0x0036f09c
0x00000000
0x00000000
0x0036f09e
0x0036f0a4
0x00000000
0x00000000
0x00000000
0x0036f0d0
0x0036f0d0
0x0036f0d0
0x0036f0d8
0x0036f0de
0x0036f0e3
0x0036f0e6
0x0036f0e6
0x00000000
0x0036f0e6
0x0036f07a
0x00000000
0x0036f07a
0x0036f059
0x0036f05b
0x00000000
0x00000000
0x00000000
0x0036f05b
0x0036f021
0x00000000

APIs
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: _free
  • String ID:
  • API String ID: 269201875-0
  • Opcode ID: a9622bd5cdc6f8435ad5ed90e42e2cdec7d491962bf953249d99bd37bd5ddf31
  • Instruction ID: 9a172b3c26a2d397a263d300949eef35f4c5179ecdd5ea73d6b970c8f445694f
  • Opcode Fuzzy Hash: a9622bd5cdc6f8435ad5ed90e42e2cdec7d491962bf953249d99bd37bd5ddf31
  • Instruction Fuzzy Hash: 11417131600500AFDB276BB9EC41EBE3AA9DF063B0F15C235F824DB19BDA3549458762
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 54%
			E0035B111(intOrPtr* _a4) {
				long _v20;
				void* _v28;
				signed int _v36;
				intOrPtr _t15;
				void* _t17;
				void* _t22;
				intOrPtr* _t23;
				signed int* _t26;
				void* _t32;
				long _t33;
				intOrPtr* _t36;
				signed int _t39;
				void* _t42;
				void* _t45;
				void* _t46;
				long _t50;
				void* _t53;
				void* _t55;

				if(_a4 != 0) {
					_t36 = _a4;
					_t3 = _t36 + 2; // 0x2
					_t42 = _t3;
					do {
						_t15 =  *_t36;
						_t36 = _t36 + 2;
					} while (_t15 != 0);
					_t38 = _t36 - _t42 >> 1;
					_t4 = _t38 + 1; // -1
					_t32 = _t4;
					_push(_t32 + _t32);
					_t17 = E00356BBD(_t36 - _t42 >> 1);
					_t45 = _t17;
					_pop(_t39);
					if(_t45 != 0) {
						if(E00356EA6(_t45, _t32, _a4) != 0) {
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E0034D694();
							asm("int3");
							_t55 = _t53;
							_push(_t55);
							_push(_t39);
							_push(_t45);
							_t46 = _v28;
							if(_t46 != 0) {
								_t50 = _v20;
								if(_t50 <= 0xffffffe0) {
									_push(_t32);
									_t33 = HeapSize( *0x422444, 0, _t46);
									if(_t50 == 0) {
										_t50 = _t50 + 1;
									}
									_t22 = HeapReAlloc( *0x422444, 0x10, _t46, _t50);
									if(_t22 == 0) {
										if(_t33 > 0x4000 || _t50 > _t33) {
											L21:
											_t23 = E0035013D();
											 *_t23 = E003500C4(GetLastError());
											_t22 = 0;
										} else {
											_v36 = _v36 | 0xffffffff;
											_t26 =  &_v36;
											__imp__HeapQueryInformation( *0x422444, 0, _t26, 4, _t22);
											if(_t26 == 0 || (_t39 & 0xffffff00 | _v36 == 0x00000002) == 0) {
												goto L21;
											} else {
												_t22 = _t46;
											}
										}
									}
								} else {
									 *((intOrPtr*)(E0035013D())) = 0xc;
									_t22 = 0;
								}
							} else {
								 *((intOrPtr*)(E0035013D())) = 0x16;
								E0034D667();
								_t22 = 0;
							}
							return _t22;
						} else {
							_t17 = _t45;
							goto L5;
						}
					} else {
						L5:
						return _t17;
					}
				} else {
					return 0;
				}
			}





















0x0035b11a
0x0035b120
0x0035b126
0x0035b126
0x0035b129
0x0035b129
0x0035b12c
0x0035b12f
0x0035b136
0x0035b139
0x0035b139
0x0035b13f
0x0035b140
0x0035b145
0x0035b147
0x0035b14a
0x0035b15f
0x0035b167
0x0035b168
0x0035b169
0x0035b16a
0x0035b16b
0x0035b16c
0x0035b171
0x0035b177
0x0035b17f
0x0035b182
0x0035b183
0x0035b184
0x0035b189
0x0035b1a3
0x0035b1a9
0x0035b1ba
0x0035b1ca
0x0035b1ce
0x0035b1d0
0x0035b1d0
0x0035b1db
0x0035b1e3
0x0035b1eb
0x0035b21d
0x0035b21d
0x0035b230
0x0035b232
0x0035b1f1
0x0035b1f1
0x0035b1f8
0x0035b204
0x0035b20c
0x00000000
0x0035b219
0x0035b219
0x0035b219
0x0035b20c
0x0035b1eb
0x0035b1ab
0x0035b1b0
0x0035b1b6
0x0035b1b6
0x0035b18b
0x0035b190
0x0035b196
0x0035b19b
0x0035b19b
0x0035b23b
0x0035b161
0x0035b161
0x00000000
0x0035b161
0x0035b14c
0x0035b14c
0x0035b14f
0x0035b14f
0x0035b11c
0x0035b11f
0x0035b11f

Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 9a1e6371e98656d9d655d2e809015f1388eddc5a4dc7010f002a78d4dd5cb8c0
  • Instruction ID: 8f9f278d970022b23168c2aee0942f29543bf1326f9a634ca32809a273b216a2
  • Opcode Fuzzy Hash: 9a1e6371e98656d9d655d2e809015f1388eddc5a4dc7010f002a78d4dd5cb8c0
  • Instruction Fuzzy Hash: 48313832200A08ABDB23AB74AC46F7AB75CEB813E2F660565FD158B1B0E7719D058761
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 82%
			E003698A8(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, int _a8, char* _a12, int _a16, short* _a20, int _a24, intOrPtr _a28) {
				signed int _v8;
				int _v12;
				char _v16;
				intOrPtr _v24;
				char _v28;
				void* _v40;
				signed int _t34;
				signed int _t40;
				int _t46;
				int _t53;
				void* _t55;
				int _t57;
				signed int _t63;
				int _t67;
				short* _t69;
				signed int _t70;
				short* _t71;

				_t34 =  *0x414f64; // 0x48591883
				_v8 = _t34 ^ _t70;
				E0034D2FA(__ebx,  &_v28, __edx, _a4);
				_t57 = _a24;
				if(_t57 == 0) {
					_t6 = _v24 + 8; // 0xc0b0a09
					_t53 =  *_t6;
					_t57 = _t53;
					_a24 = _t53;
				}
				_t67 = 0;
				_t40 = MultiByteToWideChar(_t57, 1 + (0 | _a28 != 0x00000000) * 8, _a12, _a16, 0, 0);
				_v12 = _t40;
				if(_t40 == 0) {
					L15:
					if(_v16 != 0) {
						 *(_v28 + 0x350) =  *(_v28 + 0x350) & 0xfffffffd;
					}
					return E00344CC8(_v8 ^ _t70);
				}
				_t55 = _t40 + _t40;
				_t17 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				if((_t17 & _t40) == 0) {
					_t69 = 0;
					L11:
					if(_t69 != 0) {
						E00349980(_t67, _t69, _t67, _t55);
						_t46 = MultiByteToWideChar(_a24, 1, _a12, _a16, _t69, _v12);
						if(_t46 != 0) {
							_t67 = GetStringTypeW(_a8, _t69, _t46, _a20);
						}
					}
					L14:
					E00347108(_t69);
					goto L15;
				}
				_t20 = _t55 + 8; // 0xc
				asm("sbb eax, eax");
				_t48 = _t40 & _t20;
				_t21 = _t55 + 8; // 0xc
				_t63 = _t21;
				if((_t40 & _t20) > 0x400) {
					asm("sbb eax, eax");
					_t69 = E003600B9(_t63, _t48 & _t63);
					if(_t69 == 0) {
						goto L14;
					}
					 *_t69 = 0xdddd;
					L9:
					_t69 =  &(_t69[4]);
					goto L11;
				}
				asm("sbb eax, eax");
				E003458C0();
				_t69 = _t71;
				if(_t69 == 0) {
					goto L14;
				}
				 *_t69 = 0xcccc;
				goto L9;
			}




















0x003698b0
0x003698b7
0x003698c3
0x003698c8
0x003698cd
0x003698d2
0x003698d2
0x003698d5
0x003698d7
0x003698d7
0x003698dc
0x003698f5
0x003698fb
0x00369900
0x0036999f
0x003699a3
0x003699a8
0x003699a8
0x003699c4
0x003699c4
0x00369906
0x00369909
0x0036990e
0x00369912
0x0036995e
0x00369960
0x00369962
0x00369967
0x0036997e
0x00369986
0x00369996
0x00369996
0x00369986
0x00369998
0x00369999
0x00000000
0x0036999e
0x00369914
0x00369919
0x0036991b
0x0036991d
0x0036991d
0x00369925
0x00369942
0x0036994c
0x00369951
0x00000000
0x00000000
0x00369953
0x00369959
0x00369959
0x00000000
0x00369959
0x00369929
0x0036992d
0x00369932
0x00369936
0x00000000
0x00000000
0x00369938
0x00000000

APIs
  • MultiByteToWideChar.KERNEL32(00000004,00000000,0000007F,003BA7B8,00000000,00000000,8B56FF8B,0035E356,?,00000004,00000001,003BA7B8,0000007F,?,8B56FF8B,00000001), ref: 003698F5
  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0036997E
  • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00369990
  • __freea.LIBCMT ref: 00369999
    • Part of subcall function 003600B9: HeapAlloc.KERNEL32(00000000,?,00000004,?,0036011C,?,00000000,?,0035C240,?,00000004,FFFFFFFF,?,?,?,0035F6AB), ref: 003600EB
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ByteCharMultiWide$AllocHeapStringType__freea
  • String ID:
  • API String ID: 573072132-0
  • Opcode ID: 7a53f5b80dfa541286901ac80702490dee4173ddac82c1c1e9bada250876ea90
  • Instruction ID: 54459116dad5be9e335762ad58af0c699a11205308d5b1b639901e5fa1dd3c5d
  • Opcode Fuzzy Hash: 7a53f5b80dfa541286901ac80702490dee4173ddac82c1c1e9bada250876ea90
  • Instruction Fuzzy Hash: 1C319F32A0020AABDB269F65DC41EEE7BE9EB40710F09816EF805DA254E735DD50CB90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 81%
			E001982F0(void* __eflags, intOrPtr _a4, char* _a8) {
				int _v8;
				char _v16;
				char _v20;
				short* _v24;
				signed int _v28;
				signed int _v32;
				short* _v36;
				short* _v40;
				signed int _t42;
				intOrPtr _t60;
				signed int _t83;
				signed int _t86;
				void* _t92;

				_t92 = __eflags;
				_push(0xffffffff);
				_push(0x3754b8);
				_push( *[fs:0x0]);
				_t42 =  *0x414f64; // 0x48591883
				_push(_t42 ^ _t86);
				 *[fs:0x0] =  &_v16;
				_v28 = 0;
				E00169F60( &_v20);
				_v8 = 0;
				_v32 = MultiByteToWideChar(0xfde9, 0, _a8, 0xffffffff, 0, 0);
				_push( ~(_t92 > 0) | _v32 * 0x00000002);
				_v36 = E0021498E( ~(_t92 > 0) | _v32 * 0x00000002, _t92);
				_v24 = _v36;
				if(_v24 != 0) {
					MultiByteToWideChar(0xfde9, 0, _a8, 0xffffffff, _v24, _v32);
					E001698A0( &_v20,  &_v20, L"%s", _v24);
					_v40 = _v24;
					L00214989(_v40);
					E0016A090(_a4,  &_v20);
					_t83 = _v28 | 0x00000001;
					__eflags = _t83;
					_v28 = _t83;
					_v8 = 0xffffffff;
					E0016A0B0( &_v20);
					_t60 = _a4;
				} else {
					E0016A090(_a4,  &_v20);
					_v28 = _v28 | 0x00000001;
					_v8 = 0xffffffff;
					E0016A0B0( &_v20);
					_t60 = _a4;
				}
				 *[fs:0x0] = _v16;
				return _t60;
			}
















0x001982f0
0x001982f3
0x001982f5
0x00198300
0x00198304
0x0019830b
0x0019830f
0x00198315
0x0019831f
0x00198324
0x00198342
0x00198358
0x00198361
0x00198367
0x0019836e
0x001983ae
0x001983c1
0x001983cc
0x001983d3
0x001983e2
0x001983ea
0x001983ea
0x001983ed
0x001983f0
0x001983fa
0x001983ff
0x00198370
0x00198377
0x00198382
0x00198385
0x0019838f
0x00198394
0x00198394
0x00198405
0x00198410

APIs
  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,48591883), ref: 0019833C
  • _DebugHeapAllocator.LIBCPMTD ref: 00198377
    • Part of subcall function 0016A0B0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCONCRTD ref: 0016A0BA
  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?), ref: 001983AE
  • _DebugHeapAllocator.LIBCPMTD ref: 001983E2
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: AllocatorByteCharDebugHeapMultiWide$Base::Concurrency::details::ContextIdentityQueueWork
  • String ID:
  • API String ID: 447409166-0
  • Opcode ID: 1b2f7e04069d3507d2a38e1f153249dcf5323943067705f42678c6e44e47fd4c
  • Instruction ID: cfda4bdc372b38976a05dd9af0c1240f0fe72d9c1370425b7bcb6b79df5e93e0
  • Opcode Fuzzy Hash: 1b2f7e04069d3507d2a38e1f153249dcf5323943067705f42678c6e44e47fd4c
  • Instruction Fuzzy Hash: DB311EB1900209ABDB14EFA4CD52BEEB7B4FF58710F604229F525A72D0D7356A05CB91
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 82%
			E001692D0(void* __ebx, void* __edi, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v92;
				signed int _t32;
				signed int _t59;

				_push(0xffffffff);
				_push(0x371ec8);
				_push( *[fs:0x0]);
				_t32 =  *0x414f64; // 0x48591883
				_push(_t32 ^ _t59);
				 *[fs:0x0] =  &_v16;
				_v20 = 0;
				if(_a4 != 0) {
					_t64 =  *_a4;
					if( *_a4 == 0) {
						_v24 = E00214952(_t64, 0x18);
						_v8 = 0;
						_t65 = _v24;
						if(_v24 == 0) {
							_v28 = 0;
						} else {
							_v32 = E00169080(__ebx,  &_v92, __edi, _t65, E00169190(_a8));
							_v36 = _v32;
							_v8 = 1;
							_v20 = _v20 | 0x00000001;
							_v28 = E00168FA0(_v36, 0);
						}
						_v40 = _v28;
						_v8 = 2;
						 *_a4 = _v40;
						_v8 = 0xffffffff;
						if((_v20 & 0x00000001) != 0) {
							_v20 = _v20 & 0xfffffffe;
							E00169240(_v20);
						}
					}
				}
				 *[fs:0x0] = _v16;
				return 2;
			}














0x001692d3
0x001692d5
0x001692e0
0x001692e4
0x001692eb
0x001692ef
0x001692f5
0x00169300
0x00169309
0x0016930c
0x0016931c
0x0016931f
0x00169326
0x0016932a
0x00169366
0x0016932c
0x0016933d
0x00169343
0x00169346
0x00169350
0x00169361
0x00169361
0x00169370
0x00169373
0x00169380
0x00169382
0x0016938f
0x00169391
0x00169398
0x00169398
0x0016938f
0x0016930c
0x001693a5
0x001693b0

APIs
  • std::locale::c_str.LIBCPMTD ref: 0016932F
  • std::_Locinfo::_Locinfo.LIBCPMTD ref: 00169338
    • Part of subcall function 00169080: std::_Lockit::_Lockit.LIBCPMT ref: 001690AD
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690BF
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690CE
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690DD
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690EC
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690FB
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 0016910A
    • Part of subcall function 00169080: std::bad_exception::bad_exception.LIBCMTD ref: 00169121
    • Part of subcall function 00169080: __CxxThrowException@8.LIBVCRUNTIME ref: 0016912F
    • Part of subcall function 00169080: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0016913C
  • ctype.LIBCPMTD ref: 0016935C
    • Part of subcall function 00168FA0: std::bad_exception::bad_exception.LIBCMTD ref: 00168FCD
    • Part of subcall function 00168FA0: ctype.LIBCPMTD ref: 00168FE9
  • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00169398
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Yarn$std::_$LocinfoLocinfo::_ctypestd::bad_exception::bad_exception$Exception@8Locinfo::~_Locinfo_ctorLockitLockit::_Throwstd::locale::c_str
  • String ID:
  • API String ID: 1516229762-0
  • Opcode ID: b901ee8362003f0bce14abdb168a3dab8844a09a209e65fdcbdbfd8b8f78417b
  • Instruction ID: b949abe69e8b801a4e518707f1d4587e790b9cb6dc81a939af7ccbb446a69836
  • Opcode Fuzzy Hash: b901ee8362003f0bce14abdb168a3dab8844a09a209e65fdcbdbfd8b8f78417b
  • Instruction Fuzzy Hash: B02119B0D00209DFDB04DF98C946BEEBBB4FB58310F104269E425AB3C0D7756A50CB90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 82%
			E00180400(void* __ebx, void* __edi, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				char _v92;
				signed int _t32;
				signed int _t59;

				_push(0xffffffff);
				_push(0x373ab8);
				_push( *[fs:0x0]);
				_t32 =  *0x414f64; // 0x48591883
				_push(_t32 ^ _t59);
				 *[fs:0x0] =  &_v16;
				_v20 = 0;
				if(_a4 != 0) {
					_t64 =  *_a4;
					if( *_a4 == 0) {
						_v24 = E00214952(_t64, 8);
						_v8 = 0;
						_t65 = _v24;
						if(_v24 == 0) {
							_v28 = 0;
						} else {
							_v32 = E00169080(__ebx,  &_v92, __edi, _t65, E00169190(_a8));
							_v36 = _v32;
							_v8 = 1;
							_v20 = _v20 | 0x00000001;
							_v28 = E00180580(_v36, 0);
						}
						_v40 = _v28;
						_v8 = 2;
						 *_a4 = _v40;
						_v8 = 0xffffffff;
						if((_v20 & 0x00000001) != 0) {
							_v20 = _v20 & 0xfffffffe;
							E00169240(_v20);
						}
					}
				}
				 *[fs:0x0] = _v16;
				return 2;
			}














0x00180403
0x00180405
0x00180410
0x00180414
0x0018041b
0x0018041f
0x00180425
0x00180430
0x00180439
0x0018043c
0x0018044c
0x0018044f
0x00180456
0x0018045a
0x00180496
0x0018045c
0x0018046d
0x00180473
0x00180476
0x00180480
0x00180491
0x00180491
0x001804a0
0x001804a3
0x001804b0
0x001804b2
0x001804bf
0x001804c1
0x001804c8
0x001804c8
0x001804bf
0x0018043c
0x001804d5
0x001804e0

APIs
  • std::locale::c_str.LIBCPMTD ref: 0018045F
  • std::_Locinfo::_Locinfo.LIBCPMTD ref: 00180468
    • Part of subcall function 00169080: std::_Lockit::_Lockit.LIBCPMT ref: 001690AD
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690BF
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690CE
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690DD
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690EC
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690FB
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 0016910A
    • Part of subcall function 00169080: std::bad_exception::bad_exception.LIBCMTD ref: 00169121
    • Part of subcall function 00169080: __CxxThrowException@8.LIBVCRUNTIME ref: 0016912F
    • Part of subcall function 00169080: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0016913C
  • ctype.LIBCPMTD ref: 0018048C
    • Part of subcall function 00180580: std::bad_exception::bad_exception.LIBCMTD ref: 001805AD
  • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 001804C8
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Yarn$std::_$LocinfoLocinfo::_std::bad_exception::bad_exception$Exception@8Locinfo::~_Locinfo_ctorLockitLockit::_Throwctypestd::locale::c_str
  • String ID:
  • API String ID: 1422144976-0
  • Opcode ID: 04929c88d11abd197f123fdf5bd75836518ded1ac6b2bee4328522b9f30dc692
  • Instruction ID: 2ea2d0d3965bb12b5c7786872bcc92e2976ce95f07cab4303b1addb8d1169b3a
  • Opcode Fuzzy Hash: 04929c88d11abd197f123fdf5bd75836518ded1ac6b2bee4328522b9f30dc692
  • Instruction Fuzzy Hash: 6D2103B0D01209DFDB55DF98C946BEEBBB4FB48310F208269E529AB390D7756A44CF90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 83%
			E00211780(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				char _v16;
				signed char _v20;
				char _v72;
				void* __ebx;
				void* __edi;
				signed int _t15;
				intOrPtr* _t34;
				intOrPtr* _t38;
				signed int _t39;

				_push(0xffffffff);
				_push(0x37b488);
				_push( *[fs:0x0]);
				_t15 =  *0x414f64; // 0x48591883
				_push(_t15 ^ _t39);
				 *[fs:0x0] =  &_v16;
				_t25 = 0;
				_v20 = 0;
				_t34 = _a4;
				if(_t34 != 0) {
					_t44 =  *_t34;
					if( *_t34 == 0) {
						_t38 = E00214952(_t44, 8);
						_a4 = _t38;
						_v8 = 0;
						_t45 = _t38;
						if(_t38 == 0) {
							_t38 = 0;
							__eflags = 0;
						} else {
							E00169080(0,  &_v72, _t34, _t45, E00169190(_a8));
							_v8 = 1;
							_t25 = 1;
							_v20 = 1;
							E0016AFE0(0);
							 *_t38 = 0x3b7b98;
						}
						 *_t34 = _t38;
						_t46 = _t25 & 0x00000001;
						if((_t25 & 0x00000001) != 0) {
							E00169240(_t46);
						}
					}
				}
				 *[fs:0x0] = _v16;
				return 4;
			}













0x00211783
0x00211785
0x00211790
0x00211797
0x0021179e
0x002117a2
0x002117a8
0x002117aa
0x002117ad
0x002117b2
0x002117b4
0x002117b6
0x002117bf
0x002117c4
0x002117c7
0x002117ca
0x002117cc
0x002117fc
0x002117fc
0x002117ce
0x002117da
0x002117df
0x002117e3
0x002117ec
0x002117ef
0x002117f4
0x002117f4
0x002117fe
0x00211800
0x00211803
0x00211808
0x00211808
0x00211803
0x002117b6
0x00211815
0x00211823

APIs
  • std::locale::c_str.LIBCPMTD ref: 002117D1
  • std::_Locinfo::_Locinfo.LIBCPMTD ref: 002117DA
    • Part of subcall function 00169080: std::_Lockit::_Lockit.LIBCPMT ref: 001690AD
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690BF
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690CE
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690DD
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690EC
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 001690FB
    • Part of subcall function 00169080: _Yarn.LIBCPMTD ref: 0016910A
    • Part of subcall function 00169080: std::bad_exception::bad_exception.LIBCMTD ref: 00169121
    • Part of subcall function 00169080: __CxxThrowException@8.LIBVCRUNTIME ref: 0016912F
    • Part of subcall function 00169080: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0016913C
  • std::locale::facet::facet.LIBCPMTD ref: 002117EF
  • std::_Locinfo::~_Locinfo.LIBCPMTD ref: 00211808
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Yarn$std::_$LocinfoLocinfo::_$Exception@8Locinfo::~_Locinfo_ctorLockitLockit::_Throwstd::bad_exception::bad_exceptionstd::locale::c_strstd::locale::facet::facet
  • String ID:
  • API String ID: 1945692864-0
  • Opcode ID: be8534c2046569cf16860f86c7d098ee575a5254180a8b0886dc6bf936af8eeb
  • Instruction ID: 85745c94907844be9260605fc5add2da36c8f9ddf9d8da4af7e641f94d8d3268
  • Opcode Fuzzy Hash: be8534c2046569cf16860f86c7d098ee575a5254180a8b0886dc6bf936af8eeb
  • Instruction Fuzzy Hash: C011A771A5021A9BDB10DF58C841BDEF7B8EB64B10F11423AF91557380D7755D60CBC0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 16%
			E0019EB10(intOrPtr __ecx, void* __eflags, void* _a4, void* _a8) {
				intOrPtr _v8;
				char _v16;
				signed int _v20;
				char _v28;
				char _v540;
				char _v1052;
				char _v1564;
				char _v1696;
				signed int _v1700;
				intOrPtr _v1704;
				signed int _t23;
				signed int _t24;
				signed int _t46;

				_t23 =  *0x414f64; // 0x48591883
				_t24 = _t23 ^ _t46;
				_v20 = _t24;
				 *[fs:0x0] =  &_v16;
				_v1704 = __ecx;
				_v1700 = 0;
				__imp__??BCDuiString@DuiLib@@QBEPB_WXZ(_t24,  *[fs:0x0], 0x375cec, 0xffffffff);
				E0035504B( &_v28,  &_v28,  &_v1564,  &_v540,  &_v1052);
				__imp__??0CDuiString@DuiLib@@QAE@PB_WH@Z( &_v540, 0xffffffff);
				_v8 = 0;
				__imp__??0CDuiString@DuiLib@@QAE@ABV01@@Z();
				_v1700 = _v1700 | 0x00000001;
				_v8 = 0xffffffff;
				__imp__??1CDuiString@DuiLib@@QAE@XZ();
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t46,  &_v1696);
			}
















0x0019eb27
0x0019eb2c
0x0019eb2e
0x0019eb35
0x0019eb3b
0x0019eb41
0x0019eb67
0x0019eb6e
0x0019eb85
0x0019eb8b
0x0019eb9c
0x0019ebab
0x0019ebb1
0x0019ebbe
0x0019ebca
0x0019ebdf

APIs
  • ??BCDuiString@DuiLib@@QBEPB_WXZ.DUILIB(00375CEC,?,?,?), ref: 0019EB67
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(?,000000FF), ref: 0019EB85
  • ??0CDuiString@DuiLib@@QAE@ABV01@@Z.DUILIB(?), ref: 0019EB9C
  • ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0019EBBE
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@String@$V01@@
  • String ID:
  • API String ID: 2363659797-0
  • Opcode ID: da9dc8bee251f2b95f259b5caeb85c7839478821542e2d9655ebe28ca0caf61b
  • Instruction ID: 4b9d7356d724918f7ab8a5236fd85b8e6f672976e1cc3c56297cb3a83194d34e
  • Opcode Fuzzy Hash: da9dc8bee251f2b95f259b5caeb85c7839478821542e2d9655ebe28ca0caf61b
  • Instruction Fuzzy Hash: 26212EB1900218DFCB15DF54DC44BDEB7B9FB89310F4083AAE81AA7690DB356A54CF50
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 95%
			E00360CFD(signed int _a4) {
				signed int _t9;
				void* _t13;
				signed int _t15;
				WCHAR* _t22;
				signed int _t24;
				signed int* _t25;
				void* _t27;

				_t9 = _a4;
				_t25 = 0x422148 + _t9 * 4;
				_t24 =  *_t25;
				if(_t24 == 0) {
					_t22 =  *(0x3bb598 + _t9 * 4);
					_t27 = LoadLibraryExW(_t22, 0, 0x800);
					if(_t27 != 0) {
						L8:
						 *_t25 = _t27;
						if( *_t25 != 0) {
							FreeLibrary(_t27);
						}
						_t13 = _t27;
						L11:
						return _t13;
					}
					_t15 = GetLastError();
					if(_t15 != 0x57) {
						_t27 = 0;
					} else {
						_t15 = LoadLibraryExW(_t22, _t27, _t27);
						_t27 = _t15;
					}
					if(_t27 != 0) {
						goto L8;
					} else {
						 *_t25 = _t15 | 0xffffffff;
						_t13 = 0;
						goto L11;
					}
				}
				_t4 = _t24 + 1; // 0x48591884
				asm("sbb eax, eax");
				return  ~_t4 & _t24;
			}










0x00360d02
0x00360d06
0x00360d0d
0x00360d11
0x00360d1f
0x00360d35
0x00360d39
0x00360d62
0x00360d64
0x00360d68
0x00360d6b
0x00360d6b
0x00360d71
0x00360d73
0x00000000
0x00360d74
0x00360d3b
0x00360d44
0x00360d53
0x00360d46
0x00360d49
0x00360d4f
0x00360d4f
0x00360d57
0x00000000
0x00360d59
0x00360d5c
0x00360d5e
0x00000000
0x00360d5e
0x00360d57
0x00360d13
0x00360d18
0x00000000

APIs
  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,FFFFFFFF,00000000,00000000,?,00360CA4,FFFFFFFF,00000000,00000000,00000000,?,00360F82,00000006,FlsSetValue), ref: 00360D2F
  • GetLastError.KERNEL32(?,00360CA4,FFFFFFFF,00000000,00000000,00000000,?,00360F82,00000006,FlsSetValue,003BBA74,003BBA7C,00000000,00000364,?,00360A5F), ref: 00360D3B
  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00360CA4,FFFFFFFF,00000000,00000000,00000000,?,00360F82,00000006,FlsSetValue,003BBA74,003BBA7C,00000000), ref: 00360D49
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: LibraryLoad$ErrorLast
  • String ID:
  • API String ID: 3177248105-0
  • Opcode ID: 6d99d4beb3d929752ffd558c3758308591801add968dcd9a1c08a66a1288a407
  • Instruction ID: 46ec9ab1ec47faf5ec58f482efc527083a0c1c48bc061efbda11cf05908b67ff
  • Opcode Fuzzy Hash: 6d99d4beb3d929752ffd558c3758308591801add968dcd9a1c08a66a1288a407
  • Instruction Fuzzy Hash: 25014736611722ABC7374BF8AC4AB677B5CAF047A0B254360F90AE3144DB20EC00C7E0
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ??0CListContainerElementUI@DuiLib@@QAE@XZ.DUILIB(48591883,00000000,00000000,00370E67,000000FF,?,001563BA), ref: 00156419
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 0015646D
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156480
  • ??0CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00156493
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$ContainerElementList
  • String ID:
  • API String ID: 1756005355-0
  • Opcode ID: 3ebf54e1e001594637da262163dce7ff9feaef8b3ee6353b83565bc3d6d4c373
  • Instruction ID: 92e43cf1bc8937f69877cd7a0cb45d8b9c2230e16b96e222d498ec84ff3bef23
  • Opcode Fuzzy Hash: 3ebf54e1e001594637da262163dce7ff9feaef8b3ee6353b83565bc3d6d4c373
  • Instruction Fuzzy Hash: A41107B4A0425ADFDB09DF88D858BBEBBB5FB48314F0446A9E825673C1CB751904CF54
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 25%
			E00155A40(intOrPtr __ecx, intOrPtr _a4, int* _a8, intOrPtr _a12, RECT** _a16) {
				intOrPtr _v8;
				intOrPtr _v12;

				_v8 = __ecx;
				if(_a4 == 0x113) {
					E00155CC0(_v8, _a4, _a8, _a12, _a16);
					 *_a16 = 0;
				}
				_v12 = _a4;
				if(_v12 == 0xc11) {
					InvalidateRect( *(_v8 + 4), 0, 1);
					__imp__?GetRoot@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@XZ();
					__imp__?NeedUpdate@CControlUI@DuiLib@@QAEXXZ();
					__imp__?NeedUpdate@CPaintManagerUI@DuiLib@@QAEXXZ();
				}
				 *_a16 = 0;
				return 0;
			}





0x00155a46
0x00155a50
0x00155a65
0x00155a6d
0x00155a6d
0x00155a76
0x00155a80
0x00155a8f
0x00155a9b
0x00155aa3
0x00155aaf
0x00155aaf
0x00155ab8
0x00155ac3

APIs
    • Part of subcall function 00155CC0: ??0CDuiString@DuiLib@@QAE@XZ.DUILIB(48591883), ref: 00155CF7
    • Part of subcall function 00155CC0: ?Format@CDuiString@DuiLib@@QAAHPB_WZZ.DUILIB(?,003C32C8,?), ref: 00155D14
    • Part of subcall function 00155CC0: ??1CDuiString@DuiLib@@QAE@XZ.DUILIB ref: 00155D88
  • InvalidateRect.USER32(?,00000000,00000001), ref: 00155A8F
  • ?GetRoot@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@XZ.DUILIB ref: 00155A9B
  • ?NeedUpdate@CControlUI@DuiLib@@QAEXXZ.DUILIB ref: 00155AA3
  • ?NeedUpdate@CPaintManagerUI@DuiLib@@QAEXXZ.DUILIB ref: 00155AAF
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$String@$ControlManagerNeedPaintUpdate@$Format@I@2@InvalidateRectRoot@
  • String ID:
  • API String ID: 3255911592-0
  • Opcode ID: d0d189616b24542b9fa61ef928251a4442f3bc9665cede7d2dc7d25b216c4494
  • Instruction ID: 33c42618deb1118a47d713b62d2201d2f771dad2a85c7f6d29423e341aac8444
  • Opcode Fuzzy Hash: d0d189616b24542b9fa61ef928251a4442f3bc9665cede7d2dc7d25b216c4494
  • Instruction Fuzzy Hash: 75012D74600209EFCB04DFA4D9A9BAE7BB5BB48301F148199FD069B390D7719E50DB50
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 92%
			E0020BCF0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				signed int _v36;
				char _v44;
				char _v68;
				intOrPtr _v72;
				char _v96;
				intOrPtr _v100;
				char _v108;
				char _v109;
				intOrPtr _v116;
				intOrPtr _v120;
				char _v124;
				char _v136;
				signed int _t105;
				signed int _t106;
				signed int _t123;
				void* _t143;
				void* _t145;
				char _t154;
				signed int _t155;
				intOrPtr* _t156;
				intOrPtr* _t157;
				void* _t161;
				intOrPtr* _t164;
				intOrPtr _t167;
				void* _t197;
				char _t200;
				intOrPtr* _t201;
				intOrPtr _t202;
				signed int _t206;

				_push(0xffffffff);
				_push(0x37adfe);
				_push( *[fs:0x0]);
				_t105 =  *0x414f64; // 0x48591883
				_t106 = _t105 ^ _t206;
				_v20 = _t106;
				_push(_t106);
				 *[fs:0x0] =  &_v16;
				_t197 = __ecx;
				if( *((intOrPtr*)(E0015EF30(__ecx))) > 0x3e8) {
					E00169EF0("Exceeded stackLimit in readValue().");
					_v8 = 0;
					E00206960();
				}
				if( *((char*)(_t197 + 0x6c)) == 0) {
					_t161 = _t197;
					E0020C070(_t161,  &_v124);
					_t154 = _v124;
					goto L7;
				} else {
					do {
						_t161 = _t197;
						E0020C070(_t161,  &_v124);
						_t154 = _v124;
					} while (_t154 == 0xc);
					L7:
					_t213 =  *((char*)(_t197 + 0x70));
					_v109 = 1;
					if( *((char*)(_t197 + 0x70)) != 0) {
						_t161 = _t197 + 0x54;
						_t143 = E001683C0(_t161, _t213);
						_t214 = _t143;
						if(_t143 == 0) {
							_t199 = E0020DE50(_t197, _t214);
							_t145 = E00167FB0(_t197 + 0x54);
							E00208DD0(_t154, E00169DB0(), _t145, 0);
							_t161 = _t197 + 0x54;
							_v8 = 1;
							E0015F910(_t161, 0);
							_v8 = 0xffffffff;
						}
					}
					_t155 = _t154 - 1;
					if(_t155 > 9) {
						L27:
						_push(_t161);
						_t156 = E00210240(E00210490(_t197, __eflags,  &_v32),  &_v136);
						_t164 =  *_t156;
						__eflags = _t164;
						if(_t164 != 0) {
							_t200 =  *_t164;
						} else {
							_t200 = 0;
						}
						_t167 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t200 + 4)) + E00168580(_t200,  *(_t156 + 8)) * 4)) + ( *(_t156 + 8) & 0x00000003) * 4));
						_push(_t167);
						 *((intOrPtr*)(_t167 + 0x10)) = _v120 -  *((intOrPtr*)(_t197 + 0x40));
						_t157 = E00210240(E00210490(_t197, __eflags,  &_v136),  &_v32);
						_t201 =  *_t157;
						__eflags = _t201;
						if(_t201 != 0) {
							_t201 =  *_t201;
						}
						_t123 = E00168580(_t201,  *(_t157 + 8));
						_t202 = _v116;
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t201 + 4)) + _t123 * 4)) + ( *(_t157 + 8) & 0x00000003) * 4)) + 0x14)) = _t202 -  *((intOrPtr*)(_t197 + 0x40));
						E00169EF0("Syntax error: value, object or array expected.");
						_v8 = 8;
						E0015ED50();
						_v8 = 9;
						asm("movq xmm0, [ebp-0x78]");
						asm("movq [ebp-0x68], xmm0");
						_v100 = _t202;
						E00191CD0( &_v96,  &_v68);
						_v72 = 0;
						E0020DEA0(_t197 + 0x14, __eflags,  &_v108);
						E00168720( &_v108);
						E0015FA10();
						__eflags = 0;
						goto L33;
					} else {
						switch( *((intOrPtr*)(_t155 * 4 +  &M0020C03C))) {
							case 0:
								E0020C6A0(_t155, _t197, _t197, _t199, _t215,  &_v124);
								goto L13;
							case 1:
								__eflags =  *((char*)(__edi + 0x6e));
								if(__eflags == 0) {
									goto L27;
								}
								 *((intOrPtr*)(__edi + 0x48)) =  *((intOrPtr*)(__edi + 0x48)) - 1;
								_v36 = _v36 & 0xfffffe00;
								_v32 = 0;
								_v28 = 0;
								_v24 = 0;
								__eax =  &_v44;
								_v8 = 7;
								__ecx = __edi;
								__ecx = E0020DE50(__edi, __eflags);
								__eax = E00207540(__eax,  &_v44);
								__esi =  *((intOrPtr*)(__edi + 0x48));
								__ecx = __edi;
								__esi =  *((intOrPtr*)(__edi + 0x48)) -  *((intOrPtr*)(__edi + 0x40));
								__esi =  *((intOrPtr*)(__edi + 0x48)) -  *((intOrPtr*)(__edi + 0x40)) - 1;
								__eflags = __esi;
								 *((intOrPtr*)(E0020DE50(__edi, __esi) + 0x10)) = __esi;
								__esi =  *((intOrPtr*)(__edi + 0x48));
								goto L23;
							case 2:
								__eax =  &_v124;
								__ecx = __edi;
								__eax = E0020CB30(__ebx, __ecx, __edi, __esi, __eflags,  &_v124);
								L13:
								 *((intOrPtr*)(E0020DE50(_t197, _t215) + 0x14)) =  *((intOrPtr*)(_t197 + 0x48)) -  *((intOrPtr*)(_t197 + 0x40));
								goto L24;
							case 3:
								__eax =  &_v124;
								__ecx = __edi;
								__eax = E0020D510(__ebx, __ecx, __edi, __esi, __eflags,  &_v124);
								goto L24;
							case 4:
								__eax =  &_v124;
								__ecx = __edi;
								__eax = E0020CE80(__ecx, __edx,  &_v124);
								goto L24;
							case 5:
								__ecx =  &_v44;
								__eax = E002071D0( &_v44, 1);
								_v8 = 2;
								goto L18;
							case 6:
								__ecx =  &_v44;
								__eax = E002071D0( &_v44, 0);
								_v8 = 3;
								goto L18;
							case 7:
								_v36 = _v36 & 0xfffffe00;
								_v32 = 0;
								_v28 = 0;
								_v24 = 0;
								_v8 = 5;
								L18:
								__eax =  &_v44;
								__ecx = __edi;
								__ecx = E0020DE50(__edi, __eflags);
								__eax = E00207540(__eax,  &_v44);
								__esi = _v120;
								__ecx = __edi;
								__esi = _v120 -  *((intOrPtr*)(__edi + 0x40));
								 *((intOrPtr*)(E0020DE50(__edi, __eflags) + 0x10)) = _v120 -  *((intOrPtr*)(__edi + 0x40));
								__esi = _v116;
								L23:
								__esi = __esi -  *((intOrPtr*)(__edi + 0x40));
								__eflags = __esi;
								__ecx = __edi;
								__eax = E0020DE50(__edi, __esi);
								__ecx =  &_v44;
								_v8 = 0xffffffff;
								 *((intOrPtr*)(__eax + 0x14)) = __esi;
								__eax = E002073E0(__ecx);
								L24:
								_t216 =  *((char*)(_t197 + 0x70));
								if( *((char*)(_t197 + 0x70)) != 0) {
									 *((intOrPtr*)(_t197 + 0x4c)) =  *((intOrPtr*)(_t197 + 0x48));
									 *((intOrPtr*)(_t197 + 0x50)) = E0020DE50(_t197, _t216);
								}
								L33:
								 *[fs:0x0] = _v16;
								return E00344CC8(_v20 ^ _t206);
						}
					}
				}
			}






































0x0020bcf3
0x0020bcf5
0x0020bd00
0x0020bd04
0x0020bd09
0x0020bd0b
0x0020bd11
0x0020bd15
0x0020bd1b
0x0020bd28
0x0020bd32
0x0020bd3a
0x0020bd41
0x0020bd41
0x0020bd4a
0x0020bd68
0x0020bd6b
0x0020bd70
0x00000000
0x0020bd50
0x0020bd50
0x0020bd53
0x0020bd56
0x0020bd5b
0x0020bd5e
0x0020bd73
0x0020bd73
0x0020bd77
0x0020bd7b
0x0020bd7d
0x0020bd80
0x0020bd85
0x0020bd87
0x0020bd95
0x0020bd97
0x0020bda8
0x0020bdaf
0x0020bdb2
0x0020bdb9
0x0020bdbe
0x0020bdbe
0x0020bd87
0x0020bdc5
0x0020bdc9
0x0020bf2e
0x0020bf2e
0x0020bf48
0x0020bf4a
0x0020bf4c
0x0020bf4e
0x0020bf54
0x0020bf50
0x0020bf50
0x0020bf50
0x0020bf6c
0x0020bf75
0x0020bf76
0x0020bf92
0x0020bf94
0x0020bf96
0x0020bf98
0x0020bf9a
0x0020bf9a
0x0020bfa1
0x0020bfac
0x0020bfc2
0x0020bfc8
0x0020bfd0
0x0020bfd7
0x0020bfdc
0x0020bfe3
0x0020bfec
0x0020bff1
0x0020bff4
0x0020bffc
0x0020c007
0x0020c00f
0x0020c017
0x0020c01c
0x00000000
0x0020bdcf
0x0020bdcf
0x00000000
0x0020bddc
0x00000000
0x00000000
0x0020be9c
0x0020bea0
0x00000000
0x00000000
0x0020bea6
0x0020bea9
0x0020beb0
0x0020beb7
0x0020bebe
0x0020bec5
0x0020bec8
0x0020bed0
0x0020bed7
0x0020bed9
0x0020bede
0x0020bee1
0x0020bee3
0x0020bee6
0x0020bee6
0x0020beec
0x0020beef
0x00000000
0x00000000
0x0020bdf8
0x0020bdfb
0x0020bdfe
0x0020bde1
0x0020bdf0
0x00000000
0x00000000
0x0020be17
0x0020be1a
0x0020be1d
0x00000000
0x00000000
0x0020be05
0x0020be08
0x0020be0b
0x00000000
0x00000000
0x0020be2b
0x0020be2e
0x0020be33
0x00000000
0x00000000
0x0020be66
0x0020be69
0x0020be6e
0x00000000
0x00000000
0x0020be77
0x0020be7e
0x0020be85
0x0020be8c
0x0020be93
0x0020be3a
0x0020be3a
0x0020be3d
0x0020be45
0x0020be47
0x0020be4c
0x0020be4f
0x0020be51
0x0020be59
0x0020be5c
0x0020bef2
0x0020bef2
0x0020bef2
0x0020bef5
0x0020bef7
0x0020befc
0x0020beff
0x0020bf06
0x0020bf09
0x0020bf11
0x0020bf11
0x0020bf15
0x0020bf1c
0x0020bf24
0x0020bf24
0x0020c01e
0x0020c021
0x0020c039
0x00000000
0x0020bdcf
0x0020bdc9

APIs
  • std::_Container_base12::~_Container_base12.LIBCPMTD ref: 0020BDA0
    • Part of subcall function 00206960: __CxxThrowException@8.LIBVCRUNTIME ref: 002069BB
    • Part of subcall function 00206960: std::exception::exception.LIBCMTD ref: 002069FE
Strings
  • Syntax error: value, object or array expected., xrefs: 0020BFB2
  • Exceeded stackLimit in readValue()., xrefs: 0020BD2A
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Container_base12Container_base12::~_Exception@8Throwstd::_std::exception::exception
  • String ID: Exceeded stackLimit in readValue().$Syntax error: value, object or array expected.
  • API String ID: 25014551-359489996
  • Opcode ID: ee3464964645628c2e8c51702f19a3e0e513b2158425a092a74edb8923581829
  • Instruction ID: 61ddcf545d858441b4dd2823797173e92dd13fcbdcffc4eac24ebb820a951e0d
  • Opcode Fuzzy Hash: ee3464964645628c2e8c51702f19a3e0e513b2158425a092a74edb8923581829
  • Instruction Fuzzy Hash: FEA18C70A20319DBCF15EFA4C899BEEBBB5BF54310F140259E4016B6C2DB74AA64CF90
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 93%
			E0036A2B3(void* __ecx, signed int _a4, intOrPtr _a8) {
				int _v8;
				void* __esi;
				int _t15;
				int _t16;
				signed int _t17;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t36;

				_push(__ecx);
				_t23 = _a4;
				_push(_t34);
				if(_t23 == 0) {
					L21:
					_t15 = E00360FB4(_t23, _t34, __eflags, _a8 + 0x250, 0x20001004,  &_v8, 2);
					__eflags = _t15;
					if(_t15 != 0) {
						_t16 = _v8;
						__eflags = _t16;
						if(_t16 == 0) {
							_t16 = GetACP();
						}
						L25:
						return _t16;
					}
					L22:
					_t16 = 0;
					goto L25;
				}
				_t17 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t34 = 0x3bcf60;
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t34) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t17;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t36 = 0x3bcf68;
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t36) {
								break;
							}
							if(_t31 == 0) {
								L17:
								_t48 = _t17;
								if(_t17 != 0) {
									_t16 = E0034D449(_t23, _t23);
									goto L25;
								}
								if(E00360FB4(_t23, _t36, _t48, _a8 + 0x250, 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t16 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t36 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t36 = _t36 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t17 = _t17 | 0x00000001;
						__eflags = _t17;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t34 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t34 = _t34 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				__eflags = _t26;
				goto L9;
			}


















0x0036a2b8
0x0036a2b9
0x0036a2bc
0x0036a2c0
0x0036a366
0x0036a37a
0x0036a37f
0x0036a381
0x0036a387
0x0036a38a
0x0036a38c
0x0036a38e
0x0036a38e
0x0036a394
0x0036a399
0x0036a399
0x0036a383
0x0036a383
0x00000000
0x0036a383
0x0036a2c6
0x0036a2cb
0x00000000
0x00000000
0x0036a2d1
0x0036a2d6
0x0036a2d8
0x0036a2d8
0x0036a2de
0x00000000
0x00000000
0x0036a2e3
0x0036a2fa
0x0036a2fa
0x0036a303
0x0036a305
0x00000000
0x00000000
0x0036a307
0x0036a30c
0x0036a30e
0x0036a30e
0x0036a314
0x00000000
0x00000000
0x0036a319
0x0036a337
0x0036a337
0x0036a339
0x0036a35e
0x00000000
0x0036a363
0x0036a356
0x00000000
0x00000000
0x0036a358
0x00000000
0x0036a358
0x0036a31b
0x0036a323
0x00000000
0x00000000
0x0036a325
0x0036a328
0x0036a32e
0x00000000
0x00000000
0x00000000
0x0036a330
0x0036a332
0x0036a334
0x0036a334
0x00000000
0x0036a334
0x0036a2e5
0x0036a2ed
0x00000000
0x00000000
0x0036a2ef
0x0036a2f2
0x0036a2f8
0x00000000
0x00000000
0x00000000
0x0036a2f8
0x0036a2fe
0x0036a300
0x0036a300
0x00000000

APIs
  • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,0036A50E,?,00000050,?,?,?,?,?), ref: 0036A38E
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID:
  • String ID: ACP$OCP
  • API String ID: 0-711371036
  • Opcode ID: df38c426aa496894e430af9a6976b5fc4f63e2accc81c621e083bcd1e6afacb1
  • Instruction ID: b32e96c23f0defea394f6c0b53bcaa55f5e59e9e3c89a790dbc184f00c3b5ccc
  • Opcode Fuzzy Hash: df38c426aa496894e430af9a6976b5fc4f63e2accc81c621e083bcd1e6afacb1
  • Instruction Fuzzy Hash: A521A76AA44900A6D7378B54C901BAB739AEB54F54F67C464E909F7308F732DD40CB52
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 57%
			E0019E450(intOrPtr __ecx, void* __edi, void* _a4) {
				char _v8;
				char _v16;
				signed int _v20;
				char _v219;
				char _v220;
				struct _SYSTEMTIME _v236;
				char _v260;
				intOrPtr _v264;
				signed int _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				signed int _t42;
				signed int _t43;
				signed int _t82;

				_push(0xffffffff);
				_push(0x375bab);
				_push( *[fs:0x0]);
				_t42 =  *0x414f64; // 0x48591883
				_t43 = _t42 ^ _t82;
				_v20 = _t43;
				_push(_t43);
				 *[fs:0x0] =  &_v16;
				_v276 = __ecx;
				_v268 = 0;
				E0015ED50();
				_v8 = 0;
				_v236.wYear = 0;
				_v236.wMonth = 0;
				_v236.wDay = 0;
				_v236.wMinute = 0;
				_v236.wMilliseconds = 0;
				GetLocalTime( &_v236);
				_v220 = 0;
				E00349980(__edi,  &_v219, 0, 0xc7);
				_push(_v236.wMilliseconds & 0x0000ffff);
				_push(_v236.wSecond & 0x0000ffff);
				_push(_v236.wMinute & 0x0000ffff);
				_push(_v236.wHour & 0x0000ffff);
				_push(_v236.wDay & 0x0000ffff);
				_push(_v236.wMonth & 0x0000ffff);
				_v272 = E001922B0( &_v220, "%d_%02d_%02d_%02d_%02d_%02d_%03d", _v236.wYear & 0x0000ffff);
				_v264 = _v272;
				if(_v264 >= 0xc8) {
					E0034542E();
				}
				 *((char*)(_t82 + _v264 - 0xd8)) = 0;
				E00167FD0( &_v260,  &_v220);
				E00168980( &_v260);
				_v268 = _v268 | 0x00000001;
				_v8 = 0xffffffff;
				E0015FA10();
				 *[fs:0x0] = _v16;
				return E00344CC8(_v20 ^ _t82);
			}

















0x0019e453
0x0019e455
0x0019e460
0x0019e467
0x0019e46c
0x0019e46e
0x0019e471
0x0019e475
0x0019e47b
0x0019e481
0x0019e491
0x0019e496
0x0019e49f
0x0019e4a8
0x0019e4ae
0x0019e4b4
0x0019e4ba
0x0019e4c8
0x0019e4ce
0x0019e4e3
0x0019e4f2
0x0019e4fa
0x0019e502
0x0019e50a
0x0019e512
0x0019e51a
0x0019e537
0x0019e543
0x0019e553
0x0019e557
0x0019e557
0x0019e562
0x0019e577
0x0019e586
0x0019e594
0x0019e59a
0x0019e5a7
0x0019e5b2
0x0019e5c7

APIs
  • GetLocalTime.KERNEL32(?), ref: 0019E4C8
  • _fwprintf.LIBCONCRTD ref: 0019E52F
    • Part of subcall function 001922B0: _fread.LIBCMTD ref: 001922CF
Strings
  • %d_%02d_%02d_%02d_%02d_%02d_%03d, xrefs: 0019E523
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: LocalTime_fread_fwprintf
  • String ID: %d_%02d_%02d_%02d_%02d_%02d_%03d
  • API String ID: 3263972824-3726609935
  • Opcode ID: ddbff3b406b824ecd456f44c31f6416487c6e3efbe3a2f5489a78170470295e5
  • Instruction ID: e89ba10d5da0924fafe2915137b0ee6f368ec9ad377c54d069216669f41151ea
  • Opcode Fuzzy Hash: ddbff3b406b824ecd456f44c31f6416487c6e3efbe3a2f5489a78170470295e5
  • Instruction Fuzzy Hash: 89411DB19142689ACB25DF54DC81BEDB7B4BB58700F0085EAE55EA7280EBB41AC4CF64
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 96%
			E003623BC(void* __eflags, intOrPtr* _a4) {
				void* _t14;
				void* _t16;
				intOrPtr _t19;
				intOrPtr _t25;
				intOrPtr _t34;
				intOrPtr* _t37;
				intOrPtr* _t38;

				_t38 = _a4;
				if(E0036DBD9(E0035D2AC(_t38)) != 0) {
					_t14 = E0034D78F(1);
					_t25 = 2;
					if(_t38 != _t14) {
						if(_t38 != E0034D78F(_t25)) {
							L12:
							_t16 = 0;
							L13:
							return _t16;
						}
						_t37 = 0x42242c;
						L6:
						 *0x421d78 =  *0x421d78 + 1;
						_t31 = _t38 + 0xc;
						if(( *(_t38 + 0xc) & 0x000004c0) != 0) {
							goto L12;
						}
						asm("lock or [ecx], eax");
						_t19 =  *_t37;
						if(_t19 != 0) {
							L10:
							 *((intOrPtr*)(_t38 + 4)) = _t19;
							 *_t38 =  *_t37;
							 *((intOrPtr*)(_t38 + 8)) = 0x1000;
							 *((intOrPtr*)(_t38 + 0x18)) = 0x1000;
							L11:
							_t16 = 1;
							goto L13;
						}
						 *_t37 = E003600B9(_t31, 0x1000);
						E00360415(0);
						_t19 =  *_t37;
						if(_t19 != 0) {
							goto L10;
						}
						_t34 = _t38 + 0x14;
						 *((intOrPtr*)(_t38 + 8)) = _t25;
						 *((intOrPtr*)(_t38 + 4)) = _t34;
						 *_t38 = _t34;
						 *((intOrPtr*)(_t38 + 0x18)) = _t25;
						goto L11;
					}
					_t37 = 0x422428;
					goto L6;
				}
				return 0;
			}










0x003623c2
0x003623d5
0x003623e2
0x003623ea
0x003623ed
0x003623ff
0x0036246a
0x0036246a
0x0036246c
0x00000000
0x0036246d
0x00362401
0x00362406
0x00362406
0x0036240c
0x00362416
0x00000000
0x00000000
0x0036241d
0x00362420
0x00362424
0x00362451
0x00362451
0x00362456
0x00362458
0x0036245f
0x00362466
0x00362466
0x00000000
0x00362466
0x00362432
0x00362434
0x00362439
0x0036243f
0x00000000
0x00000000
0x00362441
0x00362444
0x00362447
0x0036244a
0x0036244c
0x00000000
0x0036244c
0x003623ef
0x00000000
0x003623ef
0x00000000

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: _free
  • String ID: ($B$,$B
  • API String ID: 269201875-2819465851
  • Opcode ID: fafd79a8656d250e4c6c8216f5c2ce0543f51835ba07c70f6742066791b655a8
  • Instruction ID: 4473ad3181760cabce5fe77e88e82e2f693de58844343168910ef7a4dffdf614
  • Opcode Fuzzy Hash: fafd79a8656d250e4c6c8216f5c2ce0543f51835ba07c70f6742066791b655a8
  • Instruction Fuzzy Hash: 6B110331200B129FD723AF2AD881B53B7E8EF14754F32C42EE4898B645EF70E8858750
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 16%
			E00159F10(intOrPtr __ecx, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _t25;

				_v8 = __ecx;
				_v12 = 0;
				_t25 = _v8;
				if( *((intOrPtr*)(_t25 + 0xabc)) == 0) {
					__imp__?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z(_v8, L"device_profile_name_edit");
					 *((intOrPtr*)(_v8 + 0xabc)) = _t25;
				}
				if( *((intOrPtr*)(_v8 + 0xabc)) != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xabc)))) + 0x28))))(_a4);
					_v12 = _v12 | 0x00000001;
					return _a4;
				} else {
					__imp__??0CDuiString@DuiLib@@QAE@PB_WH@Z(0x3c4508, 0xffffffff);
					_v12 = _v12 | 0x00000001;
					return _a4;
				}
			}






0x00159f16
0x00159f19
0x00159f20
0x00159f2a
0x00159f3b
0x00159f44
0x00159f44
0x00159f54
0x00159f8f
0x00159f97
0x00000000
0x00159f56
0x00159f60
0x00159f6c
0x00000000
0x00159f6f

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_profile_name_edit), ref: 00159F3B
  • ??0CDuiString@DuiLib@@QAE@PB_WH@Z.DUILIB(003C4508,000000FF), ref: 00159F60
Strings
  • device_profile_name_edit, xrefs: 00159F2C
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$FindI@2@ManagerName@PaintString@V32@
  • String ID: device_profile_name_edit
  • API String ID: 1777435973-3390206897
  • Opcode ID: 60ce7bf6cf3724d2f8b7a0fc1b18ca6bd2a8201e4c35862f1775a6d85e66054f
  • Instruction ID: f4819ad408f5662c1c5e5435fc6003a3fc52d64dd4284d13cc2b9a8c99051c5b
  • Opcode Fuzzy Hash: 60ce7bf6cf3724d2f8b7a0fc1b18ca6bd2a8201e4c35862f1775a6d85e66054f
  • Instruction Fuzzy Hash: 3111C075A04208EFCB04CF94D595E9DBBB1FB49315F2042ADE819AB791C731AE81DF41
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(48591883,light_combo_modeSelect), ref: 00163DC2
  • ?SelectItem1@CComboUI@DuiLib@@QAE_NH_N0@Z.DUILIB(?,00000000,00000000), ref: 00163DF0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$ComboFindI@2@Item1@ManagerName@PaintSelectV32@
  • String ID: light_combo_modeSelect
  • API String ID: 736304933-23379220
  • Opcode ID: f1b9804bf72b1ff6edab6aaeb520143184b1d2abc41e3681f431e99d8fb39999
  • Instruction ID: a115326e3cda3c0e9cc583d0824ac6160b0b441e85e0bc0042682c9c04475f25
  • Opcode Fuzzy Hash: f1b9804bf72b1ff6edab6aaeb520143184b1d2abc41e3681f431e99d8fb39999
  • Instruction Fuzzy Hash: CD01DA75A04108EFCB04CB85D955FAAB7F6BB48300F2581A9E549AB291CB326F50DF94
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_Color_Pallet), ref: 001645F2
  • ?SetSelectColor@CColorPaletteUI@DuiLib@@QAEXK@Z.DUILIB(00163D09), ref: 0016461C
    • Part of subcall function 00164840: ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_colordp_btn,?,?,0016462E,00163D09), ref: 00164862
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Control$Lib@@$FindI@2@ManagerName@PaintV32@$ColorColor@PaletteSelect
  • String ID: deng_Color_Pallet
  • API String ID: 2232652488-3263622946
  • Opcode ID: 91a6792d17ab8da5c063fc52b6891d8e90763415b94fc1deed30383c9ff55ce3
  • Instruction ID: 2884118810bdc86dba8818b39566ca2838f552fcd937c81e1fb8131946149aef
  • Opcode Fuzzy Hash: 91a6792d17ab8da5c063fc52b6891d8e90763415b94fc1deed30383c9ff55ce3
  • Instruction Fuzzy Hash: B2F0EC74A04108EFCB04CF85D995AEDB7FAFB49300F2582A9E5099B351CF326E91DB94
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,light_combo_ZZCCmodeSelect), ref: 00164262
  • ?SelectItem1@CComboUI@DuiLib@@QAE_NH_N0@Z.DUILIB(?,00000000,00000000), ref: 00164290
Strings
  • light_combo_ZZCCmodeSelect, xrefs: 00164253
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$ComboFindI@2@Item1@ManagerName@PaintSelectV32@
  • String ID: light_combo_ZZCCmodeSelect
  • API String ID: 736304933-3703405831
  • Opcode ID: 8d3ea1e36ede0f9d8a9b53b0efa7e87dfc03331260cc6889fe884c431cf13843
  • Instruction ID: 151903179cbaa8e99bb17edddc659b3bc445ef79b27d073e3ab36321235e2d25
  • Opcode Fuzzy Hash: 8d3ea1e36ede0f9d8a9b53b0efa7e87dfc03331260cc6889fe884c431cf13843
  • Instruction Fuzzy Hash: D3F0FF74A04108FFDB04CF48D994BAAB7F6FB44300F2441ADE5455B740CB716E81DB95
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?Activate@CControlUI@DuiLib@@UAE_NXZ.DUILIB ref: 0015701A
  • ?SendNotify@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@PB_WIJ_N@Z.DUILIB(?,selectchanged,00000000,00000000,00000000), ref: 00157049
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$Activate@I@2@ManagerNotify@PaintSend
  • String ID: selectchanged
  • API String ID: 1828713822-2798667412
  • Opcode ID: 49806237fe99b48a6de3172b996b27c2ac861cd1623e8faa23567e717573abe3
  • Instruction ID: 6f6f03d05edbec38d7b17588bdde24843a679ac3a2a1cc2218b055898f9beb54
  • Opcode Fuzzy Hash: 49806237fe99b48a6de3172b996b27c2ac861cd1623e8faa23567e717573abe3
  • Instruction Fuzzy Hash: 40F0A970604208FBCB14CB40ED4ABB9B3B9AB45701F200188FD09AB2D1EB32AE05EB10
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(48591883,deng_speed_slider), ref: 00164042
  • ?SetValue@CSliderUI@DuiLib@@QAEXH@Z.DUILIB(?), ref: 0016406C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$FindI@2@ManagerName@PaintSliderV32@Value@
  • String ID: deng_speed_slider
  • API String ID: 1890132037-2437465925
  • Opcode ID: 13c8baf5aca9140b1c5e1cb84837d4824e59bc7d2804e27637575303bb8c6aba
  • Instruction ID: 8cb5a1bcccd9447f5163e6e794556d9b253c14f384b7402d6104312e76bdbdd8
  • Opcode Fuzzy Hash: 13c8baf5aca9140b1c5e1cb84837d4824e59bc7d2804e27637575303bb8c6aba
  • Instruction Fuzzy Hash: 57F0D074904208EFCB08CF94DA45BE9B7FAFB48300F2452A9E6099B355CB31AE51DB84
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,deng_colordp_btn,?,?,0016462E,00163D09), ref: 00164862
  • ?SetBkColor@CControlUI@DuiLib@@QAEXK@Z.DUILIB(00163D09,?,?,0016462E,00163D09), ref: 0016488C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Control$Lib@@$Color@FindI@2@ManagerName@PaintV32@
  • String ID: deng_colordp_btn
  • API String ID: 1279425795-2017018138
  • Opcode ID: 15ce60dc508ea8b7f0a6dc038e28ceb271a4c9d83e638a58da73c6a0d6a7ab2d
  • Instruction ID: 17c9659983edf8ec53089a53f1c844e89db2de999ca4cf76acc6a2b1726922c4
  • Opcode Fuzzy Hash: 15ce60dc508ea8b7f0a6dc038e28ceb271a4c9d83e638a58da73c6a0d6a7ab2d
  • Instruction Fuzzy Hash: AFF0A474A08108EFCB04CF95D954BA9B7FABB58300F2482ADE50A9B345CB31AE51DF84
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?Activate@CControlUI@DuiLib@@UAE_NXZ.DUILIB ref: 0015619A
  • ?SendNotify@CPaintManagerUI@DuiLib@@QAEXPAVCControlUI@2@PB_WIJ_N@Z.DUILIB(?,itemactivate,00000000,00000000,00000000), ref: 001561C9
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$Activate@I@2@ManagerNotify@PaintSend
  • String ID: itemactivate
  • API String ID: 1828713822-3379807108
  • Opcode ID: 630cd451821568df396dba41cf56a9af39fed7ed6db524825ca2d332c57f5db8
  • Instruction ID: 1e3e34901e7d87942f46336a40a43ccae032598058c5f30f8e5d3040850d595f
  • Opcode Fuzzy Hash: 630cd451821568df396dba41cf56a9af39fed7ed6db524825ca2d332c57f5db8
  • Instruction Fuzzy Hash: 22F0A030600208FBDB15DB40DD46BBCB3B8AB84301F200189ED099B291DB72AE05EB94
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_select), ref: 00157E42
  • ?SetGroup@COptionUI@DuiLib@@QAEXPB_W@Z.DUILIB(?), ref: 00157E6C
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$FindGroup@I@2@ManagerName@OptionPaintV32@
  • String ID: device_select
  • API String ID: 2031621041-2564987867
  • Opcode ID: bc2b796c23060235cd916796f948713e1ba1376f891fe1438e62b9595639fa0a
  • Instruction ID: e38e304393ed73d76c472e17c247808dc220b5ab5ca5f67b77c75100a12a7ba7
  • Opcode Fuzzy Hash: bc2b796c23060235cd916796f948713e1ba1376f891fe1438e62b9595639fa0a
  • Instruction Fuzzy Hash: 4FF0FF74508208EFC704CF54D545AADB7F5FB48301F2481EDE9195B241DB319E41DF80
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(48591883,deng_light_slider), ref: 00163F82
  • ?SetValue@CSliderUI@DuiLib@@QAEXH@Z.DUILIB(?), ref: 00163FAC
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$FindI@2@ManagerName@PaintSliderV32@Value@
  • String ID: deng_light_slider
  • API String ID: 1890132037-3011398087
  • Opcode ID: a09982a395c5490dbf6ef910ef56526420cc50d8c1906dfe47b85c4c14253bbc
  • Instruction ID: fb83379b192cfe5f25cc6314c150738a4b630865a22455793a98ebd36bf6c56c
  • Opcode Fuzzy Hash: a09982a395c5490dbf6ef910ef56526420cc50d8c1906dfe47b85c4c14253bbc
  • Instruction Fuzzy Hash: 44F0BD74908208EFC704DF94D944BA9B7FABB48301F2442E9E54997345CB32AE51DF91
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,synchro_device_select), ref: 00157332
  • ?IsSelected@COptionUI@DuiLib@@QBE_NXZ.DUILIB ref: 0015735A
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$FindI@2@ManagerName@OptionPaintSelected@V32@
  • String ID: synchro_device_select
  • API String ID: 1895466666-3935942751
  • Opcode ID: eb1a1f03e2667a3a53edeb992b6e233e1217727f75aef0eaaefcc314edeef43d
  • Instruction ID: b128a1ac0c225333fc9e5ed5fde40d29af1e4cf367ca9dfbf1afd687c1316784
  • Opcode Fuzzy Hash: eb1a1f03e2667a3a53edeb992b6e233e1217727f75aef0eaaefcc314edeef43d
  • Instruction Fuzzy Hash: 4EF0D074909208EFCB04CF54D645FA9B7F6FB44711F2852E9D8095B355DB31AE44EB80
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?FindSubControlByName@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PAV32@PB_W@Z.DUILIB(?,device_select), ref: 00157402
  • ?IsSelected@COptionUI@DuiLib@@QBE_NXZ.DUILIB ref: 0015742A
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ControlLib@@$FindI@2@ManagerName@OptionPaintSelected@V32@
  • String ID: device_select
  • API String ID: 1895466666-2564987867
  • Opcode ID: 24d32c5266c1daf7a2f29771f6e6d6af3adf6693cc620f11d7864ea91b6c1d35
  • Instruction ID: 583c27a3ebce1ac0d5328a8c3a15a140d0b0fd8d2046ad4d7287606f6ddfd912
  • Opcode Fuzzy Hash: 24d32c5266c1daf7a2f29771f6e6d6af3adf6693cc620f11d7864ea91b6c1d35
  • Instruction Fuzzy Hash: 35F0BD74A08208EFCB04CB94E545AA9B7F6BB48311F2481E9D8195B255CB319E45DF80
Uniqueness

Uniqueness Score: -1.00%

APIs
  • ?CompareNoCase@CDuiString@DuiLib@@QBEHPB_W@Z.DUILIB(windowinit), ref: 00155ADF
  • ?Notify@WindowImplBase@DuiLib@@UAEXAAUtagTNotifyUI@2@@Z.DUILIB(?), ref: 00155AEC
Strings
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: Lib@@$Base@Case@CompareI@2@@ImplNotifyNotify@String@UtagWindow
  • String ID: windowinit
  • API String ID: 4095636171-3894911279
  • Opcode ID: 1eaf6b912fddcbf453587875217ee951ccbb1a59a62ecd4f527258fae6e0de76
  • Instruction ID: 5ab0bce81fd9a444b8e9946f7bb86bb74de685e5f425d60617cd62ec865b3daf
  • Opcode Fuzzy Hash: 1eaf6b912fddcbf453587875217ee951ccbb1a59a62ecd4f527258fae6e0de76
  • Instruction Fuzzy Hash: EDD05EB050820CFBCB04CF84DC4EDA9BBACEB04300B008099F80583350CA316E00CBA0
Uniqueness

Uniqueness Score: -1.00%

C-Code - Quality: 100%
			E0036488E(void* __edx, short* _a4, char* _a8, int _a12, intOrPtr _a16) {
				char* _v8;
				int _v12;
				char _v16;
				char _v24;
				char _v28;
				void* __ebx;
				char _t34;
				int _t35;
				int _t38;
				long _t39;
				char* _t42;
				int _t44;
				int _t47;
				int _t53;
				intOrPtr _t55;
				void* _t56;
				char* _t57;
				char* _t62;
				char* _t63;
				void* _t64;
				int _t65;
				short* _t67;
				short* _t68;
				int _t69;
				intOrPtr* _t70;

				_t64 = __edx;
				_t53 = _a12;
				_t67 = _a4;
				_t68 = 0;
				if(_t67 == 0) {
					L3:
					if(_a8 != _t68) {
						E0034D2FA(_t53,  &_v28, _t64, _a16);
						_t34 = _v24;
						__eflags = _t67;
						if(_t67 == 0) {
							__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
							if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
								_t69 = _t68 | 0xffffffff;
								_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t68, _t68);
								__eflags = _t35;
								if(_t35 != 0) {
									L29:
									_t28 = _t35 - 1; // -1
									_t69 = _t28;
									L30:
									__eflags = _v16;
									if(_v16 != 0) {
										_t55 = _v28;
										_t31 = _t55 + 0x350;
										 *_t31 =  *(_t55 + 0x350) & 0xfffffffd;
										__eflags =  *_t31;
									}
									return _t69;
								}
								 *((intOrPtr*)(E0035013D())) = 0x2a;
								goto L30;
							}
							_t70 = _a8;
							_t25 = _t70 + 1; // 0x1
							_t56 = _t25;
							do {
								_t38 =  *_t70;
								_t70 = _t70 + 1;
								__eflags = _t38;
							} while (_t38 != 0);
							_t69 = _t70 - _t56;
							goto L30;
						}
						__eflags =  *((intOrPtr*)(_t34 + 0xa8)) - _t68;
						if( *((intOrPtr*)(_t34 + 0xa8)) != _t68) {
							_t69 = _t68 | 0xffffffff;
							_t35 = MultiByteToWideChar( *(_t34 + 8), 9, _a8, _t69, _t67, _t53);
							__eflags = _t35;
							if(_t35 != 0) {
								goto L29;
							}
							_t39 = GetLastError();
							__eflags = _t39 - 0x7a;
							if(_t39 != 0x7a) {
								L21:
								 *((intOrPtr*)(E0035013D())) = 0x2a;
								 *_t67 = 0;
								goto L30;
							}
							_t42 = _a8;
							_t57 = _t42;
							_v8 = _t57;
							_t65 = _t53;
							__eflags = _t53;
							if(_t53 == 0) {
								L20:
								_t44 = MultiByteToWideChar( *(_v24 + 8), 1, _t42, _t57 - _t42, _t67, _t53);
								__eflags = _t44;
								if(_t44 != 0) {
									_t69 = _t44;
									goto L30;
								}
								goto L21;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								_t45 =  *_t57;
								_v12 = _t65 - 1;
								__eflags =  *_t57;
								if(__eflags == 0) {
									break;
								}
								_t47 = E00356F0A(__eflags, _t45 & 0x000000ff,  &_v24);
								_t62 = _v8;
								__eflags = _t47;
								if(_t47 == 0) {
									L18:
									_t65 = _v12;
									_t57 = _t62 + 1;
									_v8 = _t57;
									__eflags = _t65;
									if(_t65 != 0) {
										continue;
									}
									break;
								}
								_t62 = _t62 + 1;
								__eflags =  *_t62;
								if( *_t62 == 0) {
									goto L21;
								}
								goto L18;
							}
							_t42 = _a8;
							goto L20;
						}
						__eflags = _t53;
						if(_t53 == 0) {
							goto L30;
						}
						_t63 = _a8;
						while(1) {
							 *_t67 =  *(_t68 + _t63) & 0x000000ff;
							__eflags =  *(_t68 + _t63);
							if( *(_t68 + _t63) == 0) {
								goto L30;
							}
							_t68 =  &(_t68[0]);
							_t67 =  &(_t67[1]);
							__eflags = _t68 - _t53;
							if(_t68 < _t53) {
								continue;
							}
							goto L30;
						}
						goto L30;
					}
					 *((intOrPtr*)(E0035013D())) = 0x16;
					return E0034D667() | 0xffffffff;
				}
				if(_t53 != 0) {
					 *_t67 = 0;
					goto L3;
				}
				return 0;
			}




























0x0036488e
0x00364897
0x0036489c
0x0036489f
0x003648a3
0x003648b2
0x003648b5
0x003648d5
0x003648da
0x003648dd
0x003648df
0x003649ad
0x003649b3
0x003649c8
0x003649d4
0x003649da
0x003649dc
0x003649eb
0x003649eb
0x003649eb
0x003649ee
0x003649ee
0x003649f2
0x003649f4
0x003649f7
0x003649f7
0x003649f7
0x003649f7
0x00000000
0x003649fe
0x003649e3
0x00000000
0x003649e3
0x003649b5
0x003649b8
0x003649b8
0x003649bb
0x003649bb
0x003649bd
0x003649be
0x003649be
0x003649c2
0x00000000
0x003649c2
0x003648e5
0x003648eb
0x00364918
0x00364924
0x0036492a
0x0036492c
0x00000000
0x00000000
0x00364932
0x00364938
0x0036493b
0x00364997
0x0036499c
0x003649a4
0x00000000
0x003649a4
0x0036493d
0x00364940
0x00364942
0x00364945
0x00364947
0x00364949
0x0036497f
0x0036498d
0x00364993
0x00364995
0x003649a9
0x00000000
0x003649a9
0x00000000
0x00000000
0x00000000
0x00000000
0x0036494b
0x0036494b
0x0036494b
0x0036494e
0x00364951
0x00364953
0x00000000
0x00000000
0x0036495d
0x00364964
0x00364967
0x00364969
0x00364971
0x00364971
0x00364974
0x00364975
0x00364978
0x0036497a
0x00000000
0x00000000
0x00000000
0x0036497a
0x0036496b
0x0036496c
0x0036496f
0x00000000
0x00000000
0x00000000
0x0036496f
0x0036497c
0x00000000
0x0036497c
0x003648ed
0x003648ef
0x00000000
0x00000000
0x003648f5
0x003648f8
0x003648fc
0x003648ff
0x00364903
0x00000000
0x00000000
0x00364909
0x0036490a
0x0036490d
0x0036490f
0x00000000
0x00000000
0x00000000
0x00364911
0x00000000
0x003648f8
0x003648bc
0x00000000
0x003648c7
0x003648a9
0x003648af
0x00000000
0x003648af
0x00364a06

APIs
  • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?), ref: 00364924
  • GetLastError.KERNEL32 ref: 00364932
  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000), ref: 0036498D
Memory Dump Source
  • Source File: 00000000.00000002.642577313.0000000000151000.00000020.00000001.01000000.00000003.sdmp, Offset: 00150000, based on PE: true
  • Associated: 00000000.00000002.642573071.0000000000150000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642907417.0000000000389000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642912500.000000000038B000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.642995843.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643004679.0000000000415000.00000008.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643018366.000000000042A000.00000002.00000001.01000000.00000003.sdmpDownload File
  • Associated: 00000000.00000002.643034427.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_150000_SecuriteInfo.jbxd
Similarity
  • API ID: ByteCharMultiWide$ErrorLast
  • String ID:
  • API String ID: 1717984340-0
  • Opcode ID: e61db729a95fa273f0468945564b9f173c7d2af52c7502eae26e5ef8e8c24f02
  • Instruction ID: 00ebbff614d1698f7e3be74d87cd9210d7a3974c8fc371efb45a7f007fb54bb4
  • Opcode Fuzzy Hash: e61db729a95fa273f0468945564b9f173c7d2af52c7502eae26e5ef8e8c24f02
  • Instruction Fuzzy Hash: 7641E234A40256AFCF238F64D844BBB7BF9EF01360F16C1A9E8599B2A8DB318D01C750
Uniqueness

Uniqueness Score: -1.00%