Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report CL-Eye-Driver-5.3.0.0341-Emuline.exe

Overview

General Information

Sample Name:CL-Eye-Driver-5.3.0.0341-Emuline.exe
Analysis ID:343519
MD5:64112c1df0d80d195d006da9c15bf710
SHA1:f0bfbc32171ecfb03614470b9c06ef34c07e66b0
SHA256:29cbd9d9bc6571d15d6a2b29dd2532fe6c7fb81d255778deb40f64dc79502bf5

Most interesting Screenshot:

Detection

Score:20
Range:0 - 100
Whitelisted:false
Confidence:40%

Compliance

Score:17
Range:0 - 100

Signatures

Uses cmd line tools excessively to alter registry or file data
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to communicate with device drivers
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the driver directory
Creates files inside the system directory
DLL planting / hijacking vulnerabilities found
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
EXE planting / hijacking vulnerabilities found
Enables driver privileges
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains strange resources
Queries device information via Setup API
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior



Startup

  • System is w10x64
  • CL-Eye-Driver-5.3.0.0341-Emuline.exe (PID: 6764 cmdline: 'C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe' -install MD5: 64112C1DF0D80D195D006DA9C15BF710)
    • CertMgr.exe (PID: 2108 cmdline: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nst827B.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisher MD5: 1444BCFEFF029BB1E9B1CA3B896CD143)
      • conhost.exe (PID: 3660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wdreg.exe (PID: 6536 cmdline: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat install MD5: D0047E39B0DFD11EC2A50E2A45C2D9BE)
      • conhost.exe (PID: 4240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • regsvr32.exe (PID: 4768 cmdline: regsvr32 /s PS3EyeAxFilter.ax MD5: 426E7499F6A7346F0410DEAD0805586B)
  • CL-Eye-Driver-5.3.0.0341-Emuline.exe (PID: 6852 cmdline: 'C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe' /install MD5: 64112C1DF0D80D195D006DA9C15BF710)
    • rundll32.exe (PID: 6484 cmdline: rundll32 C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CLEyeCleaner.dll,Clean MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • wdreg.exe (PID: 6752 cmdline: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat uninstall MD5: D0047E39B0DFD11EC2A50E2A45C2D9BE)
      • conhost.exe (PID: 6828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • regsvr32.exe (PID: 6824 cmdline: regsvr32 /s /u PS3EyeAxFilter.ax MD5: 426E7499F6A7346F0410DEAD0805586B)
    • CertMgr.exe (PID: 4620 cmdline: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisher MD5: 1444BCFEFF029BB1E9B1CA3B896CD143)
      • conhost.exe (PID: 5052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wdreg.exe (PID: 5728 cmdline: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat install MD5: D0047E39B0DFD11EC2A50E2A45C2D9BE)
      • conhost.exe (PID: 4692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • regsvr32.exe (PID: 5156 cmdline: regsvr32 /s PS3EyeAxFilter.ax MD5: 426E7499F6A7346F0410DEAD0805586B)
  • CL-Eye-Driver-5.3.0.0341-Emuline.exe (PID: 6916 cmdline: 'C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe' /load MD5: 64112C1DF0D80D195D006DA9C15BF710)
    • rundll32.exe (PID: 6684 cmdline: rundll32 C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CLEyeCleaner.dll,Clean MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • wdreg.exe (PID: 6912 cmdline: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat uninstall MD5: D0047E39B0DFD11EC2A50E2A45C2D9BE)
      • conhost.exe (PID: 6928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • regsvr32.exe (PID: 5792 cmdline: regsvr32 /s /u PS3EyeAxFilter.ax MD5: 426E7499F6A7346F0410DEAD0805586B)
    • CertMgr.exe (PID: 5952 cmdline: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisher MD5: 1444BCFEFF029BB1E9B1CA3B896CD143)
      • conhost.exe (PID: 5740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wdreg.exe (PID: 6500 cmdline: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat install MD5: D0047E39B0DFD11EC2A50E2A45C2D9BE)
      • conhost.exe (PID: 7048 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • regsvr32.exe (PID: 6448 cmdline: regsvr32 /s PS3EyeAxFilter.ax MD5: 426E7499F6A7346F0410DEAD0805586B)
  • drvinst.exe (PID: 6668 cmdline: DrvInst.exe '4' '0' 'C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001AC' 'WinSta0\Default' '00000000000001B0' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver' MD5: 46F5A16FA391AB6EA97C602B4D2E7819)
  • drvinst.exe (PID: 7040 cmdline: DrvInst.exe '4' '20' 'C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001AC' 'WinSta0\Default' '00000000000001B0' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver' MD5: 46F5A16FA391AB6EA97C602B4D2E7819)
  • drvinst.exe (PID: 7104 cmdline: DrvInst.exe '4' '20' 'C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001D0' 'WinSta0\Default' '00000000000001D8' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver' MD5: 46F5A16FA391AB6EA97C602B4D2E7819)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00467E7F HeapSetInformation,LoadStringW,LoadStringW,LoadStringW,LoadStringA,LoadStringW,LoadStringW,LoadStringW,CryptUIDlgCertMgr,CryptMsgClose,CertCloseStore,7_2_00467E7F
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_0046644E CryptMsgGetParam,printf,printf,printf,CryptMsgGetAndVerifySigner,CertFreeCertificateContext,7_2_0046644E
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00461A5B strtok,strtok,strtok,SetLastError,CryptEncodeObject,CryptEncodeObject,CryptEncodeObject,CertEnumCertificatesInStore,CertEnumCertificatesInStore,CertSetCertificateContextProperty,CertSetCertificateContextProperty,CertSetCertificateContextProperty,CertEnumCertificatesInStore,CertFreeCertificateContext,7_2_00461A5B
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00468163 CryptFindOIDInfo,7_2_00468163
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00462B61 CryptDecodeObject,printf,7_2_00462B61
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00463272 CryptFindOIDInfo,7_2_00463272
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00463C7E CryptSIPRetrieveSubjectGuid,CryptSIPLoad,memset,CertOpenStore,CryptMsgOpenToDecode,CertCloseStore,CryptMsgUpdate,CertCloseStore,CryptMsgClose,7_2_00463C7E
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_004682C8 CryptDecodeObject,CryptDecodeObject,CryptDecodeObject,7_2_004682C8
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00465CD6 printf,CertGetCertificateContextProperty,CertGetCertificateContextProperty,CertGetCertificateContextProperty,CryptAcquireContextA,CryptHashPublicKeyInfo,CryptReleaseContext,CertGetCertificateContextProperty,CertGetCertificateContextProperty,printf,printf,printf,CertGetPublicKeyLength,printf,printf,printf,7_2_00465CD6
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_004681D0 printf,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,7_2_004681D0
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_004622DB CryptStringToBinaryA,CryptStringToBinaryA,GetLastError,CryptStringToBinaryA,GetLastError,7_2_004622DB
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00462FF4 CryptDecodeObject,printf,printf,printf,7_2_00462FF4
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_004617F3 GetModuleHandleA,CryptInitOIDFunctionSet,CryptInstallOIDFunctionAddress,7_2_004617F3
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00462BFA CryptDecodeObject,printf,7_2_00462BFA
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00462390 CryptStringToBinaryW,CryptStringToBinaryW,GetLastError,CryptStringToBinaryW,GetLastError,7_2_00462390
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_004632A1 CryptGetOIDFunctionAddress,wprintf,CryptFreeOIDFunctionAddress,7_2_004632A1
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_004681A9 CryptFindOIDInfo,7_2_004681A9
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F7E7F HeapSetInformation,LoadStringW,LoadStringW,LoadStringW,LoadStringA,LoadStringW,LoadStringW,LoadStringW,CryptUIDlgCertMgr,CryptMsgClose,CertCloseStore,22_2_003F7E7F
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F3C7E CryptSIPRetrieveSubjectGuid,CryptSIPLoad,memset,CertOpenStore,CryptMsgOpenToDecode,CertCloseStore,CryptMsgUpdate,CertCloseStore,CryptMsgClose,22_2_003F3C7E
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F3272 CryptFindOIDInfo,22_2_003F3272
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F8163 CryptFindOIDInfo,22_2_003F8163
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F2B61 CryptDecodeObject,printf,22_2_003F2B61
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F1A5B strtok,strtok,strtok,SetLastError,CryptEncodeObject,CryptEncodeObject,CryptEncodeObject,CertEnumCertificatesInStore,CertEnumCertificatesInStore,CertSetCertificateContextProperty,CertSetCertificateContextProperty,CertSetCertificateContextProperty,CertEnumCertificatesInStore,CertFreeCertificateContext,22_2_003F1A5B
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F644E CryptMsgGetParam,printf,printf,printf,CryptMsgGetAndVerifySigner,CertFreeCertificateContext,22_2_003F644E
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F81A9 CryptFindOIDInfo,22_2_003F81A9
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F32A1 CryptGetOIDFunctionAddress,wprintf,CryptFreeOIDFunctionAddress,22_2_003F32A1
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F2390 CryptStringToBinaryW,CryptStringToBinaryW,GetLastError,CryptStringToBinaryW,GetLastError,22_2_003F2390
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F2BFA CryptDecodeObject,printf,22_2_003F2BFA
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F2FF4 CryptDecodeObject,printf,printf,printf,22_2_003F2FF4
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F17F3 GetModuleHandleA,CryptInitOIDFunctionSet,CryptInstallOIDFunctionAddress,22_2_003F17F3
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F22DB CryptStringToBinaryA,CryptStringToBinaryA,GetLastError,CryptStringToBinaryA,GetLastError,22_2_003F22DB
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F5CD6 printf,CertGetCertificateContextProperty,CertGetCertificateContextProperty,CertGetCertificateContextProperty,CryptAcquireContextA,CryptHashPublicKeyInfo,CryptReleaseContext,CertGetCertificateContextProperty,CertGetCertificateContextProperty,printf,printf,printf,CertGetPublicKeyLength,printf,printf,printf,22_2_003F5CD6
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F81D0 printf,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,22_2_003F81D0
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F82C8 CryptDecodeObject,CryptDecodeObject,CryptDecodeObject,22_2_003F82C8
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00147E7F HeapSetInformation,LoadStringW,LoadStringW,LoadStringW,LoadStringA,LoadStringW,LoadStringW,LoadStringW,CryptUIDlgCertMgr,CryptMsgClose,CertCloseStore,24_2_00147E7F
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00141A5B strtok,strtok,strtok,SetLastError,CryptEncodeObject,CryptEncodeObject,CryptEncodeObject,CertEnumCertificatesInStore,CertEnumCertificatesInStore,CertSetCertificateContextProperty,CertSetCertificateContextProperty,CertSetCertificateContextProperty,CertEnumCertificatesInStore,CertFreeCertificateContext,24_2_00141A5B
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_0014644E CryptMsgGetParam,printf,printf,printf,CryptMsgGetAndVerifySigner,CertFreeCertificateContext,24_2_0014644E
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00143272 CryptFindOIDInfo,24_2_00143272
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00143C7E CryptSIPRetrieveSubjectGuid,CryptSIPLoad,memset,CertOpenStore,CryptMsgOpenToDecode,CertCloseStore,CryptMsgUpdate,CertCloseStore,CryptMsgClose,24_2_00143C7E
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00142B61 CryptDecodeObject,printf,24_2_00142B61
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00148163 CryptFindOIDInfo,24_2_00148163
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00142390 CryptStringToBinaryW,CryptStringToBinaryW,GetLastError,CryptStringToBinaryW,GetLastError,24_2_00142390
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_001432A1 CryptGetOIDFunctionAddress,wprintf,CryptFreeOIDFunctionAddress,24_2_001432A1
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_001481A9 CryptFindOIDInfo,24_2_001481A9
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00145CD6 printf,CertGetCertificateContextProperty,CertGetCertificateContextProperty,CertGetCertificateContextProperty,CryptAcquireContextA,CryptHashPublicKeyInfo,CryptReleaseContext,CertGetCertificateContextProperty,CertGetCertificateContextProperty,printf,printf,printf,CertGetPublicKeyLength,printf,printf,printf,24_2_00145CD6
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_001481D0 printf,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,24_2_001481D0
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_001422DB CryptStringToBinaryA,CryptStringToBinaryA,GetLastError,CryptStringToBinaryA,GetLastError,24_2_001422DB
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_001482C8 CryptDecodeObject,CryptDecodeObject,CryptDecodeObject,24_2_001482C8
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00142FF4 CryptDecodeObject,printf,printf,printf,24_2_00142FF4
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_001417F3 GetModuleHandleA,CryptInitOIDFunctionSet,CryptInstallOIDFunctionAddress,24_2_001417F3
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00142BFA CryptDecodeObject,printf,24_2_00142BFA
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: LINKINFO.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: USP10.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: RichEd20.DLLJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeEXE: regsvr32.exeJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeEXE: rundll32.exeJump to behavior

Compliance:

barindex
DLL planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: LINKINFO.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: USP10.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: SHFOLDER.DLLJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: RichEd20.DLLJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDLL: msls31.dllJump to behavior
EXE planting / hijacking vulnerabilities foundShow sources
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeEXE: regsvr32.exeJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeEXE: rundll32.exeJump to behavior
Uses 32bit PE filesShow sources
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Found installer window with terms and condition textShow sources
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeWindow detected: < &BackI &AgreeCancelCode Laboratories Inc. Code Laboratories Inc.License AgreementPlease review the license terms before installing CL-Eye Driver.Press Page Down to see the rest of the agreement.CL-EYE PLATFORM END USER LICENSE AGREEMENTUpdated: February 16th 2010 v1.1BY USING THIS SOFTWARE YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT DO NOT USE THIS SOFTWARE AND ERASE ANY COPIES WHICH YOU HAVE OBTAINED.REDISTRIBUTION NOT PERMITTED GRANTCode Laboratories Inc. (CodeLabs) hereby grants you a non-exclusive license to use its accompanying software product (Software).Except as specified in section SDK REDISTRIBUTION you may not: Permit other individuals to use the Software; Modify translate reverse engineer de-compile disassemble (except to the extent applicable laws specifically prohibit such restriction) create derivative works based on the Software; Copy the Software (except for back-up purposes); Rent lease transfer or otherwise transfer rights to the Software or Remove any proprietary notices or labels on the Software.This license does not grant you any right to any enhancement or updates.TITLETitle ownership rights and intellectual property rights in and to the Software shall remain with CodeLabs. The Software copyright laws of the United States and international copyright treaties protect the Software. Title ownership rights and intellectual property rights in and to the content accessed through the Software is the property of the applicable content owner and may be protected by applicable copyright or other law. This License gives you no rights to such content.DISCLAIMER OF WARRANTYThe Software is provided on an AS IS basis without warranty of any kind including without limitation the warranties of merchantability fitness for a particular purpose and non-infringement. The entire risk as to the quality and performance of the Software is borne by you. Should the Software prove defective you and not CodeLabs assume the entire cost of any service and repair. You must determine that the Software sufficiently meets your requirements. This disclaimer of warranty constitutes an essential part of the agreement.SOME STATES DO NOT ALLOW EXCLUSIONS OF AN IMPLIED WARRANTY SO THIS DISCLAIMER MAY NOT APPLY TO YOU AND YOU MAY HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE OR BY JURISDICTION.LIMITATION OF LIABILITYUNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY TORT CONTRACT OR OTHERWISE SHALL CODELABS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF GOODWILL WORK STOPPAGE COMPUTER FAILURE OR MALFUNCTION OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT SHALL (THE CODE LABS) BE LIABLE FOR ANY DAMAGES IN EXCESS OF CODELABS LIST PRICE FOR A LICENSE TO THE SOFTWARE EVEN IF CODELABS SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAG
PE / OLE file has a valid certificateShow sources
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exeStatic PE information: certificate valid
Binary contains paths to debug symbolsShow sources
Source: Binary string: CertMgr.pdb source: CertMgr.exe
Source: Binary string: sfxcab.pdb source: drvinst.exe, 0000000D.00000003.706671348.0000024306801000.00000004.00000001.sdmp
Source: Binary string: C:\cygwin\home\adid\src\wd\wd.1021\samples\wdreg\WIN32\wdreg.pdb source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000000.00000002.738883047.0000000002972000.00000004.00000001.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000001.00000002.782563410.00000000028D9000.00000004.00000001.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.775338440.00000000028DB000.00000004.00000001.sdmp
Source: Binary string: WinUsbCoinstaller2.pdb source: drvinst.exe, 0000000D.00000003.706671348.0000024306801000.00000004.00000001.sdmp
Source: Binary string: C:\cygwin\home\adid\src\wd\wd.1021\samples\wdreg\WIN32\wdreg.pdb D` source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000000.00000002.738883047.0000000002972000.00000004.00000001.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000001.00000002.782563410.00000000028D9000.00000004.00000001.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.775338440.00000000028DB000.00000004.00000001.sdmp
Source: Binary string: WinUsbCoinstaller2.pdbH source: drvinst.exe, 0000000D.00000003.706671348.0000024306801000.00000004.00000001.sdmp
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 1_2_00405E61 FindFirstFileA,FindClose,1_2_00405E61
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 1_2_0040263E FindFirstFileA,1_2_0040263E
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 1_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_0040548B
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 4x nop then movzx eax, byte ptr [rbx]9_2_0000000140006040
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 4x nop then movzx eax, byte ptr [rsi+rcx]9_2_0000000140006160
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 4x nop then movzx eax, byte ptr [rbp+00h]9_2_0000000140006260
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 4x nop then xor eax, eax9_2_00000001400092A0
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.775207238.0000000002824000.00000004.00000001.sdmpString found in binary or memory: http://codelaboratories.com
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.775207238.0000000002824000.00000004.00000001.sdmpString found in binary or memory: http://codelaboratories.com/eye
Source: drvinst.exe, 0000000D.00000003.707080783.00000243060F2000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: drvinst.exe, 0000000D.00000003.707080783.00000243060F2000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: drvinst.exe, 0000000D.00000003.707080783.00000243060F2000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en=
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.774021262.0000000000409000.00000004.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000000.00000000.647082657.0000000000409000.00000008.00020000.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.774021262.0000000000409000.00000004.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: wdreg.exe, wdreg.exe, 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp, wdreg.exe, 0000000F.00000002.728602020.0000000140026000.00000002.00020000.sdmp, wdreg.exe, 0000000F.00000000.712157936.0000000140019000.00000002.00020000.sdmp, wdreg.exe, 00000012.00000002.731402421.0000000140026000.00000002.00020000.sdmpString found in binary or memory: http://www.jungo.com
Source: wdreg.exeString found in binary or memory: http://www.jungo.comCommand
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_00405042 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405042
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeFile created: C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\SETE2AA.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\SET3280.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeFile created: C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\SET335B.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\ps3eyecamera.catJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CodeLabs.cerJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\SET37A0.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\SETE76D.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CodeLabs.cerJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CodeLabs.cerJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeFile created: C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\SET2E88.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_00000001400092A0: CreateFileA,DeviceIoControl,CloseHandle,9_2_00000001400092A0
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_00000001400086D0 OpenServiceA,GetLastError,DeleteService,GetLastError,ControlService,GetLastError,CloseServiceHandle,CloseServiceHandle,Sleep,OpenServiceA,9_2_00000001400086D0
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040323C
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 1_2_0040323C EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,1_2_0040323C
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}Jump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Windows\system32\CLEyeDevices.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile deleted: C:\Windows\System32\CLEyeDevices.dllJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_004048530_2_00404853
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_004061310_2_00406131
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 1_2_004048531_2_00404853
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 1_2_004061311_2_00406131
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_004657BD7_2_004657BD
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140003B209_2_0000000140003B20
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_00000001400138849_2_0000000140013884
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_00000001400164E49_2_00000001400164E4
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140016D5C9_2_0000000140016D5C
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_00000001400121A89_2_00000001400121A8
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140012DC49_2_0000000140012DC4
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140015DEC9_2_0000000140015DEC
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_000000014000B2909_2_000000014000B290
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_00000001400132A09_2_00000001400132A0
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140012AE49_2_0000000140012AE4
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_00000001400176EC9_2_00000001400176EC
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_000000014000BB349_2_000000014000BB34
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_000000014000CF449_2_000000014000CF44
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_000000014000C74C9_2_000000014000C74C
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F57BD22_2_003F57BD
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_001457BD24_2_001457BD
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess token adjusted: Load DriverJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess token adjusted: SecurityJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: String function: 004029F6 appears 52 times
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: String function: 00405B66 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: String function: 00000001400066E0 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: String function: 0000000140009150 appears 63 times
Source: SETE2DB.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 1639755 bytes, 2 files
Source: SETE34A.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 256987 bytes, 4 files
Source: SETE34A.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: SETE76F.tmp.13.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 1639755 bytes, 2 files
Source: SETE79F.tmp.13.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 256987 bytes, 4 files
Source: SETE79F.tmp.13.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: SET2EB9.tmp.26.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 1639755 bytes, 2 files
Source: SET2EE9.tmp.26.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 256987 bytes, 4 files
Source: SET2EE9.tmp.26.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: SET338C.tmp.28.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 1639755 bytes, 2 files
Source: SET3429.tmp.28.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 256987 bytes, 4 files
Source: SET3429.tmp.28.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: SET3282.tmp.29.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 1639755 bytes, 2 files
Source: SET32F0.tmp.29.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 256987 bytes, 4 files
Source: SET32F0.tmp.29.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: SET37A2.tmp.31.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 1639755 bytes, 2 files
Source: SET3801.tmp.31.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 256987 bytes, 4 files
Source: SET3801.tmp.31.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000000.00000000.647098144.000000000043C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCL-Eye-Driver-5.3.0.0341.exed" vs CL-Eye-Driver-5.3.0.0341-Emuline.exe
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000000.00000002.738795123.00000000028BB000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamewdreg.exeb! vs CL-Eye-Driver-5.3.0.0341-Emuline.exe
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000000.00000002.738325195.00000000023F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs CL-Eye-Driver-5.3.0.0341-Emuline.exe
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000001.00000002.782225546.0000000002822000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamewdreg.exeb! vs CL-Eye-Driver-5.3.0.0341-Emuline.exe
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000001.00000000.654222572.000000000043C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCL-Eye-Driver-5.3.0.0341.exed" vs CL-Eye-Driver-5.3.0.0341-Emuline.exe
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000001.00000002.783928651.0000000006910000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs CL-Eye-Driver-5.3.0.0341-Emuline.exe
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.775207238.0000000002824000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamewdreg.exeb! vs CL-Eye-Driver-5.3.0.0341-Emuline.exe
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.777323798.0000000006910000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs CL-Eye-Driver-5.3.0.0341-Emuline.exe
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.774135190.000000000043C000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCL-Eye-Driver-5.3.0.0341.exed" vs CL-Eye-Driver-5.3.0.0341-Emuline.exe
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
Source: SETE2DB.tmp.9.drStatic PE information: Section: .rsrc ZLIB complexity 0.998562932274
Source: SETE76F.tmp.13.drStatic PE information: Section: .rsrc ZLIB complexity 0.998562932274
Source: SET2EB9.tmp.26.drStatic PE information: Section: .rsrc ZLIB complexity 0.998562932274
Source: SET338C.tmp.28.drStatic PE information: Section: .rsrc ZLIB complexity 0.998562932274
Source: SET3282.tmp.29.drStatic PE information: Section: .rsrc ZLIB complexity 0.998562932274
Source: SET37A2.tmp.31.drStatic PE information: Section: .rsrc ZLIB complexity 0.998562932274
Source: classification engineClassification label: sus20.evad.winEXE@44/80@0/0
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_00000001400019F0 GetLastError,FormatMessageA,LocalFree,9_2_00000001400019F0
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_00404356 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404356
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: OpenServiceA,CloseServiceHandle,GetLastError,CreateServiceA,CloseServiceHandle,CloseServiceHandle,9_2_0000000140008500
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_00402020 CoCreateInstance,MultiByteToWideChar,0_2_00402020
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140008930 OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,9_2_0000000140008930
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Program Files (x86)\Code LaboratoriesJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\Public\Desktop\CL-Eye Test.lnkJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5740:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6928:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7048:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4240:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6828:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4692:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3660:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5052:120:WilError_01
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz824B.tmpJump to behavior
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CLEyeCleaner.dll,Clean
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exeString found in binary or memory: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exeString found in binary or memory: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exeString found in binary or memory: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exeString found in binary or memory: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install
Source: wdreg.exeString found in binary or memory: -startup
Source: wdreg.exeString found in binary or memory: Please specify a startup level after the '-startup' option
Source: wdreg.exeString found in binary or memory: Please specify one of those values after the '-startup' option boot, system, automatic, demand, disabled
Source: wdreg.exeString found in binary or memory: Pre-installing
Source: wdreg.exeString found in binary or memory: Please specify one of those values after the '-startup' option boot, system, automatic, demand, disabled
Source: wdreg.exeString found in binary or memory: Please specify a startup level after the '-startup' option
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile read: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe 'C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe' -install
Source: unknownProcess created: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe 'C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe' /install
Source: unknownProcess created: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe 'C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe' /load
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nst827B.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisher
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat install
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CLEyeCleaner.dll,Clean
Source: unknownProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe '4' '0' 'C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001AC' 'WinSta0\Default' '00000000000001B0' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver'
Source: unknownProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CLEyeCleaner.dll,Clean
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat uninstall
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s PS3EyeAxFilter.ax
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat uninstall
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s /u PS3EyeAxFilter.ax
Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s /u PS3EyeAxFilter.ax
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exe C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisher
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exe C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisher
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat install
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat install
Source: unknownProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe '4' '20' 'C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001AC' 'WinSta0\Default' '00000000000001B0' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver'
Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe '4' '20' 'C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001D0' 'WinSta0\Default' '00000000000001D8' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver'
Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s PS3EyeAxFilter.ax
Source: unknownProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s PS3EyeAxFilter.ax
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nst827B.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisherJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat installJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s PS3EyeAxFilter.axJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CLEyeCleaner.dll,CleanJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat uninstallJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s /u PS3EyeAxFilter.axJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exe C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisherJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat installJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s PS3EyeAxFilter.axJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CLEyeCleaner.dll,CleanJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat uninstallJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s /u PS3EyeAxFilter.axJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exe C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisherJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat installJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s PS3EyeAxFilter.axJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeAutomated click: Next >
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeAutomated click: I Agree
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeAutomated click: Next >
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeAutomated click: I Agree
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeAutomated click: Next >
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeAutomated click: I Agree
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeWindow detected: < &BackI &AgreeCancelCode Laboratories Inc. Code Laboratories Inc.License AgreementPlease review the license terms before installing CL-Eye Driver.Press Page Down to see the rest of the agreement.CL-EYE PLATFORM END USER LICENSE AGREEMENTUpdated: February 16th 2010 v1.1BY USING THIS SOFTWARE YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT DO NOT USE THIS SOFTWARE AND ERASE ANY COPIES WHICH YOU HAVE OBTAINED.REDISTRIBUTION NOT PERMITTED GRANTCode Laboratories Inc. (CodeLabs) hereby grants you a non-exclusive license to use its accompanying software product (Software).Except as specified in section SDK REDISTRIBUTION you may not: Permit other individuals to use the Software; Modify translate reverse engineer de-compile disassemble (except to the extent applicable laws specifically prohibit such restriction) create derivative works based on the Software; Copy the Software (except for back-up purposes); Rent lease transfer or otherwise transfer rights to the Software or Remove any proprietary notices or labels on the Software.This license does not grant you any right to any enhancement or updates.TITLETitle ownership rights and intellectual property rights in and to the Software shall remain with CodeLabs. The Software copyright laws of the United States and international copyright treaties protect the Software. Title ownership rights and intellectual property rights in and to the content accessed through the Software is the property of the applicable content owner and may be protected by applicable copyright or other law. This License gives you no rights to such content.DISCLAIMER OF WARRANTYThe Software is provided on an AS IS basis without warranty of any kind including without limitation the warranties of merchantability fitness for a particular purpose and non-infringement. The entire risk as to the quality and performance of the Software is borne by you. Should the Software prove defective you and not CodeLabs assume the entire cost of any service and repair. You must determine that the Software sufficiently meets your requirements. This disclaimer of warranty constitutes an essential part of the agreement.SOME STATES DO NOT ALLOW EXCLUSIONS OF AN IMPLIED WARRANTY SO THIS DISCLAIMER MAY NOT APPLY TO YOU AND YOU MAY HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE OR BY JURISDICTION.LIMITATION OF LIABILITYUNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY TORT CONTRACT OR OTHERWISE SHALL CODELABS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF GOODWILL WORK STOPPAGE COMPUTER FAILURE OR MALFUNCTION OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES. IN NO EVENT SHALL (THE CODE LABS) BE LIABLE FOR ANY DAMAGES IN EXCESS OF CODELABS LIST PRICE FOR A LICENSE TO THE SOFTWARE EVEN IF CODELABS SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAG
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exeStatic PE information: certificate valid
Source: CL-Eye-Driver-5.3.0.0341-Emuline.exeStatic file information: File size 5410368 > 1048576
Source: Binary string: CertMgr.pdb source: CertMgr.exe
Source: Binary string: sfxcab.pdb source: drvinst.exe, 0000000D.00000003.706671348.0000024306801000.00000004.00000001.sdmp
Source: Binary string: C:\cygwin\home\adid\src\wd\wd.1021\samples\wdreg\WIN32\wdreg.pdb source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000000.00000002.738883047.0000000002972000.00000004.00000001.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000001.00000002.782563410.00000000028D9000.00000004.00000001.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.775338440.00000000028DB000.00000004.00000001.sdmp
Source: Binary string: WinUsbCoinstaller2.pdb source: drvinst.exe, 0000000D.00000003.706671348.0000024306801000.00000004.00000001.sdmp
Source: Binary string: C:\cygwin\home\adid\src\wd\wd.1021\samples\wdreg\WIN32\wdreg.pdb D` source: CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000000.00000002.738883047.0000000002972000.00000004.00000001.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000001.00000002.782563410.00000000028D9000.00000004.00000001.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.775338440.00000000028DB000.00000004.00000001.sdmp
Source: Binary string: WinUsbCoinstaller2.pdbH source: drvinst.exe, 0000000D.00000003.706671348.0000024306801000.00000004.00000001.sdmp
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00468B99 push ecx; ret 7_2_00468BAC
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F8B99 push ecx; ret 22_2_003F8BAC
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00148B99 push ecx; ret 24_2_00148BAC

Persistence and Installation Behavior:

barindex
Uses cmd line tools excessively to alter registry or file dataShow sources
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: reg.exeJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: reg.exeJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: reg.exeJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: reg.exeJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: reg.exeJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\WinUSBCoInstaller2.dllJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\WdfCoInstaller01009.dllJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeFile created: C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\SET3429.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CLEyeCleaner.dllJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\CL-EyeTest.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeFile created: C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\SETE34A.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Windows\System32\CLEyeDevices.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\SETE76F.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeFile created: C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\SET338C.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeFile created: C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\SET2EE9.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\CLEyeDevices.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeFile created: C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\SETE2DB.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\SET3801.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeFile created: C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\SET2EB9.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\SET32F0.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CLEyeCleaner.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\SET3282.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\uninst.exeJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\System.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\SET37A2.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\PS3EyeAxFilter.axJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\SETE79F.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\SETE76F.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\SET3801.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\SET32F0.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\SET3282.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\SET37A2.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Windows\System32\CLEyeDevices.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\SETE79F.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\PS3EyeAxFilter.axJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye DriverJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye Driver\CL-Eye Test.lnkJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye Driver\CL-Eye Driver.urlJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140008930 OpenServiceA,StartServiceA,CloseServiceHandle,CloseServiceHandle,9_2_0000000140008930
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140001C10 LoadLibraryExA,LoadLibraryExA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,9_2_0000000140001C10
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140003B20 SetupDiGetClassDevsA,GetLastError,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyA,GetLastError,LocalAlloc,SetupDiGetDeviceRegistryPropertyA,LocalFree,lstrlenA,LocalFree,SetupDiGetDeviceRegistryPropertyA,GetLastError,LocalAlloc,SetupDiGetDeviceRegistryPropertyA,LocalFree,lstrlenA,LocalFree,SetupDiEnumDeviceInfo,GetLastError,SetupDiDestroyDeviceInfoList,9_2_0000000140003B20
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\SETE76F.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\SET3429.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\SET338C.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\SET2EE9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\SETE2DB.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\SET3801.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDropped PE file which has not been started: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\CLEyeDevices.dllJump to dropped file
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\SET32F0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\SET2EB9.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDropped PE file which has not been started: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\CL-EyeTest.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\SETE34A.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\SET3282.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDropped PE file which has not been started: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\uninst.exe
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\SET37A2.tmpJump to dropped file
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeDropped PE file which has not been started: C:\Windows\System32\CLEyeDevices.dll
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\SETE79F.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeAPI coverage: 9.6 %
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeAPI coverage: 9.6 %
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe TID: 4824Thread sleep count: 139 > 30Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_00405E61 FindFirstFileA,FindClose,0_2_00405E61
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_0040263E FindFirstFileA,0_2_0040263E
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_0040548B
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 1_2_00405E61 FindFirstFileA,FindClose,1_2_00405E61
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 1_2_0040263E FindFirstFileA,1_2_0040263E
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 1_2_0040548B CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_0040548B
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140007260 SetupGetFieldCount,SetupGetStringFieldA,SetupGetStringFieldA,free,free,GetSystemInfo,GetSystemInfo,9_2_0000000140007260
Source: wdreg.exe, 0000000F.00000002.728336537.000000000061A000.00000004.00000020.sdmpBinary or memory string: DeviceDesc = "Microsoft Hyper-V SCSI Controller"
Source: wdreg.exe, 0000000F.00000002.728336537.000000000061A000.00000004.00000020.sdmpBinary or memory string: DiskId = "Microsoft Hyper-V SCSI Controller Installation Disk #1"
Source: wdreg.exe, 0000000F.00000003.718036675.00000000005BB000.00000004.00000001.sdmp, wdreg.exe, 00000012.00000003.720458454.00000000004DB000.00000004.00000001.sdmpBinary or memory string: Activation.DeviceDesc = "Microsoft Hyper-V Activation Component"
Source: drvinst.exe, 0000000D.00000002.708313040.00000243066C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: wdreg.exe, 0000000F.00000003.718036675.00000000005BB000.00000004.00000001.sdmp, wdreg.exe, 00000012.00000003.720458454.00000000004DB000.00000004.00000001.sdmpBinary or memory string: RdpD.DeviceDesc = "Microsoft Hyper-V Remote Desktop Data Channel"
Source: wdreg.exe, 0000000F.00000003.717771161.00000000005CB000.00000004.00000001.sdmpBinary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{152fbe4b-c7ad-4f68-bada-a4fcc1464f6c}\ChannelReferences\1",,0x0,"Microsoft-Windows-Hyper-V-NETVSC/Diagnostic"
Source: wdreg.exe, 0000000F.00000002.728336537.000000000061A000.00000004.00000020.sdmpBinary or memory string: DiskId1 = "Microsoft Hyper-V Network Adapter Installation Disk #1"
Source: wdreg.exe, 0000000F.00000003.724230261.0000000000613000.00000004.00000001.sdmpBinary or memory string: ; ConnectX-4 Hyper-V VF
Source: wdreg.exe, 0000000F.00000002.728336537.000000000061A000.00000004.00000020.sdmpBinary or memory string: HvCrash.DeviceDesc = "Microsoft Hyper-V Crashdump Driver"
Source: wdreg.exe, 0000000F.00000003.718036675.00000000005BB000.00000004.00000001.sdmp, wdreg.exe, 00000012.00000003.720458454.00000000004DB000.00000004.00000001.sdmpBinary or memory string: RdpC.DeviceDesc = "Microsoft Hyper-V Remote Desktop Control Channel"
Source: wdreg.exe, 00000012.00000003.720458454.00000000004DB000.00000004.00000001.sdmpBinary or memory string: [VmIcVss.HW.AddReg]
Source: wdreg.exe, 0000000F.00000002.728336537.000000000061A000.00000004.00000020.sdmpBinary or memory string: netvsc.DeviceDesc = "Microsoft Hyper-V Network Adapter"
Source: drvinst.exe, 0000000D.00000002.708313040.00000243066C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: wdreg.exe, 0000000F.00000003.717771161.00000000005CB000.00000004.00000001.sdmpBinary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic","OwningPublisher",0x0,"{152fbe4b-c7ad-4f68-bada-a4fcc1464f6c}"
Source: wdreg.exe, 0000000F.00000003.724230261.0000000000613000.00000004.00000001.sdmpBinary or memory string: ; ConnectX-4 non Hyper-V VF
Source: wdreg.exe, 0000000F.00000003.717771161.00000000005CB000.00000004.00000001.sdmpBinary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic","ChannelAccess",0x0,"O:BAG:SYD:(A;;0x2;;;S-1-15-2-1)(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)"
Source: wdreg.exe, 0000000F.00000003.717771161.00000000005CB000.00000004.00000001.sdmpBinary or memory string: HyperVNetworkAdapterName = "Hyper-V Network Adapter Name"
Source: wdreg.exe, 0000000F.00000002.728336537.000000000061A000.00000004.00000020.sdmpBinary or memory string: ; Hyper-V Network Adapter Name
Source: wdreg.exe, 0000000F.00000003.717771161.00000000005CB000.00000004.00000001.sdmpBinary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic","Isolation",0x00010001,0
Source: wdreg.exe, 0000000F.00000002.728336537.000000000061A000.00000004.00000020.sdmpBinary or memory string: DiskId1 = "Microsoft Hyper-V Crash Dump Installation Disk #1"
Source: wdreg.exe, 0000000F.00000003.717771161.00000000005CB000.00000004.00000001.sdmpBinary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic","Enabled",0x00010001,0
Source: wdreg.exe, 0000000F.00000002.728336537.000000000061A000.00000004.00000020.sdmpBinary or memory string: = "Hyper-V Network Adapter Name"
Source: wdreg.exe, 0000000F.00000003.718036675.00000000005BB000.00000004.00000001.sdmp, wdreg.exe, 00000012.00000003.720458454.00000000004DB000.00000004.00000001.sdmpBinary or memory string: DiskId1 = "Microsoft Hyper-V Integration Components"
Source: wdreg.exe, 0000000F.00000003.726685469.0000000000613000.00000004.00000001.sdmp, wdreg.exe, 00000012.00000003.729669749.0000000000533000.00000004.00000001.sdmpBinary or memory string: GenericScsiVmLun = "Hyper-V LUN"
Source: wdreg.exe, 0000000F.00000003.718036675.00000000005BB000.00000004.00000001.sdmp, wdreg.exe, 00000012.00000003.720458454.00000000004DB000.00000004.00000001.sdmpBinary or memory string: VSS.DeviceDesc = "Microsoft Hyper-V Volume Shadow Copy"
Source: wdreg.exe, 0000000F.00000002.728336537.000000000061A000.00000004.00000020.sdmpBinary or memory string: ; INF file for installing the Hyper-V crashdump driver.
Source: drvinst.exe, 0000000D.00000002.708313040.00000243066C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: wdreg.exe, 0000000F.00000003.717771161.00000000005CB000.00000004.00000001.sdmpBinary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{152fbe4b-c7ad-4f68-bada-a4fcc1464f6c}",,0x0,"Microsoft-Windows-Hyper-V-Netvsc"
Source: wdreg.exe, 0000000F.00000003.718036675.00000000005BB000.00000004.00000001.sdmp, wdreg.exe, 00000012.00000003.720458454.00000000004DB000.00000004.00000001.sdmpBinary or memory string: Rdv.DeviceDesc = "Microsoft Hyper-V Remote Desktop Virtualization"
Source: wdreg.exe, 00000012.00000003.720165315.00000000004DB000.00000004.00000001.sdmpBinary or memory string: HKR, Ndi\Interfaces,FilterMediaTypes,,"vmnetextension"
Source: wdreg.exe, 0000000F.00000003.717771161.00000000005CB000.00000004.00000001.sdmpBinary or memory string: HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-Hyper-V-NETVSC/Diagnostic","Type",0x00010001,2
Source: drvinst.exe, 0000000D.00000002.708313040.00000243066C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeAPI call chain: ExitProcess graph end nodegraph_0-3644
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeAPI call chain: ExitProcess graph end nodegraph_1-3676
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_00405E88 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405E88
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140017ACC GetProcessHeap,HeapAlloc,_errno,_errno,__doserrno,_errno,GetProcessHeap,HeapFree,SetEndOfFile,_errno,__doserrno,GetLastError,9_2_0000000140017ACC
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00468A1F SetUnhandledExceptionFilter,7_2_00468A1F
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_004686C7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_004686C7
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140014C84 RtlCaptureContext,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_0000000140014C84
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140009560 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_0000000140009560
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_00000001400119B8 SetUnhandledExceptionFilter,9_2_00000001400119B8
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F8A1F SetUnhandledExceptionFilter,22_2_003F8A1F
Source: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exeCode function: 22_2_003F86C7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_003F86C7
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_00148A1F SetUnhandledExceptionFilter,24_2_00148A1F
Source: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exeCode function: 24_2_001486C7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,24_2_001486C7
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nst827B.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisherJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat installJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s PS3EyeAxFilter.axJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CLEyeCleaner.dll,CleanJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat uninstallJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s /u PS3EyeAxFilter.axJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exe C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisherJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat installJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s PS3EyeAxFilter.axJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CLEyeCleaner.dll,CleanJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat uninstallJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s /u PS3EyeAxFilter.axJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exe C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisherJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat installJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32 /s PS3EyeAxFilter.axJump to behavior
Source: unknownProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe '4' '0' 'C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001AC' 'WinSta0\Default' '00000000000001B0' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver'
Source: unknownProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe '4' '20' 'C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001AC' 'WinSta0\Default' '00000000000001B0' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver'
Source: unknownProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe '4' '20' 'C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001D0' 'WinSta0\Default' '00000000000001D8' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver'
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140003B20 SetupDiGetClassDevsA,GetLastError,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyA,GetLastError,LocalAlloc,SetupDiGetDeviceRegistryPropertyA,LocalFree,lstrlenA,LocalFree,SetupDiGetDeviceRegistryPropertyA,GetLastError,LocalAlloc,SetupDiGetDeviceRegistryPropertyA,LocalFree,lstrlenA,LocalFree,SetupDiEnumDeviceInfo,GetLastError,SetupDiDestroyDeviceInfoList,9_2_0000000140003B20
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\PS3EyeCamera.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\PS3EyeCamera.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\PS3EyeCamera.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\PS3EyeCamera.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\PS3EyeCamera.cat VolumeInformation
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\PS3EyeCamera.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exeCode function: 7_2_00468355 GetSystemTime,SystemTimeToFileTime,CompareFileTime,7_2_00468355
Source: C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exeCode function: 9_2_0000000140012DC4 _lock,___lc_codepage_func,free,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,9_2_0000000140012DC4
Source: C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exeCode function: 0_2_00405B88 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405B88
Source: C:\Windows\System32\drvinst.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsNative API2LSASS Driver1LSASS Driver1Deobfuscate/Decode Files or Information1OS Credential DumpingSystem Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel2Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
Default AccountsCommand and Scripting Interpreter112DLL Side-Loading1DLL Side-Loading1Obfuscated Files or Information3LSASS MemoryFile and Directory Discovery2Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsService Execution12DLL Search Order Hijacking2DLL Search Order Hijacking2Software Packing1Security Account ManagerSystem Information Discovery26SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Application Shimming1Application Shimming1DLL Side-Loading1NTDSQuery Registry2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronWindows Service12Windows Service12DLL Search Order Hijacking2LSA SecretsSecurity Software Discovery21SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRegistry Run Keys / Startup Folder1Process Injection11File Deletion1Cached Domain CredentialsVirtualization/Sandbox Evasion2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsRegistry Run Keys / Startup Folder1Masquerading42DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobVirtualization/Sandbox Evasion2Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection11/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Rundll321Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 343519 Sample: CL-Eye-Driver-5.3.0.0341-Em... Startdate: 24/01/2021 Architecture: WINDOWS Score: 20 6 CL-Eye-Driver-5.3.0.0341-Emuline.exe 48 2->6         started        10 CL-Eye-Driver-5.3.0.0341-Emuline.exe 48 2->10         started        12 CL-Eye-Driver-5.3.0.0341-Emuline.exe 11 52 2->12         started        14 3 other processes 2->14 file3 63 C:\Windows\System32\CLEyeDevices.dll, PE32 6->63 dropped 73 6 other files (none is malicious) 6->73 dropped 81 Uses cmd line tools excessively to alter registry or file data 6->81 16 wdreg.exe 6->16         started        19 wdreg.exe 6->19         started        31 4 other processes 6->31 65 C:\Users\user\AppData\Local\...\wdreg.exe, PE32+ 10->65 dropped 75 6 other files (none is malicious) 10->75 dropped 21 wdreg.exe 10->21         started        23 wdreg.exe 10->23         started        33 4 other processes 10->33 77 10 other files (none is malicious) 12->77 dropped 25 wdreg.exe 1 10 12->25         started        27 CertMgr.exe 1 1 12->27         started        29 regsvr32.exe 12->29         started        67 C:\Windows\System32\...\SETE79F.tmp, PE32+ 14->67 dropped 69 C:\Windows\System32\...\SETE76F.tmp, PE32+ 14->69 dropped 71 C:\Windows\System32\...\SET32F0.tmp, PE32+ 14->71 dropped 79 3 other files (none is malicious) 14->79 dropped signatures4 process5 file6 51 C:\Users\user\AppData\Local\...\SET2EE9.tmp, PE32+ 16->51 dropped 53 C:\Users\user\AppData\Local\...\SET2EB9.tmp, PE32+ 16->53 dropped 35 conhost.exe 16->35         started        37 conhost.exe 19->37         started        55 C:\Users\user\AppData\Local\...\SET3429.tmp, PE32+ 21->55 dropped 57 C:\Users\user\AppData\Local\...\SET338C.tmp, PE32+ 21->57 dropped 39 conhost.exe 21->39         started        41 conhost.exe 23->41         started        59 C:\Users\user\AppData\Local\...\SETE34A.tmp, PE32+ 25->59 dropped 61 C:\Users\user\AppData\Local\...\SETE2DB.tmp, PE32+ 25->61 dropped 43 conhost.exe 25->43         started        45 conhost.exe 27->45         started        47 conhost.exe 31->47         started        49 conhost.exe 33->49         started        process7

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
CL-Eye-Driver-5.3.0.0341-Emuline.exe0%VirustotalBrowse
CL-Eye-Driver-5.3.0.0341-Emuline.exe0%MetadefenderBrowse
CL-Eye-Driver-5.3.0.0341-Emuline.exe5%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\CL-EyeTest.exe0%VirustotalBrowse
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\CL-EyeTest.exe0%MetadefenderBrowse
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\CL-EyeTest.exe0%ReversingLabs
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\CLEyeDevices.dll0%MetadefenderBrowse
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\CLEyeDevices.dll0%ReversingLabs
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\WdfCoInstaller01009.dll0%MetadefenderBrowse
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\WdfCoInstaller01009.dll2%ReversingLabs
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\WinUSBCoInstaller2.dll0%MetadefenderBrowse
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\WinUSBCoInstaller2.dll0%ReversingLabs
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\PS3EyeAxFilter.ax0%MetadefenderBrowse
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\PS3EyeAxFilter.ax2%ReversingLabs
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\uninst.exe0%MetadefenderBrowse
C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\uninst.exe8%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst827B.tmp\System.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\nst827B.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst827B.tmp\nsDialogs.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\nst827B.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nst827B.tmp\nsExec.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\nst827B.tmp\nsExec.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://codelaboratories.com0%VirustotalBrowse
http://codelaboratories.com0%Avira URL Cloudsafe
http://codelaboratories.com/eye2%VirustotalBrowse
http://codelaboratories.com/eye0%Avira URL Cloudsafe
http://www.jungo.comCommand0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://codelaboratories.comCL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.775207238.0000000002824000.00000004.00000001.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://codelaboratories.com/eyeCL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.775207238.0000000002824000.00000004.00000001.sdmpfalse
  • 2%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://nsis.sf.net/NSIS_ErrorCL-Eye-Driver-5.3.0.0341-Emuline.exe, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.774021262.0000000000409000.00000004.00020000.sdmpfalse
    		high
    http://nsis.sf.net/NSIS_ErrorErrorCL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000000.00000000.647082657.0000000000409000.00000008.00020000.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp, CL-Eye-Driver-5.3.0.0341-Emuline.exe, 00000002.00000002.774021262.0000000000409000.00000004.00020000.sdmpfalse
      		high
      http://www.jungo.comCommandwdreg.exefalse
      • Avira URL Cloud: safe
      		unknown
      http://www.jungo.comwdreg.exe, wdreg.exe, 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp, wdreg.exe, 0000000F.00000002.728602020.0000000140026000.00000002.00020000.sdmp, wdreg.exe, 0000000F.00000000.712157936.0000000140019000.00000002.00020000.sdmp, wdreg.exe, 00000012.00000002.731402421.0000000140026000.00000002.00020000.sdmpfalse
        		high

        Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox Version:31.0.0 Red Diamond
        Analysis ID:343519
        Start date:24.01.2021
        Start time:13:53:38
        Joe Sandbox Product:CloudBasic
        Overall analysis duration:0h 10m 44s
        Hypervisor based Inspection enabled:false
        Report type:full
        Sample file name:CL-Eye-Driver-5.3.0.0341-Emuline.exe
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
        Run name:Cmdline fuzzy
        Number of analysed new started processes analysed:40
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • HDC enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:SUS
        Classification:sus20.evad.winEXE@44/80@0/0
        EGA Information:
        • Successful, ratio: 60%
        HDC Information:
        • Successful, ratio: 90% (good quality ratio 73.6%)
        • Quality average: 63.2%
        • Quality standard deviation: 37.5%
        HCA Information:
        • Successful, ratio: 60%
        • Number of executed functions: 167
        • Number of non-executed functions: 252
        Cookbook Comments:
        • Adjust boot time
        • Enable AMSI
        • Found application associated with file extension: .exe
        Warnings:
        Show All
        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
        • Report size exceeded maximum capacity and may have missing behavior information.
        • Report size getting too big, too many NtCreateFile calls found.
        • Report size getting too big, too many NtDeviceIoControlFile calls found.
        • Report size getting too big, too many NtOpenKeyEx calls found.
        • Report size getting too big, too many NtQueryValueKey calls found.

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASN

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\WdfCoInstaller01009.dllEC-Win for OPTICLINE.exeGet hashmaliciousBrowse
          http://en.fss.flashforge.com/10000/software/8b176bef1058cc76b263410aadf9dce5.zipGet hashmaliciousBrowse
            http://www.wacom.com/services/wacom/get-download-url.aspx?plat=win&dver=6.3.20-2&dt=drivers&redirect=trueGet hashmaliciousBrowse
              Prolific-AllNTx64x86-3.8.12.0-dr.exeGet hashmaliciousBrowse
                AcerEXTENDInstaller.exeGet hashmaliciousBrowse
                  07da5dff-6819-485b-8fbf-01081aaf94bf.exeGet hashmaliciousBrowse
                    prosoft_biometrics_all_driver_installer.exeGet hashmaliciousBrowse
                      C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\WinUSBCoInstaller2.dllwdi-simple.exeGet hashmaliciousBrowse
                        https://timeular-desktop-packages.s3.amazonaws.com/win/production/Timeular_Setup.exeGet hashmaliciousBrowse
                          http://en.fss.flashforge.com/10000/software/8b176bef1058cc76b263410aadf9dce5.zipGet hashmaliciousBrowse
                            AcerEXTENDInstaller.exeGet hashmaliciousBrowse
                              07da5dff-6819-485b-8fbf-01081aaf94bf.exeGet hashmaliciousBrowse
                                prosoft_biometrics_all_driver_installer.exeGet hashmaliciousBrowse

                                  Created / dropped Files

                                  C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\CL-EyeTest.exe
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):161048
                                  Entropy (8bit):6.24121729136832
                                  Encrypted:false
                                  SSDEEP:3072:OPeHl6ZYeUSPzphcZ6DMgPOjT22lv5nHr7wZTG:ieF6Z1Pths6PPt2lv5LMZq
                                  MD5:C4BE1AB315322E9C3D7DE01E7A6880F9
                                  SHA1:9931363CCD9C113C3CDA4BE6092CB09564F37543
                                  SHA-256:8560D2F4FDF7D3A2C5FD7F3ED1C414CBB4477D8D39F84E161DCC8895CEA00E3B
                                  SHA-512:6113E9945AD0BFA5D38A91EB23A297D0EBBE17B0C69CA4C75E8C92173C3FBC1624CB53E7A103E645A395D7325642D10C9622778CE934542C1D2298486B4583A3
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: Virustotal, Detection: 0%, Browse
                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Dl.*?.*?.*?...?..*?...?..*?..?.*?.+?L.*?..?.*?...?.*?...?..*?...?..*?Rich.*?................PE..L....k.P.................X...0...............p....@.................................................................................. ...............X..............................................P...@............p...............................text...dV.......X.................. ..`.rdata..8Q...p...R...\..............@..@.data....H..........................@....rsrc........ ......................@..@........................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\CLEyeDevices.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):68888
                                  Entropy (8bit):4.595668459562712
                                  Encrypted:false
                                  SSDEEP:768:jQQb8qzJV27KywlOBXRT2EsHRJ1IIILT2I1:jQQb8qFEOtlSXkEsHRJGmo
                                  MD5:9BBE0ECDB6AE0FC5249F4FBFE6A80550
                                  SHA1:97039439ACDF1301F096447DD210542E5AC15ACA
                                  SHA-256:BC02F7F499F0D1EEBE70EB41682DDB24098A8E7FF7C42BDE9D3ECA441FFE7C77
                                  SHA-512:7092989059BEDB29BB59A21C7A0A59EAA84295352D386E6C371367492AA4F96AB7EDC2A45ECE69B1844ACDC28CB8CB6030AC53705EC7A26799C6CD640F3E02D8
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}....~...~...~.....~.....~.....~.Rich..~.........PE..L....k.P...........!.................................................................n....@.............................................h............................................................................................................rsrc...h...........................@..@............................................................ ............................................................... .......8.......P.......h...........................................................................d...(.......................@.......................P.......................`.......................p...........................................................................................................................................................................................................
                                  C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\PS3EyeCamera.inf
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2621
                                  Entropy (8bit):5.399183015547126
                                  Encrypted:false
                                  SSDEEP:48:nq14WON4iA4W5gcgg1SVtJDNru9Qjd7U/CSHeokbKmd+N1+J1HEe+ofePCQGNtWX:n63ON4iA4W3zqIQZ7UzyH1fmCjb+
                                  MD5:60BB6D15F8989D61064565C5E7B7E7BB
                                  SHA1:7A56F978CE9F66FF9FE7C399155D9C16F0309B2F
                                  SHA-256:3D75843CF756E744177C3C5B31B9100D2C18C9FE8A7B6D0CF62FFEE9B5F53788
                                  SHA-512:74E9A3AB0507272D5DFA928C870BD3D0DAC23C32CFB8C95149819AEFE4F033CCA54BD9BB27C988004F83758689E88521D0BD3421FE6F206A6AA138A6A19A516D
                                  Malicious:false
                                  Preview: ; =====================================================================..; PS3Eye Driver for Windows XP/2003/Vista/Win7/Win8 x86/x64..; PS3EyeCamera.inf..; Driver installation file for the Sony PS3Eye camera..; Copyright (c) 2008-2012 Code Laboratories, Inc. All Rights Reserved...; =====================================================================..[Version]..Signature = "$Windows NT$"..Class = Image..ClassGuid = {6bdd1fc6-810f-11d0-bec7-08002be2092f}..Provider = %ProviderName%..DriverVer = 12/06/2012, 5.3.0.0341..CatalogFile.ntx86.= PS3EyeCamera.cat..CatalogFile.ntamd64 = PS3EyeCamera.cat....; ========== Manufacturer/Models sections ===========..[Manufacturer]..%Manufacturer% = Sony, NTx86, NTamd64....[Sony.NTx86]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[Sony.NTamd64]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[PS3EyeInstall]..Include = winusb.inf..Needs = WINUSB.NT..AddProperty = DeviceProperties....[DeviceProperties]..Dev
                                  C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\WdfCoInstaller01009.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1721576
                                  Entropy (8bit):7.978334410477683
                                  Encrypted:false
                                  SSDEEP:24576:oU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWF:BFCsfZRZA6Xn388avVovfLd+Mo4iEF
                                  MD5:4DA5DA193E0E4F86F6F8FD43EF25329A
                                  SHA1:68A44D37FF535A2C454F2440E1429833A1C6D810
                                  SHA-256:18487B4FF94EDCCC98ED59D9FCA662D4A1331C5F1E14DF8DB3093256DD9F1C3E
                                  SHA-512:B3D73ED5E45D6F2908B2F3086390DD28C1631E298756CEE9BDF26B185F0B77D1B8C03AD55E0495DBA982C5BED4A03337B130C76F7112F3E19821127D2CF36853
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                  • Antivirus: ReversingLabs, Detection: 2%
                                  Joe Sandbox View:
                                  • Filename: EC-Win for OPTICLINE.exe, Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  • Filename: Prolific-AllNTx64x86-3.8.12.0-dr.exe, Detection: malicious, Browse
                                  • Filename: AcerEXTENDInstaller.exe, Detection: malicious, Browse
                                  • Filename: 07da5dff-6819-485b-8fbf-01081aaf94bf.exe, Detection: malicious, Browse
                                  • Filename: prosoft_biometrics_all_driver_installer.exe, Detection: malicious, Browse
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.v...%...%...%.m+%...%.m:%...%...% ..%.m-%...%.m=%...%.m,%...%.m7%...%...%...%.m*%...%.m/%...%Rich...%........................PE..d.....[J.........." .........0............................................................@.........................................`................p..l!...`..,....,...............................................................................................text...L........................... ..`.data....J..........................@....pdata..,....`......................@..@.rsrc...l!...p..."..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................
                                  C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\WinUSBCoInstaller2.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1002728
                                  Entropy (8bit):7.9188668904013815
                                  Encrypted:false
                                  SSDEEP:24576:aAEBXzGJ7fW6hHv62VYeL7WCE3wixdLZWQzMjp:uBXQz/hPzxRwPdcO
                                  MD5:246900CE6474718730ECD4F873234CF5
                                  SHA1:0C84B56C82E4624824154D27926DED1C45F4B331
                                  SHA-256:981A17EFFDDBC20377512DDAEC9F22C2B7067E17A3E2A8CCF82BB7BB7B2420B6
                                  SHA-512:6A9E305BFBFB57D8F8FD16EDABEF9291A8A97E4B9C2AE90622F6C056E518A0A731FBB3E33A2591D87C8E4293D0F983EC515E6A241792962257B82401A8811D5C
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Joe Sandbox View:
                                  • Filename: wdi-simple.exe, Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  • Filename: , Detection: malicious, Browse
                                  • Filename: AcerEXTENDInstaller.exe, Detection: malicious, Browse
                                  • Filename: 07da5dff-6819-485b-8fbf-01081aaf94bf.exe, Detection: malicious, Browse
                                  • Filename: prosoft_biometrics_all_driver_installer.exe, Detection: malicious, Browse
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............8............>....../.-....(.T....9......!......?......:....Rich...........PE..d.....[J.........." ................ {....................................................@.........................................@.......8...P....p.......`.......4..................................................................(............................text............................... ..`.data....:... ......................@....pdata.......`....... ..............@..@.rsrc........p.......*..............@..@.reloc..D............0..............@..B................................................................................................................................................................................................................................................................................................................
                                  C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver\ps3eyecamera.cat
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):9121
                                  Entropy (8bit):7.154218995176762
                                  Encrypted:false
                                  SSDEEP:192:Tt+quC09Qw335/wJirNmL/TSrR1DHC+v+pSXjtlAur9ZCspE+TMcrZQvM:YP3mirILTaTICUHeMcQE
                                  MD5:2B1EF3BE14DB406855E7EF58A725FFE0
                                  SHA1:7498D416AD02288CE86696CA1633E750FD8A2C7F
                                  SHA-256:D70910EB2D223F843328443A18B79B50A71470B40F0A19B7C422F062322CD562
                                  SHA-512:1633ED6842962A135F5750A2C2AAF48D2C5FCB6EBD44C84514425546BDF0AFC1F2F8FD2290AA8EDD57F9F5E642EDB481278FBD3A7ED16DC3684699F13D885F14
                                  Malicious:false
                                  Preview: 0.#...*.H........#.0.#....1.0...+......0.....+.....7......0...0...+.....7.....4b7#.}.C..SDE.=...121206095708Z0...+.....7.....0...0....R0.5.6.3.9.9.F.A.A.C.B.9.F.C.4.9.F.3.C.F.7.8.B.F.C.3.D.9.F.2.F.4.6.3.E.5.0.1.2.E...1...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........c.....I..x.....c...0....R7.A.5.6.F.9.7.8.C.E.9.F.6.6.F.F.9.F.E.7.C.3.9.9.1.5.5.D.9.C.1.6.F.0.3.0.9.B.2.F...1..q0D..+.....7...1604...F.i.l.e......."p.s.3.e.y.e.c.a.m.e.r.a...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........zV.x.f.....]...0./0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.
                                  C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\PS3EyeAxFilter.ax
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):102680
                                  Entropy (8bit):7.819135236305204
                                  Encrypted:false
                                  SSDEEP:3072:DtL8kpWxTAPjG7hJ2JtYbZVB7ZLs5kgYLbYvC:DWkMtAKbCKV1ZLmkgYLb7
                                  MD5:A71F6A671273897012B7B656D9E41F3E
                                  SHA1:231EA80C336A55E7A3143B747B2FEA97A2E9B7FC
                                  SHA-256:D64BF4DD9944C21DA5E21F7AAAECBE9ADA4CBF77933738AB17D4BC68571CB346
                                  SHA-512:1797B73C18E89A04C16AB7109953BE94AD3CADFA63830EFFF81D94240532AAC2AF709185E8C5C1C8B9BFF7F9DB14B7BA50190ED24CF260D70499623ACADF0E7A
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                  • Antivirus: ReversingLabs, Detection: 2%
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..J.............G........?.........k...>E........".......2.................X.....:.......;.......<.....Rich....................PE..L....k.P...........!.....`...........).......0...............................@......y.....@..........................8......p6.......0..p............t.......8.......................................+..H...................@8..@....................................................................`.......^..................@................0.......j..............@...........................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\uninst.exe
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                  Category:modified
                                  Size (bytes):258274
                                  Entropy (8bit):7.632569869370787
                                  Encrypted:false
                                  SSDEEP:6144:ZsqU+CHTip+83oucIcoBVqyu3O8oql+9lCOR/GA5H:fHCUr/qG8hl+L1/P
                                  MD5:764CC429C7D0D7C45734C592A8FD13E7
                                  SHA1:976C212D595EE729EE3CD760E30ED6EF1FCE534F
                                  SHA-256:0AE80751B927D5E0F884F0C2923C11D3E5CC32AB39F407ACF3ABEEE9834DC641
                                  SHA-512:B0438AF463BC7360BB0CABC17782BB08BBFF496E9EE572C3AE2D4849160287C06359ECBE9BF754B536852128A8A62581871C1C13BFBBDD5259B868305DD159AA
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                  • Antivirus: ReversingLabs, Detection: 8%
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................\..........<2.......p....@..................................IS......................................s.......`...r..........(qR..............................................................p...............................text...ZZ.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata... ...@...........................rsrc....r...`...t...v..............@..@................................................................................................................................................................................................................................................................................................................................................
                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye Driver\CL-Eye Driver.url
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):31
                                  Entropy (8bit):3.9377519554085865
                                  Encrypted:false
                                  SSDEEP:3:N1KdKBAKHrPwx:CI2crIx
                                  MD5:5DCC501C2910386AD7774F21101B4180
                                  SHA1:E81403FC90BED4C2D44C501952AC5DA026C82CB3
                                  SHA-256:6F6CC16DF2DE9D9F1DBDCAC5065102CE11FE6C44B254E99592C00D42D906BFDB
                                  SHA-512:089937CD5BD68561A2F12249582B64D665B6BE6E3BA7B17F9B1437076F92FF4E8DFF521A1E3DC5CDCE34391D884831B00EFB26CF4AAB8E28162EA8FBE1DAC91E
                                  Malicious:false
                                  Preview: http://codelaboratories.com/eye
                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CL-Eye Driver\CL-Eye Test.lnk
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Dec 6 08:57:14 2012, mtime=Sun Jan 24 11:55:18 2021, atime=Thu Dec 6 08:57:14 2012, length=161048, window=hide
                                  Category:dropped
                                  Size (bytes):1341
                                  Entropy (8bit):4.590422088501641
                                  Encrypted:false
                                  SSDEEP:24:8mBHB8bdOE6kZXGRA75w5dXgLjdXuUUHW1WM7aB6m:8mpB8bdOmXGi75kdSdnYW1W5B6
                                  MD5:AD7268E6620615D9608D1E57DCB1F433
                                  SHA1:1C6176718428AE6DBC9E9B71E5A4EB8E2E27A2B2
                                  SHA-256:D38070DF7478D3A10C6A2ABC7C0C877920D36701534C8E4C93C0FE3991414ECD
                                  SHA-512:B19D2C68793B3133E412F8EF5B78D4C9BEA974744C746E53735CBF0439F8261B590989FE6129965D1CBE7757B267145F6C8CB8F9106D796B193EB6E33E1F204F
                                  Malicious:false
                                  Preview: L..................F.... .....(........+P.....(......u...........................P.O. .:i.....+00.../C:\.....................1.....8R.f..PROGRA~2.........L.8R.f....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....l.1.....8R.f..CODELA~1..T......8R.f8R.f.....X........................C.o.d.e. .L.a.b.o.r.a.t.o.r.i.e.s.....d.1.....8R.f..CL-EYE~1..L......8R.f8R.f.....X........................C.L.-.E.y.e. .D.r.i.v.e.r.....j.2..u...A'O .CL-EYE~1.EXE..N......A'O8R.f.....X........................C.L.-.E.y.e.T.e.s.t...e.x.e.......t...............-.......s............`c......C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\CL-EyeTest.exe..T.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.o.d.e. .L.a.b.o.r.a.t.o.r.i.e.s.\.C.L.-.E.y.e. .D.r.i.v.e.r.\.C.L.-.E.y.e.T.e.s.t...e.x.e.6.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.o.d.e. .L.a.b.o.r.a.t.o.r.i.e.s.\.C.L.-.E.y.e. .D.r.i.v.e.r.........*....
                                  C:\Users\Public\Desktop\CL-Eye Test.lnk
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Dec 6 08:57:14 2012, mtime=Sun Jan 24 11:55:18 2021, atime=Thu Dec 6 08:57:14 2012, length=161048, window=hide
                                  Category:dropped
                                  Size (bytes):1323
                                  Entropy (8bit):4.603441061230194
                                  Encrypted:false
                                  SSDEEP:24:8mBHB8bdOE6kZXGRA75wXCdXgLjdXuUUHW1WM7aB6m:8mpB8bdOmXGi75XdSdnYW1W5B6
                                  MD5:1F35AFAE6744848054DF53CA1961C8BC
                                  SHA1:5E01DF051113FB39691B7A475CF6F78349E430A7
                                  SHA-256:37D4883BFA73B59882062D08B36425AD686F1ADC79D89434DD73B1C9A75FE162
                                  SHA-512:D4D2E6B5F6FADA9B78C7D376CCA592E2D734FA5A8238C7F2B74653939E7099A3A41B727095094F6F8398C03CE41087EFD29F6B0036BC9CED0D5872E210AB7112
                                  Malicious:false
                                  Preview: L..................F.... .....(........+P.....(......u...........................P.O. .:i.....+00.../C:\.....................1.....8R.f..PROGRA~2.........L.8R.f....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....l.1.....8R.f..CODELA~1..T......8R.f8R.f.....X........................C.o.d.e. .L.a.b.o.r.a.t.o.r.i.e.s.....d.1.....8R.f..CL-EYE~1..L......8R.f8R.f.....X........................C.L.-.E.y.e. .D.r.i.v.e.r.....j.2..u...A'O .CL-EYE~1.EXE..N......A'O8R.f.....X........................C.L.-.E.y.e.T.e.s.t...e.x.e.......t...............-.......s............`c......C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\CL-EyeTest.exe..K.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.o.d.e. .L.a.b.o.r.a.t.o.r.i.e.s.\.C.L.-.E.y.e. .D.r.i.v.e.r.\.C.L.-.E.y.e.T.e.s.t...e.x.e.6.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.o.d.e. .L.a.b.o.r.a.t.o.r.i.e.s.\.C.L.-.E.y.e. .D.r.i.v.e.r.........*................@Z|...
                                  C:\Users\user\AppData\Local\Temp\nse9D07.tmp
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):6634293
                                  Entropy (8bit):7.753876996224475
                                  Encrypted:false
                                  SSDEEP:98304:cs45Z2ans8GVoLd+GnNBc/lw+FtN0A0AZ4lBkCOXyojkzBAw7uilzp83:cso2ansBGdPnvctdF4FECEpw7uilV83
                                  MD5:3BB1C2853FA55BE957467095BFC668D7
                                  SHA1:B2509FD4C7A6F0319734097779F6FC0A1DC70DCB
                                  SHA-256:335273AFFB412BE896477C16F70B0FF1D68A595B40A89E318DA80E9BD625D152
                                  SHA-512:C3A12399473ABCF6802EECD16BF8E58B196EF4F0F3F303229868D0DA9D1608191D38FBF987F9B140FCF525E967AFE8EABEDE391EEE73C3046882DDE50EEC6B11
                                  Malicious:false
                                  Preview: .U......,.......l...............Xr......PT......vU..........................3...........................&.......................k...............................................................................................................................................................%...............................................................................f.......................B.......................D...............j.......................B.......................................................................................................................c.......B.......................................u.......................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nst827A.tmp
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):6634293
                                  Entropy (8bit):7.753876996224475
                                  Encrypted:false
                                  SSDEEP:98304:cs45Z2ans8GVoLd+GnNBc/lw+FtN0A0AZ4lBkCOXyojkzBAw7uilzp83:cso2ansBGdPnvctdF4FECEpw7uilV83
                                  MD5:3BB1C2853FA55BE957467095BFC668D7
                                  SHA1:B2509FD4C7A6F0319734097779F6FC0A1DC70DCB
                                  SHA-256:335273AFFB412BE896477C16F70B0FF1D68A595B40A89E318DA80E9BD625D152
                                  SHA-512:C3A12399473ABCF6802EECD16BF8E58B196EF4F0F3F303229868D0DA9D1608191D38FBF987F9B140FCF525E967AFE8EABEDE391EEE73C3046882DDE50EEC6B11
                                  Malicious:false
                                  Preview: .U......,.......l...............Xr......PT......vU..........................3...........................&.......................k...............................................................................................................................................................%...............................................................................f.......................B.......................D...............j.......................B.......................................................................................................................c.......B.......................................u.......................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):65024
                                  Entropy (8bit):5.759521527165683
                                  Encrypted:false
                                  SSDEEP:1536:qnOUkO0UXRiKvbVAc5xt3xGnmdYw+WXsA9iYzvy:OOUu3KvbVtxtBGnmdt+WXso
                                  MD5:1444BCFEFF029BB1E9B1CA3B896CD143
                                  SHA1:A002C0995AEF87A0B523C69073B0B10EF850ACAA
                                  SHA-256:781F4ECA34D7EA200EC534F556AE0D39A89E0E38D909899166A6E910B57E2CBD
                                  SHA-512:2BD309DC6605A0ED714C21E9C0BBE9A973E7D4F078E9944EC1E2CC273C98B400A76B94BEAA8389D000EEE3FF982B4A1B9A4E6E5FD21FAE84DE622951B15FAEBC
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=[.eS..eS..eS......eS......eS......eS..eR..eS......eS...-..eS......eS......eS.Rich.eS.................PE..L.....pK.....................................................................@.......K....@...... ......................................xW...................0..........................................@............................................text...f........................... ..`.data....(..........................@....rsrc...xW.......X..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nst827B.tmp\CodeLabs.cer
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):1399
                                  Entropy (8bit):7.134722692336902
                                  Encrypted:false
                                  SSDEEP:24:zKNQ3IaffyrW11B+iIrWGwBB1IW7IXGL3ishvrRgjDiuVz0mkh1BId0WE9EDpq6b:zKQDffr1yibBDrIWb2DiuVxkhbId0juB
                                  MD5:972B62B8C7088AF29C364514E6582F0B
                                  SHA1:97B8DB93E99E6D5D8F6424143BE1F8F96D0F4FA7
                                  SHA-256:7D535AD3E333875076288791BBCE84FD7DB67624940B2639418EB40BF39CE465
                                  SHA-512:F0E54B5EAB3D67902B823C879CF73DB95372AE222F60885597C43BA93BE81852008C88CC20DE1FB96A93B86E219025191D670EC373E4FE256071BD3AE7D175CD
                                  Malicious:false
                                  Preview: 0..s0..[.......6!a]]..SX..x.A..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://www.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...121202000000Z..140101235959Z0..1.0...U....US1.0...U....Nevada1.0...U....Henderson1 0...U....Code Laboratories, Inc.1>0<..U...5Digital ID Class 3 - Microsoft Software Validation v21 0...U....Code Laboratories, Inc.0.."0...*.H.............0.........KV.....B.3..Bm%<k\..(..A.r.Gs|x`..E..........._.:..B....]4.m.....7.e8.J.G.{..K.~?.mN...+m.F....u.....{ ...~v......BsN....X..3...^|.......... .....G..A.DU%....N.nt.$4..-K`!.y...p..C.....,.(........4..9gGx.S..eSzB..S.<.V.rB.'.}jN.o1.3Z.hd.e...=........{0..w0...U....0.0...U...........0@..U...90705.3.1./http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D..U. .=0;09..`.H...E....0*0(..+.........https://www.verisign.com/rpa0...U.%..0...+.......0q..+........e0c0$..+.....0...http://ocsp.verisign.com0;..+.....0../
                                  C:\Users\user\AppData\Local\Temp\nst827B.tmp\System.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):11264
                                  Entropy (8bit):5.568877095847681
                                  Encrypted:false
                                  SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                  MD5:C17103AE9072A06DA581DEC998343FC1
                                  SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                  SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                  SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nst827B.tmp\modern-header.bmp
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PC bitmap, Windows 3.x format, 150 x 57 x 24
                                  Category:dropped
                                  Size (bytes):25818
                                  Entropy (8bit):6.701980959072744
                                  Encrypted:false
                                  SSDEEP:192:FChlOL8ZsdkLsnDIIaX1kE5xl4LLXhLZhQXkgmyWv5TGXjzCMb9pK0yzu5OY68Z7:FqOHUu5ktJU37c
                                  MD5:BF0CAC9A510A5C7C674734F70CC78EED
                                  SHA1:3315DE8307BE3D0B02D1C939DAEEA71256B045B5
                                  SHA-256:EA407BA58AB565DA56864C02BE188D42F4C35E1124AF85AC668601C7D9FE885C
                                  SHA-512:2180DE9FC2C0CE2301CD10F5B522E42B2DB57894D597EC7F8F48EAA9146C722144C21481F34E4DA1060197C21B25B50FE4732E42A542259CB8D41B4E34F62B08
                                  Malicious:false
                                  Preview: BM.d......6...(.......9............d..a...a............sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.tI.uJ.vL.wM.wM.xN.yO.zP.|R.}V.~W..X..Z..[..] ._#.`%.b&.d*.f..i/.j2.k4.m9.p:.r>.tA.vC.xG.zI.|M.~Q..T..X..Y..].._..c..g..l..m..p..u..x..{........................................................................................................................................................R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..S..S..U..V..W..X..Y..Z..]..^.._..`..a..c..e!.g".h%.k'.m*.n-.p/.r3.t6.u8.w<.y=.zA.}D..G..J..N..P..T..W..Z..^..^..b..g..k..n..p..t..w..|....................................................................................................................................................X..X..X..X..X..X..X..X..X..X..X..X..X..X
                                  C:\Users\user\AppData\Local\Temp\nst827B.tmp\modern-wizard.bmp
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24
                                  Category:dropped
                                  Size (bytes):309084
                                  Entropy (8bit):4.701330546427498
                                  Encrypted:false
                                  SSDEEP:768:7PP4Cu6o3BJeg3m4IBzaGhVmF3mIpVR2VoGEwUNg6KKIrs+ysufmhAGU/oZIy8ZQ:mKr
                                  MD5:2770EC787024E58D3252ED61638447F4
                                  SHA1:15CF54FEE8CA8C0B176AED93A6F0F3F690B8B217
                                  SHA-256:966167235AF724AF525EB5B2545DCBB734A1AF26CFAA2CD77ABB080764362EC6
                                  SHA-512:5E04B7DC798BE73B9A2457BDC1E672828AC41C2D5299BFC1198F4E579B763E367577E1A35F64740634F276E3CE2ECF65430191B84EE810BCF6FCC41BC9BB502E
                                  Malicious:false
                                  Preview: BM.[......6...(.......:...........x[....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nst827B.tmp\nsDialogs.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):9728
                                  Entropy (8bit):5.054726426952
                                  Encrypted:false
                                  SSDEEP:96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
                                  MD5:C10E04DD4AD4277D5ADC951BB331C777
                                  SHA1:B1E30808198A3AE6D6D1CCA62DF8893DC2A7AD43
                                  SHA-256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
                                  SHA-512:853A5564BF751D40484EA482444C6958457CB4A17FB973CF870F03F201B8B2643BE41BCCDE00F6B2026DC0C3D113E6481B0DC4C7B0F3AE7966D38C92C6B5862E
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.cXN`0XN`0XN`0XNa0mN`0.A=0UN`0.mP0]N`0.Hf0YN`0.nd0YN`0RichXN`0........................PE..L......K...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...G........................... ..`.rdata..k....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..<....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nst827B.tmp\nsExec.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):6656
                                  Entropy (8bit):5.036651327230889
                                  Encrypted:false
                                  SSDEEP:96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
                                  MD5:ACC2B699EDFEA5BF5AAE45ABA3A41E96
                                  SHA1:D2ACCF4D494E43CEB2CFF69ABE4DD17147D29CC2
                                  SHA-256:168A974EAA3F588D759DB3F47C1A9FDC3494BA1FA1A73A84E5E3B2A4D58ABD7E
                                  SHA-512:E29EA10ADA98C71A18273B04F44F385B120D4E8473E441CE5748CFA44A23648814F2656F429B85440157988C88DE776C6AC008DC38BF09CBB746C230A46C69FE
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                  • Antivirus: ReversingLabs, Detection: 0%
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........PE..L......K...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text...H........................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):145920
                                  Entropy (8bit):6.195003438017005
                                  Encrypted:false
                                  SSDEEP:3072:pDsy3Iz27vf6Uz4wtApVzVH8csZm5Z4GFQeLn04gQAL/iha8n:pDsy3K2jfewtApTH9sc5Z70n
                                  MD5:D0047E39B0DFD11EC2A50E2A45C2D9BE
                                  SHA1:7DD0C7C4689AA4C70E3FFAD86C2336D0785283B3
                                  SHA-256:5957F8A0BEA130C6C4D91AF8C5D6879943DC76FAF1EBB50A70E3BD285FC8D86E
                                  SHA-512:4807E11CDFF1F5FE78B7172CC0170DE51FA97997F0096EF44E1C6D159DF7E933889E64A368055CAC5C57F5297478F1A035E0402818CCF33C540503F36305A64C
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!0.Oc.Oc.OcOm1c.Oc.o2c.Oc.4"c.Oc.44c.Oc.Nc..Oc.o"cX.Oc.o!c.Oc.o3c.Oc.o7c.OcRich.Oc................PE..d.....|L..........#......t.....................@................................................................................................<............`..h....................................................................... ............................text....r.......t.................. ..`.rdata..Z............x..............@..@.data...$=... ......................@....pdata..h....`......................@..@.rsrc................6..............@..@........................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz8F4C.tmp
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):6634293
                                  Entropy (8bit):7.753876996224475
                                  Encrypted:false
                                  SSDEEP:98304:cs45Z2ans8GVoLd+GnNBc/lw+FtN0A0AZ4lBkCOXyojkzBAw7uilzp83:cso2ansBGdPnvctdF4FECEpw7uilV83
                                  MD5:3BB1C2853FA55BE957467095BFC668D7
                                  SHA1:B2509FD4C7A6F0319734097779F6FC0A1DC70DCB
                                  SHA-256:335273AFFB412BE896477C16F70B0FF1D68A595B40A89E318DA80E9BD625D152
                                  SHA-512:C3A12399473ABCF6802EECD16BF8E58B196EF4F0F3F303229868D0DA9D1608191D38FBF987F9B140FCF525E967AFE8EABEDE391EEE73C3046882DDE50EEC6B11
                                  Malicious:false
                                  Preview: .U......,.......l...............Xr......PT......vU..........................3...........................&.......................k...............................................................................................................................................................%...............................................................................f.......................B.......................D...............j.......................B.......................................................................................................................c.......B.......................................u.......................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CLEyeCleaner.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):83224
                                  Entropy (8bit):6.351363917092339
                                  Encrypted:false
                                  SSDEEP:1536:3d4bBq3zLknOF403QN8OomqMDBsgsDPmkpyU598o76mmj8:3d4bBczAnOVxmTZsDPvL38o76N8
                                  MD5:CC59B63DFCC157DD8B964DCD2DBCE1E5
                                  SHA1:18B387086F3B18A93DA1358D8AD3D8E2F3E226CD
                                  SHA-256:B6CD1D3CF1C570888ABA3EB54A51352FDE7FC8E0DFE0E92C6E2B89F7F9ACB7FF
                                  SHA-512:BDA7C0FF5A95EE9E0764B2DD11B100EBC7D4C0477A22CC711CC6181C2D9C5F39D56E6C15EB99AF6EC90A6B43CDAAD62C9FBD0A1D1DFE1F1D03F56A1C12D52349
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E...+...+...+.hVU...+......+......+......+......+...*..+.......+.......+.......+.Rich..+.........PE..L....k.P...........!.........~.......4.......................................p......k.....@.............................I...d...P....................(.......P..........................................@............................................text...t........................... ..`.rdata...7.......8..................@..@.data....-... ......................@....reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exe
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):65024
                                  Entropy (8bit):5.759521527165683
                                  Encrypted:false
                                  SSDEEP:1536:qnOUkO0UXRiKvbVAc5xt3xGnmdYw+WXsA9iYzvy:OOUu3KvbVtxtBGnmdt+WXso
                                  MD5:1444BCFEFF029BB1E9B1CA3B896CD143
                                  SHA1:A002C0995AEF87A0B523C69073B0B10EF850ACAA
                                  SHA-256:781F4ECA34D7EA200EC534F556AE0D39A89E0E38D909899166A6E910B57E2CBD
                                  SHA-512:2BD309DC6605A0ED714C21E9C0BBE9A973E7D4F078E9944EC1E2CC273C98B400A76B94BEAA8389D000EEE3FF982B4A1B9A4E6E5FD21FAE84DE622951B15FAEBC
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=[.eS..eS..eS......eS......eS......eS..eR..eS......eS...-..eS......eS......eS.Rich.eS.................PE..L.....pK.....................................................................@.......K....@...... ......................................xW...................0..........................................@............................................text...f........................... ..`.data....(..........................@....rsrc...xW.......X..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CodeLabs.cer
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):1399
                                  Entropy (8bit):7.134722692336902
                                  Encrypted:false
                                  SSDEEP:24:zKNQ3IaffyrW11B+iIrWGwBB1IW7IXGL3ishvrRgjDiuVz0mkh1BId0WE9EDpq6b:zKQDffr1yibBDrIWb2DiuVxkhbId0juB
                                  MD5:972B62B8C7088AF29C364514E6582F0B
                                  SHA1:97B8DB93E99E6D5D8F6424143BE1F8F96D0F4FA7
                                  SHA-256:7D535AD3E333875076288791BBCE84FD7DB67624940B2639418EB40BF39CE465
                                  SHA-512:F0E54B5EAB3D67902B823C879CF73DB95372AE222F60885597C43BA93BE81852008C88CC20DE1FB96A93B86E219025191D670EC373E4FE256071BD3AE7D175CD
                                  Malicious:false
                                  Preview: 0..s0..[.......6!a]]..SX..x.A..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://www.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...121202000000Z..140101235959Z0..1.0...U....US1.0...U....Nevada1.0...U....Henderson1 0...U....Code Laboratories, Inc.1>0<..U...5Digital ID Class 3 - Microsoft Software Validation v21 0...U....Code Laboratories, Inc.0.."0...*.H.............0.........KV.....B.3..Bm%<k\..(..A.r.Gs|x`..E..........._.:..B....]4.m.....7.e8.J.G.{..K.~?.mN...+m.F....u.....{ ...~v......BsN....X..3...^|.......... .....G..A.DU%....N.nt.$4..-K`!.y...p..C.....,.(........4..9gGx.S..eSzB..S.<.V.rB.'.}jN.o1.3Z.hd.e...=........{0..w0...U....0.0...U...........0@..U...90705.3.1./http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D..U. .=0;09..`.H...E....0*0(..+.........https://www.verisign.com/rpa0...U.%..0...+.......0q..+........e0c0$..+.....0...http://ocsp.verisign.com0;..+.....0../
                                  C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\System.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):11264
                                  Entropy (8bit):5.568877095847681
                                  Encrypted:false
                                  SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                  MD5:C17103AE9072A06DA581DEC998343FC1
                                  SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                  SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                  SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\modern-header.bmp
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PC bitmap, Windows 3.x format, 150 x 57 x 24
                                  Category:dropped
                                  Size (bytes):25818
                                  Entropy (8bit):6.701980959072744
                                  Encrypted:false
                                  SSDEEP:192:FChlOL8ZsdkLsnDIIaX1kE5xl4LLXhLZhQXkgmyWv5TGXjzCMb9pK0yzu5OY68Z7:FqOHUu5ktJU37c
                                  MD5:BF0CAC9A510A5C7C674734F70CC78EED
                                  SHA1:3315DE8307BE3D0B02D1C939DAEEA71256B045B5
                                  SHA-256:EA407BA58AB565DA56864C02BE188D42F4C35E1124AF85AC668601C7D9FE885C
                                  SHA-512:2180DE9FC2C0CE2301CD10F5B522E42B2DB57894D597EC7F8F48EAA9146C722144C21481F34E4DA1060197C21B25B50FE4732E42A542259CB8D41B4E34F62B08
                                  Malicious:false
                                  Preview: BM.d......6...(.......9............d..a...a............sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.tI.uJ.vL.wM.wM.xN.yO.zP.|R.}V.~W..X..Z..[..] ._#.`%.b&.d*.f..i/.j2.k4.m9.p:.r>.tA.vC.xG.zI.|M.~Q..T..X..Y..].._..c..g..l..m..p..u..x..{........................................................................................................................................................R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..S..S..U..V..W..X..Y..Z..]..^.._..`..a..c..e!.g".h%.k'.m*.n-.p/.r3.t6.u8.w<.y=.zA.}D..G..J..N..P..T..W..Z..^..^..b..g..k..n..p..t..w..|....................................................................................................................................................X..X..X..X..X..X..X..X..X..X..X..X..X..X
                                  C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\modern-wizard.bmp
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24
                                  Category:dropped
                                  Size (bytes):309084
                                  Entropy (8bit):4.701330546427498
                                  Encrypted:false
                                  SSDEEP:768:7PP4Cu6o3BJeg3m4IBzaGhVmF3mIpVR2VoGEwUNg6KKIrs+ysufmhAGU/oZIy8ZQ:mKr
                                  MD5:2770EC787024E58D3252ED61638447F4
                                  SHA1:15CF54FEE8CA8C0B176AED93A6F0F3F690B8B217
                                  SHA-256:966167235AF724AF525EB5B2545DCBB734A1AF26CFAA2CD77ABB080764362EC6
                                  SHA-512:5E04B7DC798BE73B9A2457BDC1E672828AC41C2D5299BFC1198F4E579B763E367577E1A35F64740634F276E3CE2ECF65430191B84EE810BCF6FCC41BC9BB502E
                                  Malicious:false
                                  Preview: BM.[......6...(.......:...........x[....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\nsDialogs.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):9728
                                  Entropy (8bit):5.054726426952
                                  Encrypted:false
                                  SSDEEP:96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
                                  MD5:C10E04DD4AD4277D5ADC951BB331C777
                                  SHA1:B1E30808198A3AE6D6D1CCA62DF8893DC2A7AD43
                                  SHA-256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
                                  SHA-512:853A5564BF751D40484EA482444C6958457CB4A17FB973CF870F03F201B8B2643BE41BCCDE00F6B2026DC0C3D113E6481B0DC4C7B0F3AE7966D38C92C6B5862E
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.cXN`0XN`0XN`0XNa0mN`0.A=0UN`0.mP0]N`0.Hf0YN`0.nd0YN`0RichXN`0........................PE..L......K...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...G........................... ..`.rdata..k....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..<....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\nsExec.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):6656
                                  Entropy (8bit):5.036651327230889
                                  Encrypted:false
                                  SSDEEP:96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
                                  MD5:ACC2B699EDFEA5BF5AAE45ABA3A41E96
                                  SHA1:D2ACCF4D494E43CEB2CFF69ABE4DD17147D29CC2
                                  SHA-256:168A974EAA3F588D759DB3F47C1A9FDC3494BA1FA1A73A84E5E3B2A4D58ABD7E
                                  SHA-512:E29EA10ADA98C71A18273B04F44F385B120D4E8473E441CE5748CFA44A23648814F2656F429B85440157988C88DE776C6AC008DC38BF09CBB746C230A46C69FE
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........PE..L......K...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text...H........................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):145920
                                  Entropy (8bit):6.195003438017005
                                  Encrypted:false
                                  SSDEEP:3072:pDsy3Iz27vf6Uz4wtApVzVH8csZm5Z4GFQeLn04gQAL/iha8n:pDsy3K2jfewtApTH9sc5Z70n
                                  MD5:D0047E39B0DFD11EC2A50E2A45C2D9BE
                                  SHA1:7DD0C7C4689AA4C70E3FFAD86C2336D0785283B3
                                  SHA-256:5957F8A0BEA130C6C4D91AF8C5D6879943DC76FAF1EBB50A70E3BD285FC8D86E
                                  SHA-512:4807E11CDFF1F5FE78B7172CC0170DE51FA97997F0096EF44E1C6D159DF7E933889E64A368055CAC5C57F5297478F1A035E0402818CCF33C540503F36305A64C
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!0.Oc.Oc.OcOm1c.Oc.o2c.Oc.4"c.Oc.44c.Oc.Nc..Oc.o"cX.Oc.o!c.Oc.o3c.Oc.o7c.OcRich.Oc................PE..d.....|L..........#......t.....................@................................................................................................<............`..h....................................................................... ............................text....r.......t.................. ..`.rdata..Z............x..............@..@.data...$=... ......................@....pdata..h....`......................@..@.rsrc................6..............@..@........................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CLEyeCleaner.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):83224
                                  Entropy (8bit):6.351363917092339
                                  Encrypted:false
                                  SSDEEP:1536:3d4bBq3zLknOF403QN8OomqMDBsgsDPmkpyU598o76mmj8:3d4bBczAnOVxmTZsDPvL38o76N8
                                  MD5:CC59B63DFCC157DD8B964DCD2DBCE1E5
                                  SHA1:18B387086F3B18A93DA1358D8AD3D8E2F3E226CD
                                  SHA-256:B6CD1D3CF1C570888ABA3EB54A51352FDE7FC8E0DFE0E92C6E2B89F7F9ACB7FF
                                  SHA-512:BDA7C0FF5A95EE9E0764B2DD11B100EBC7D4C0477A22CC711CC6181C2D9C5F39D56E6C15EB99AF6EC90A6B43CDAAD62C9FBD0A1D1DFE1F1D03F56A1C12D52349
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E...+...+...+.hVU...+......+......+......+......+...*..+.......+.......+.......+.Rich..+.........PE..L....k.P...........!.........~.......4.......................................p......k.....@.............................I...d...P....................(.......P..........................................@............................................text...t........................... ..`.rdata...7.......8..................@..@.data....-... ......................@....reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exe
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):65024
                                  Entropy (8bit):5.759521527165683
                                  Encrypted:false
                                  SSDEEP:1536:qnOUkO0UXRiKvbVAc5xt3xGnmdYw+WXsA9iYzvy:OOUu3KvbVtxtBGnmdt+WXso
                                  MD5:1444BCFEFF029BB1E9B1CA3B896CD143
                                  SHA1:A002C0995AEF87A0B523C69073B0B10EF850ACAA
                                  SHA-256:781F4ECA34D7EA200EC534F556AE0D39A89E0E38D909899166A6E910B57E2CBD
                                  SHA-512:2BD309DC6605A0ED714C21E9C0BBE9A973E7D4F078E9944EC1E2CC273C98B400A76B94BEAA8389D000EEE3FF982B4A1B9A4E6E5FD21FAE84DE622951B15FAEBC
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=[.eS..eS..eS......eS......eS......eS..eR..eS......eS...-..eS......eS......eS.Rich.eS.................PE..L.....pK.....................................................................@.......K....@...... ......................................xW...................0..........................................@............................................text...f........................... ..`.data....(..........................@....rsrc...xW.......X..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CodeLabs.cer
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):1399
                                  Entropy (8bit):7.134722692336902
                                  Encrypted:false
                                  SSDEEP:24:zKNQ3IaffyrW11B+iIrWGwBB1IW7IXGL3ishvrRgjDiuVz0mkh1BId0WE9EDpq6b:zKQDffr1yibBDrIWb2DiuVxkhbId0juB
                                  MD5:972B62B8C7088AF29C364514E6582F0B
                                  SHA1:97B8DB93E99E6D5D8F6424143BE1F8F96D0F4FA7
                                  SHA-256:7D535AD3E333875076288791BBCE84FD7DB67624940B2639418EB40BF39CE465
                                  SHA-512:F0E54B5EAB3D67902B823C879CF73DB95372AE222F60885597C43BA93BE81852008C88CC20DE1FB96A93B86E219025191D670EC373E4FE256071BD3AE7D175CD
                                  Malicious:false
                                  Preview: 0..s0..[.......6!a]]..SX..x.A..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at https://www.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Signing 2010 CA0...121202000000Z..140101235959Z0..1.0...U....US1.0...U....Nevada1.0...U....Henderson1 0...U....Code Laboratories, Inc.1>0<..U...5Digital ID Class 3 - Microsoft Software Validation v21 0...U....Code Laboratories, Inc.0.."0...*.H.............0.........KV.....B.3..Bm%<k\..(..A.r.Gs|x`..E..........._.:..B....]4.m.....7.e8.J.G.{..K.~?.mN...+m.F....u.....{ ...~v......BsN....X..3...^|.......... .....G..A.DU%....N.nt.$4..-K`!.y...p..C.....,.(........4..9gGx.S..eSzB..S.<.V.rB.'.}jN.o1.3Z.hd.e...=........{0..w0...U....0.0...U...........0@..U...90705.3.1./http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D..U. .=0;09..`.H...E....0*0(..+.........https://www.verisign.com/rpa0...U.%..0...+.......0q..+........e0c0$..+.....0...http://ocsp.verisign.com0;..+.....0../
                                  C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\System.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):11264
                                  Entropy (8bit):5.568877095847681
                                  Encrypted:false
                                  SSDEEP:192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
                                  MD5:C17103AE9072A06DA581DEC998343FC1
                                  SHA1:B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D
                                  SHA-256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
                                  SHA-512:D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j....l.9..i....l.Richm.........................PE..L......K...........!................0).......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...1........................... ..`.rdata.......0......."..............@..@.data...d....@.......&..............@....reloc.......P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\modern-header.bmp
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PC bitmap, Windows 3.x format, 150 x 57 x 24
                                  Category:dropped
                                  Size (bytes):25818
                                  Entropy (8bit):6.701980959072744
                                  Encrypted:false
                                  SSDEEP:192:FChlOL8ZsdkLsnDIIaX1kE5xl4LLXhLZhQXkgmyWv5TGXjzCMb9pK0yzu5OY68Z7:FqOHUu5ktJU37c
                                  MD5:BF0CAC9A510A5C7C674734F70CC78EED
                                  SHA1:3315DE8307BE3D0B02D1C939DAEEA71256B045B5
                                  SHA-256:EA407BA58AB565DA56864C02BE188D42F4C35E1124AF85AC668601C7D9FE885C
                                  SHA-512:2180DE9FC2C0CE2301CD10F5B522E42B2DB57894D597EC7F8F48EAA9146C722144C21481F34E4DA1060197C21B25B50FE4732E42A542259CB8D41B4E34F62B08
                                  Malicious:false
                                  Preview: BM.d......6...(.......9............d..a...a............sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.sH.tI.uJ.vL.wM.wM.xN.yO.zP.|R.}V.~W..X..Z..[..] ._#.`%.b&.d*.f..i/.j2.k4.m9.p:.r>.tA.vC.xG.zI.|M.~Q..T..X..Y..].._..c..g..l..m..p..u..x..{........................................................................................................................................................R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..R..S..S..U..V..W..X..Y..Z..]..^.._..`..a..c..e!.g".h%.k'.m*.n-.p/.r3.t6.u8.w<.y=.zA.}D..G..J..N..P..T..W..Z..^..^..b..g..k..n..p..t..w..|....................................................................................................................................................X..X..X..X..X..X..X..X..X..X..X..X..X..X
                                  C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\modern-wizard.bmp
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24
                                  Category:dropped
                                  Size (bytes):309084
                                  Entropy (8bit):4.701330546427498
                                  Encrypted:false
                                  SSDEEP:768:7PP4Cu6o3BJeg3m4IBzaGhVmF3mIpVR2VoGEwUNg6KKIrs+ysufmhAGU/oZIy8ZQ:mKr
                                  MD5:2770EC787024E58D3252ED61638447F4
                                  SHA1:15CF54FEE8CA8C0B176AED93A6F0F3F690B8B217
                                  SHA-256:966167235AF724AF525EB5B2545DCBB734A1AF26CFAA2CD77ABB080764362EC6
                                  SHA-512:5E04B7DC798BE73B9A2457BDC1E672828AC41C2D5299BFC1198F4E579B763E367577E1A35F64740634F276E3CE2ECF65430191B84EE810BCF6FCC41BC9BB502E
                                  Malicious:false
                                  Preview: BM.[......6...(.......:...........x[....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\nsDialogs.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):9728
                                  Entropy (8bit):5.054726426952
                                  Encrypted:false
                                  SSDEEP:96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420
                                  MD5:C10E04DD4AD4277D5ADC951BB331C777
                                  SHA1:B1E30808198A3AE6D6D1CCA62DF8893DC2A7AD43
                                  SHA-256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
                                  SHA-512:853A5564BF751D40484EA482444C6958457CB4A17FB973CF870F03F201B8B2643BE41BCCDE00F6B2026DC0C3D113E6481B0DC4C7B0F3AE7966D38C92C6B5862E
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.cXN`0XN`0XN`0XNa0mN`0.A=0UN`0.mP0]N`0.Hf0YN`0.nd0YN`0RichXN`0........................PE..L......K...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...G........................... ..`.rdata..k....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..<....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\nsExec.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):6656
                                  Entropy (8bit):5.036651327230889
                                  Encrypted:false
                                  SSDEEP:96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX
                                  MD5:ACC2B699EDFEA5BF5AAE45ABA3A41E96
                                  SHA1:D2ACCF4D494E43CEB2CFF69ABE4DD17147D29CC2
                                  SHA-256:168A974EAA3F588D759DB3F47C1A9FDC3494BA1FA1A73A84E5E3B2A4D58ABD7E
                                  SHA-512:E29EA10ADA98C71A18273B04F44F385B120D4E8473E441CE5748CFA44A23648814F2656F429B85440157988C88DE776C6AC008DC38BF09CBB746C230A46C69FE
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........PE..L......K...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text...H........................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):145920
                                  Entropy (8bit):6.195003438017005
                                  Encrypted:false
                                  SSDEEP:3072:pDsy3Iz27vf6Uz4wtApVzVH8csZm5Z4GFQeLn04gQAL/iha8n:pDsy3K2jfewtApTH9sc5Z70n
                                  MD5:D0047E39B0DFD11EC2A50E2A45C2D9BE
                                  SHA1:7DD0C7C4689AA4C70E3FFAD86C2336D0785283B3
                                  SHA-256:5957F8A0BEA130C6C4D91AF8C5D6879943DC76FAF1EBB50A70E3BD285FC8D86E
                                  SHA-512:4807E11CDFF1F5FE78B7172CC0170DE51FA97997F0096EF44E1C6D159DF7E933889E64A368055CAC5C57F5297478F1A035E0402818CCF33C540503F36305A64C
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!0.Oc.Oc.OcOm1c.Oc.o2c.Oc.4"c.Oc.44c.Oc.Nc..Oc.o"cX.Oc.o!c.Oc.o3c.Oc.o7c.OcRich.Oc................PE..d.....|L..........#......t.....................@................................................................................................<............`..h....................................................................... ............................text....r.......t.................. ..`.rdata..Z............x..............@..@.data...$=... ......................@....pdata..h....`......................@..@.rsrc................6..............@..@........................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\SET2E88.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):9121
                                  Entropy (8bit):7.154218995176762
                                  Encrypted:false
                                  SSDEEP:192:Tt+quC09Qw335/wJirNmL/TSrR1DHC+v+pSXjtlAur9ZCspE+TMcrZQvM:YP3mirILTaTICUHeMcQE
                                  MD5:2B1EF3BE14DB406855E7EF58A725FFE0
                                  SHA1:7498D416AD02288CE86696CA1633E750FD8A2C7F
                                  SHA-256:D70910EB2D223F843328443A18B79B50A71470B40F0A19B7C422F062322CD562
                                  SHA-512:1633ED6842962A135F5750A2C2AAF48D2C5FCB6EBD44C84514425546BDF0AFC1F2F8FD2290AA8EDD57F9F5E642EDB481278FBD3A7ED16DC3684699F13D885F14
                                  Malicious:false
                                  Preview: 0.#...*.H........#.0.#....1.0...+......0.....+.....7......0...0...+.....7.....4b7#.}.C..SDE.=...121206095708Z0...+.....7.....0...0....R0.5.6.3.9.9.F.A.A.C.B.9.F.C.4.9.F.3.C.F.7.8.B.F.C.3.D.9.F.2.F.4.6.3.E.5.0.1.2.E...1...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........c.....I..x.....c...0....R7.A.5.6.F.9.7.8.C.E.9.F.6.6.F.F.9.F.E.7.C.3.9.9.1.5.5.D.9.C.1.6.F.0.3.0.9.B.2.F...1..q0D..+.....7...1604...F.i.l.e......."p.s.3.e.y.e.c.a.m.e.r.a...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........zV.x.f.....]...0./0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.
                                  C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\SET2EB8.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe
                                  File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2621
                                  Entropy (8bit):5.399183015547126
                                  Encrypted:false
                                  SSDEEP:48:nq14WON4iA4W5gcgg1SVtJDNru9Qjd7U/CSHeokbKmd+N1+J1HEe+ofePCQGNtWX:n63ON4iA4W3zqIQZ7UzyH1fmCjb+
                                  MD5:60BB6D15F8989D61064565C5E7B7E7BB
                                  SHA1:7A56F978CE9F66FF9FE7C399155D9C16F0309B2F
                                  SHA-256:3D75843CF756E744177C3C5B31B9100D2C18C9FE8A7B6D0CF62FFEE9B5F53788
                                  SHA-512:74E9A3AB0507272D5DFA928C870BD3D0DAC23C32CFB8C95149819AEFE4F033CCA54BD9BB27C988004F83758689E88521D0BD3421FE6F206A6AA138A6A19A516D
                                  Malicious:false
                                  Preview: ; =====================================================================..; PS3Eye Driver for Windows XP/2003/Vista/Win7/Win8 x86/x64..; PS3EyeCamera.inf..; Driver installation file for the Sony PS3Eye camera..; Copyright (c) 2008-2012 Code Laboratories, Inc. All Rights Reserved...; =====================================================================..[Version]..Signature = "$Windows NT$"..Class = Image..ClassGuid = {6bdd1fc6-810f-11d0-bec7-08002be2092f}..Provider = %ProviderName%..DriverVer = 12/06/2012, 5.3.0.0341..CatalogFile.ntx86.= PS3EyeCamera.cat..CatalogFile.ntamd64 = PS3EyeCamera.cat....; ========== Manufacturer/Models sections ===========..[Manufacturer]..%Manufacturer% = Sony, NTx86, NTamd64....[Sony.NTx86]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[Sony.NTamd64]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[PS3EyeInstall]..Include = winusb.inf..Needs = WINUSB.NT..AddProperty = DeviceProperties....[DeviceProperties]..Dev
                                  C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\SET2EB9.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1721576
                                  Entropy (8bit):7.978334410477683
                                  Encrypted:false
                                  SSDEEP:24576:oU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWF:BFCsfZRZA6Xn388avVovfLd+Mo4iEF
                                  MD5:4DA5DA193E0E4F86F6F8FD43EF25329A
                                  SHA1:68A44D37FF535A2C454F2440E1429833A1C6D810
                                  SHA-256:18487B4FF94EDCCC98ED59D9FCA662D4A1331C5F1E14DF8DB3093256DD9F1C3E
                                  SHA-512:B3D73ED5E45D6F2908B2F3086390DD28C1631E298756CEE9BDF26B185F0B77D1B8C03AD55E0495DBA982C5BED4A03337B130C76F7112F3E19821127D2CF36853
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.v...%...%...%.m+%...%.m:%...%...% ..%.m-%...%.m=%...%.m,%...%.m7%...%...%...%.m*%...%.m/%...%Rich...%........................PE..d.....[J.........." .........0............................................................@.........................................`................p..l!...`..,....,...............................................................................................text...L........................... ..`.data....J..........................@....pdata..,....`......................@..@.rsrc...l!...p..."..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\SET2EE9.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1002728
                                  Entropy (8bit):7.9188668904013815
                                  Encrypted:false
                                  SSDEEP:24576:aAEBXzGJ7fW6hHv62VYeL7WCE3wixdLZWQzMjp:uBXQz/hPzxRwPdcO
                                  MD5:246900CE6474718730ECD4F873234CF5
                                  SHA1:0C84B56C82E4624824154D27926DED1C45F4B331
                                  SHA-256:981A17EFFDDBC20377512DDAEC9F22C2B7067E17A3E2A8CCF82BB7BB7B2420B6
                                  SHA-512:6A9E305BFBFB57D8F8FD16EDABEF9291A8A97E4B9C2AE90622F6C056E518A0A731FBB3E33A2591D87C8E4293D0F983EC515E6A241792962257B82401A8811D5C
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............8............>....../.-....(.T....9......!......?......:....Rich...........PE..d.....[J.........." ................ {....................................................@.........................................@.......8...P....p.......`.......4..................................................................(............................text............................... ..`.data....:... ......................@....pdata.......`....... ..............@..@.rsrc........p.......*..............@..@.reloc..D............0..............@..B................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\SET335B.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):9121
                                  Entropy (8bit):7.154218995176762
                                  Encrypted:false
                                  SSDEEP:192:Tt+quC09Qw335/wJirNmL/TSrR1DHC+v+pSXjtlAur9ZCspE+TMcrZQvM:YP3mirILTaTICUHeMcQE
                                  MD5:2B1EF3BE14DB406855E7EF58A725FFE0
                                  SHA1:7498D416AD02288CE86696CA1633E750FD8A2C7F
                                  SHA-256:D70910EB2D223F843328443A18B79B50A71470B40F0A19B7C422F062322CD562
                                  SHA-512:1633ED6842962A135F5750A2C2AAF48D2C5FCB6EBD44C84514425546BDF0AFC1F2F8FD2290AA8EDD57F9F5E642EDB481278FBD3A7ED16DC3684699F13D885F14
                                  Malicious:false
                                  Preview: 0.#...*.H........#.0.#....1.0...+......0.....+.....7......0...0...+.....7.....4b7#.}.C..SDE.=...121206095708Z0...+.....7.....0...0....R0.5.6.3.9.9.F.A.A.C.B.9.F.C.4.9.F.3.C.F.7.8.B.F.C.3.D.9.F.2.F.4.6.3.E.5.0.1.2.E...1...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........c.....I..x.....c...0....R7.A.5.6.F.9.7.8.C.E.9.F.6.6.F.F.9.F.E.7.C.3.9.9.1.5.5.D.9.C.1.6.F.0.3.0.9.B.2.F...1..q0D..+.....7...1604...F.i.l.e......."p.s.3.e.y.e.c.a.m.e.r.a...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........zV.x.f.....]...0./0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.
                                  C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\SET335C.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe
                                  File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2621
                                  Entropy (8bit):5.399183015547126
                                  Encrypted:false
                                  SSDEEP:48:nq14WON4iA4W5gcgg1SVtJDNru9Qjd7U/CSHeokbKmd+N1+J1HEe+ofePCQGNtWX:n63ON4iA4W3zqIQZ7UzyH1fmCjb+
                                  MD5:60BB6D15F8989D61064565C5E7B7E7BB
                                  SHA1:7A56F978CE9F66FF9FE7C399155D9C16F0309B2F
                                  SHA-256:3D75843CF756E744177C3C5B31B9100D2C18C9FE8A7B6D0CF62FFEE9B5F53788
                                  SHA-512:74E9A3AB0507272D5DFA928C870BD3D0DAC23C32CFB8C95149819AEFE4F033CCA54BD9BB27C988004F83758689E88521D0BD3421FE6F206A6AA138A6A19A516D
                                  Malicious:false
                                  Preview: ; =====================================================================..; PS3Eye Driver for Windows XP/2003/Vista/Win7/Win8 x86/x64..; PS3EyeCamera.inf..; Driver installation file for the Sony PS3Eye camera..; Copyright (c) 2008-2012 Code Laboratories, Inc. All Rights Reserved...; =====================================================================..[Version]..Signature = "$Windows NT$"..Class = Image..ClassGuid = {6bdd1fc6-810f-11d0-bec7-08002be2092f}..Provider = %ProviderName%..DriverVer = 12/06/2012, 5.3.0.0341..CatalogFile.ntx86.= PS3EyeCamera.cat..CatalogFile.ntamd64 = PS3EyeCamera.cat....; ========== Manufacturer/Models sections ===========..[Manufacturer]..%Manufacturer% = Sony, NTx86, NTamd64....[Sony.NTx86]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[Sony.NTamd64]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[PS3EyeInstall]..Include = winusb.inf..Needs = WINUSB.NT..AddProperty = DeviceProperties....[DeviceProperties]..Dev
                                  C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\SET338C.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1721576
                                  Entropy (8bit):7.978334410477683
                                  Encrypted:false
                                  SSDEEP:24576:oU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWF:BFCsfZRZA6Xn388avVovfLd+Mo4iEF
                                  MD5:4DA5DA193E0E4F86F6F8FD43EF25329A
                                  SHA1:68A44D37FF535A2C454F2440E1429833A1C6D810
                                  SHA-256:18487B4FF94EDCCC98ED59D9FCA662D4A1331C5F1E14DF8DB3093256DD9F1C3E
                                  SHA-512:B3D73ED5E45D6F2908B2F3086390DD28C1631E298756CEE9BDF26B185F0B77D1B8C03AD55E0495DBA982C5BED4A03337B130C76F7112F3E19821127D2CF36853
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.v...%...%...%.m+%...%.m:%...%...% ..%.m-%...%.m=%...%.m,%...%.m7%...%...%...%.m*%...%.m/%...%Rich...%........................PE..d.....[J.........." .........0............................................................@.........................................`................p..l!...`..,....,...............................................................................................text...L........................... ..`.data....J..........................@....pdata..,....`......................@..@.rsrc...l!...p..."..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\SET3429.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1002728
                                  Entropy (8bit):7.9188668904013815
                                  Encrypted:false
                                  SSDEEP:24576:aAEBXzGJ7fW6hHv62VYeL7WCE3wixdLZWQzMjp:uBXQz/hPzxRwPdcO
                                  MD5:246900CE6474718730ECD4F873234CF5
                                  SHA1:0C84B56C82E4624824154D27926DED1C45F4B331
                                  SHA-256:981A17EFFDDBC20377512DDAEC9F22C2B7067E17A3E2A8CCF82BB7BB7B2420B6
                                  SHA-512:6A9E305BFBFB57D8F8FD16EDABEF9291A8A97E4B9C2AE90622F6C056E518A0A731FBB3E33A2591D87C8E4293D0F983EC515E6A241792962257B82401A8811D5C
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............8............>....../.-....(.T....9......!......?......:....Rich...........PE..d.....[J.........." ................ {....................................................@.........................................@.......8...P....p.......`.......4..................................................................(............................text............................... ..`.data....:... ......................@....pdata.......`....... ..............@..@.rsrc........p.......*..............@..@.reloc..D............0..............@..B................................................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\SETE2AA.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):9121
                                  Entropy (8bit):7.154218995176762
                                  Encrypted:false
                                  SSDEEP:192:Tt+quC09Qw335/wJirNmL/TSrR1DHC+v+pSXjtlAur9ZCspE+TMcrZQvM:YP3mirILTaTICUHeMcQE
                                  MD5:2B1EF3BE14DB406855E7EF58A725FFE0
                                  SHA1:7498D416AD02288CE86696CA1633E750FD8A2C7F
                                  SHA-256:D70910EB2D223F843328443A18B79B50A71470B40F0A19B7C422F062322CD562
                                  SHA-512:1633ED6842962A135F5750A2C2AAF48D2C5FCB6EBD44C84514425546BDF0AFC1F2F8FD2290AA8EDD57F9F5E642EDB481278FBD3A7ED16DC3684699F13D885F14
                                  Malicious:false
                                  Preview: 0.#...*.H........#.0.#....1.0...+......0.....+.....7......0...0...+.....7.....4b7#.}.C..SDE.=...121206095708Z0...+.....7.....0...0....R0.5.6.3.9.9.F.A.A.C.B.9.F.C.4.9.F.3.C.F.7.8.B.F.C.3.D.9.F.2.F.4.6.3.E.5.0.1.2.E...1...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........c.....I..x.....c...0....R7.A.5.6.F.9.7.8.C.E.9.F.6.6.F.F.9.F.E.7.C.3.9.9.1.5.5.D.9.C.1.6.F.0.3.0.9.B.2.F...1..q0D..+.....7...1604...F.i.l.e......."p.s.3.e.y.e.c.a.m.e.r.a...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........zV.x.f.....]...0./0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.
                                  C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\SETE2AB.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe
                                  File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2621
                                  Entropy (8bit):5.399183015547126
                                  Encrypted:false
                                  SSDEEP:48:nq14WON4iA4W5gcgg1SVtJDNru9Qjd7U/CSHeokbKmd+N1+J1HEe+ofePCQGNtWX:n63ON4iA4W3zqIQZ7UzyH1fmCjb+
                                  MD5:60BB6D15F8989D61064565C5E7B7E7BB
                                  SHA1:7A56F978CE9F66FF9FE7C399155D9C16F0309B2F
                                  SHA-256:3D75843CF756E744177C3C5B31B9100D2C18C9FE8A7B6D0CF62FFEE9B5F53788
                                  SHA-512:74E9A3AB0507272D5DFA928C870BD3D0DAC23C32CFB8C95149819AEFE4F033CCA54BD9BB27C988004F83758689E88521D0BD3421FE6F206A6AA138A6A19A516D
                                  Malicious:false
                                  Preview: ; =====================================================================..; PS3Eye Driver for Windows XP/2003/Vista/Win7/Win8 x86/x64..; PS3EyeCamera.inf..; Driver installation file for the Sony PS3Eye camera..; Copyright (c) 2008-2012 Code Laboratories, Inc. All Rights Reserved...; =====================================================================..[Version]..Signature = "$Windows NT$"..Class = Image..ClassGuid = {6bdd1fc6-810f-11d0-bec7-08002be2092f}..Provider = %ProviderName%..DriverVer = 12/06/2012, 5.3.0.0341..CatalogFile.ntx86.= PS3EyeCamera.cat..CatalogFile.ntamd64 = PS3EyeCamera.cat....; ========== Manufacturer/Models sections ===========..[Manufacturer]..%Manufacturer% = Sony, NTx86, NTamd64....[Sony.NTx86]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[Sony.NTamd64]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[PS3EyeInstall]..Include = winusb.inf..Needs = WINUSB.NT..AddProperty = DeviceProperties....[DeviceProperties]..Dev
                                  C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\SETE2DB.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1721576
                                  Entropy (8bit):7.978334410477683
                                  Encrypted:false
                                  SSDEEP:24576:oU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWF:BFCsfZRZA6Xn388avVovfLd+Mo4iEF
                                  MD5:4DA5DA193E0E4F86F6F8FD43EF25329A
                                  SHA1:68A44D37FF535A2C454F2440E1429833A1C6D810
                                  SHA-256:18487B4FF94EDCCC98ED59D9FCA662D4A1331C5F1E14DF8DB3093256DD9F1C3E
                                  SHA-512:B3D73ED5E45D6F2908B2F3086390DD28C1631E298756CEE9BDF26B185F0B77D1B8C03AD55E0495DBA982C5BED4A03337B130C76F7112F3E19821127D2CF36853
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.v...%...%...%.m+%...%.m:%...%...% ..%.m-%...%.m=%...%.m,%...%.m7%...%...%...%.m*%...%.m/%...%Rich...%........................PE..d.....[J.........." .........0............................................................@.........................................`................p..l!...`..,....,...............................................................................................text...L........................... ..`.data....J..........................@....pdata..,....`......................@..@.rsrc...l!...p..."..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................
                                  C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\SETE34A.tmp
                                  Process:C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1002728
                                  Entropy (8bit):7.9188668904013815
                                  Encrypted:false
                                  SSDEEP:24576:aAEBXzGJ7fW6hHv62VYeL7WCE3wixdLZWQzMjp:uBXQz/hPzxRwPdcO
                                  MD5:246900CE6474718730ECD4F873234CF5
                                  SHA1:0C84B56C82E4624824154D27926DED1C45F4B331
                                  SHA-256:981A17EFFDDBC20377512DDAEC9F22C2B7067E17A3E2A8CCF82BB7BB7B2420B6
                                  SHA-512:6A9E305BFBFB57D8F8FD16EDABEF9291A8A97E4B9C2AE90622F6C056E518A0A731FBB3E33A2591D87C8E4293D0F983EC515E6A241792962257B82401A8811D5C
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............8............>....../.-....(.T....9......!......?......:....Rich...........PE..d.....[J.........." ................ {....................................................@.........................................@.......8...P....p.......`.......4..................................................................(............................text............................... ..`.data....:... ......................@....pdata.......`....... ..............@..@.rsrc........p.......*..............@..@.reloc..D............0..............@..B................................................................................................................................................................................................................................................................................................................
                                  C:\Windows\INF\oem3.inf
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2621
                                  Entropy (8bit):5.399183015547126
                                  Encrypted:false
                                  SSDEEP:48:nq14WON4iA4W5gcgg1SVtJDNru9Qjd7U/CSHeokbKmd+N1+J1HEe+ofePCQGNtWX:n63ON4iA4W3zqIQZ7UzyH1fmCjb+
                                  MD5:60BB6D15F8989D61064565C5E7B7E7BB
                                  SHA1:7A56F978CE9F66FF9FE7C399155D9C16F0309B2F
                                  SHA-256:3D75843CF756E744177C3C5B31B9100D2C18C9FE8A7B6D0CF62FFEE9B5F53788
                                  SHA-512:74E9A3AB0507272D5DFA928C870BD3D0DAC23C32CFB8C95149819AEFE4F033CCA54BD9BB27C988004F83758689E88521D0BD3421FE6F206A6AA138A6A19A516D
                                  Malicious:false
                                  Preview: ; =====================================================================..; PS3Eye Driver for Windows XP/2003/Vista/Win7/Win8 x86/x64..; PS3EyeCamera.inf..; Driver installation file for the Sony PS3Eye camera..; Copyright (c) 2008-2012 Code Laboratories, Inc. All Rights Reserved...; =====================================================================..[Version]..Signature = "$Windows NT$"..Class = Image..ClassGuid = {6bdd1fc6-810f-11d0-bec7-08002be2092f}..Provider = %ProviderName%..DriverVer = 12/06/2012, 5.3.0.0341..CatalogFile.ntx86.= PS3EyeCamera.cat..CatalogFile.ntamd64 = PS3EyeCamera.cat....; ========== Manufacturer/Models sections ===========..[Manufacturer]..%Manufacturer% = Sony, NTx86, NTamd64....[Sony.NTx86]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[Sony.NTamd64]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[PS3EyeInstall]..Include = winusb.inf..Needs = WINUSB.NT..AddProperty = DeviceProperties....[DeviceProperties]..Dev
                                  C:\Windows\System32\CLEyeDevices.dll
                                  Process:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):68888
                                  Entropy (8bit):4.595490225607613
                                  Encrypted:false
                                  SSDEEP:768:5QQb8qzJV27KywlOBXRT2EsHRJ1IIILT2Iv:5QQb8qFEOtlSXkEsHRJGmm
                                  MD5:DAD1C55402BFE58EE7E051EB26F367E7
                                  SHA1:DCB48ECD5A7998CC99D0E26189DA65F09849F8C0
                                  SHA-256:6DB1860BC51C56A0B552ABCEA593F1243409D9D07D19265D18110B45A7E3B6F0
                                  SHA-512:CDDE2C9D4C596ED6ABB76060AE95582D26DC1FF5600771E251507E6CF2DAF376EF4D97F423F3F16C555BAA431DBB12A29BEAA9A67D67362C474322ED75D05FC4
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}....~...~...~.....~.....~.....~.Rich..~.........PE..L....k.P...........!.................................................................{....@.............................................h............................................................................................................rsrc...h...........................@..@............................................................ ............................................................... .......8.......P.......h...........................................................................d...(.......................@.......................P.......................`.......................p...........................................................................................................................................................................................................
                                  C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\SET37A0.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):9121
                                  Entropy (8bit):7.154218995176762
                                  Encrypted:false
                                  SSDEEP:192:Tt+quC09Qw335/wJirNmL/TSrR1DHC+v+pSXjtlAur9ZCspE+TMcrZQvM:YP3mirILTaTICUHeMcQE
                                  MD5:2B1EF3BE14DB406855E7EF58A725FFE0
                                  SHA1:7498D416AD02288CE86696CA1633E750FD8A2C7F
                                  SHA-256:D70910EB2D223F843328443A18B79B50A71470B40F0A19B7C422F062322CD562
                                  SHA-512:1633ED6842962A135F5750A2C2AAF48D2C5FCB6EBD44C84514425546BDF0AFC1F2F8FD2290AA8EDD57F9F5E642EDB481278FBD3A7ED16DC3684699F13D885F14
                                  Malicious:false
                                  Preview: 0.#...*.H........#.0.#....1.0...+......0.....+.....7......0...0...+.....7.....4b7#.}.C..SDE.=...121206095708Z0...+.....7.....0...0....R0.5.6.3.9.9.F.A.A.C.B.9.F.C.4.9.F.3.C.F.7.8.B.F.C.3.D.9.F.2.F.4.6.3.E.5.0.1.2.E...1...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........c.....I..x.....c...0....R7.A.5.6.F.9.7.8.C.E.9.F.6.6.F.F.9.F.E.7.C.3.9.9.1.5.5.D.9.C.1.6.F.0.3.0.9.B.2.F...1..q0D..+.....7...1604...F.i.l.e......."p.s.3.e.y.e.c.a.m.e.r.a...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........zV.x.f.....]...0./0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.
                                  C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\SET37A1.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2621
                                  Entropy (8bit):5.399183015547126
                                  Encrypted:false
                                  SSDEEP:48:nq14WON4iA4W5gcgg1SVtJDNru9Qjd7U/CSHeokbKmd+N1+J1HEe+ofePCQGNtWX:n63ON4iA4W3zqIQZ7UzyH1fmCjb+
                                  MD5:60BB6D15F8989D61064565C5E7B7E7BB
                                  SHA1:7A56F978CE9F66FF9FE7C399155D9C16F0309B2F
                                  SHA-256:3D75843CF756E744177C3C5B31B9100D2C18C9FE8A7B6D0CF62FFEE9B5F53788
                                  SHA-512:74E9A3AB0507272D5DFA928C870BD3D0DAC23C32CFB8C95149819AEFE4F033CCA54BD9BB27C988004F83758689E88521D0BD3421FE6F206A6AA138A6A19A516D
                                  Malicious:false
                                  Preview: ; =====================================================================..; PS3Eye Driver for Windows XP/2003/Vista/Win7/Win8 x86/x64..; PS3EyeCamera.inf..; Driver installation file for the Sony PS3Eye camera..; Copyright (c) 2008-2012 Code Laboratories, Inc. All Rights Reserved...; =====================================================================..[Version]..Signature = "$Windows NT$"..Class = Image..ClassGuid = {6bdd1fc6-810f-11d0-bec7-08002be2092f}..Provider = %ProviderName%..DriverVer = 12/06/2012, 5.3.0.0341..CatalogFile.ntx86.= PS3EyeCamera.cat..CatalogFile.ntamd64 = PS3EyeCamera.cat....; ========== Manufacturer/Models sections ===========..[Manufacturer]..%Manufacturer% = Sony, NTx86, NTamd64....[Sony.NTx86]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[Sony.NTamd64]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[PS3EyeInstall]..Include = winusb.inf..Needs = WINUSB.NT..AddProperty = DeviceProperties....[DeviceProperties]..Dev
                                  C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\SET37A2.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1721576
                                  Entropy (8bit):7.978334410477683
                                  Encrypted:false
                                  SSDEEP:24576:oU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWF:BFCsfZRZA6Xn388avVovfLd+Mo4iEF
                                  MD5:4DA5DA193E0E4F86F6F8FD43EF25329A
                                  SHA1:68A44D37FF535A2C454F2440E1429833A1C6D810
                                  SHA-256:18487B4FF94EDCCC98ED59D9FCA662D4A1331C5F1E14DF8DB3093256DD9F1C3E
                                  SHA-512:B3D73ED5E45D6F2908B2F3086390DD28C1631E298756CEE9BDF26B185F0B77D1B8C03AD55E0495DBA982C5BED4A03337B130C76F7112F3E19821127D2CF36853
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.v...%...%...%.m+%...%.m:%...%...% ..%.m-%...%.m=%...%.m,%...%.m7%...%...%...%.m*%...%.m/%...%Rich...%........................PE..d.....[J.........." .........0............................................................@.........................................`................p..l!...`..,....,...............................................................................................text...L........................... ..`.data....J..........................@....pdata..,....`......................@..@.rsrc...l!...p..."..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................
                                  C:\Windows\System32\DriverStore\Temp\{3f8e32cd-6742-8f4b-a98a-a8f8ff86f0bf}\SET3801.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1002728
                                  Entropy (8bit):7.9188668904013815
                                  Encrypted:false
                                  SSDEEP:24576:aAEBXzGJ7fW6hHv62VYeL7WCE3wixdLZWQzMjp:uBXQz/hPzxRwPdcO
                                  MD5:246900CE6474718730ECD4F873234CF5
                                  SHA1:0C84B56C82E4624824154D27926DED1C45F4B331
                                  SHA-256:981A17EFFDDBC20377512DDAEC9F22C2B7067E17A3E2A8CCF82BB7BB7B2420B6
                                  SHA-512:6A9E305BFBFB57D8F8FD16EDABEF9291A8A97E4B9C2AE90622F6C056E518A0A731FBB3E33A2591D87C8E4293D0F983EC515E6A241792962257B82401A8811D5C
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............8............>....../.-....(.T....9......!......?......:....Rich...........PE..d.....[J.........." ................ {....................................................@.........................................@.......8...P....p.......`.......4..................................................................(............................text............................... ..`.data....:... ......................@....pdata.......`....... ..............@..@.rsrc........p.......*..............@..@.reloc..D............0..............@..B................................................................................................................................................................................................................................................................................................................
                                  C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\SET3280.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):9121
                                  Entropy (8bit):7.154218995176762
                                  Encrypted:false
                                  SSDEEP:192:Tt+quC09Qw335/wJirNmL/TSrR1DHC+v+pSXjtlAur9ZCspE+TMcrZQvM:YP3mirILTaTICUHeMcQE
                                  MD5:2B1EF3BE14DB406855E7EF58A725FFE0
                                  SHA1:7498D416AD02288CE86696CA1633E750FD8A2C7F
                                  SHA-256:D70910EB2D223F843328443A18B79B50A71470B40F0A19B7C422F062322CD562
                                  SHA-512:1633ED6842962A135F5750A2C2AAF48D2C5FCB6EBD44C84514425546BDF0AFC1F2F8FD2290AA8EDD57F9F5E642EDB481278FBD3A7ED16DC3684699F13D885F14
                                  Malicious:false
                                  Preview: 0.#...*.H........#.0.#....1.0...+......0.....+.....7......0...0...+.....7.....4b7#.}.C..SDE.=...121206095708Z0...+.....7.....0...0....R0.5.6.3.9.9.F.A.A.C.B.9.F.C.4.9.F.3.C.F.7.8.B.F.C.3.D.9.F.2.F.4.6.3.E.5.0.1.2.E...1...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........c.....I..x.....c...0....R7.A.5.6.F.9.7.8.C.E.9.F.6.6.F.F.9.F.E.7.C.3.9.9.1.5.5.D.9.C.1.6.F.0.3.0.9.B.2.F...1..q0D..+.....7...1604...F.i.l.e......."p.s.3.e.y.e.c.a.m.e.r.a...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........zV.x.f.....]...0./0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.
                                  C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\SET3281.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2621
                                  Entropy (8bit):5.399183015547126
                                  Encrypted:false
                                  SSDEEP:48:nq14WON4iA4W5gcgg1SVtJDNru9Qjd7U/CSHeokbKmd+N1+J1HEe+ofePCQGNtWX:n63ON4iA4W3zqIQZ7UzyH1fmCjb+
                                  MD5:60BB6D15F8989D61064565C5E7B7E7BB
                                  SHA1:7A56F978CE9F66FF9FE7C399155D9C16F0309B2F
                                  SHA-256:3D75843CF756E744177C3C5B31B9100D2C18C9FE8A7B6D0CF62FFEE9B5F53788
                                  SHA-512:74E9A3AB0507272D5DFA928C870BD3D0DAC23C32CFB8C95149819AEFE4F033CCA54BD9BB27C988004F83758689E88521D0BD3421FE6F206A6AA138A6A19A516D
                                  Malicious:false
                                  Preview: ; =====================================================================..; PS3Eye Driver for Windows XP/2003/Vista/Win7/Win8 x86/x64..; PS3EyeCamera.inf..; Driver installation file for the Sony PS3Eye camera..; Copyright (c) 2008-2012 Code Laboratories, Inc. All Rights Reserved...; =====================================================================..[Version]..Signature = "$Windows NT$"..Class = Image..ClassGuid = {6bdd1fc6-810f-11d0-bec7-08002be2092f}..Provider = %ProviderName%..DriverVer = 12/06/2012, 5.3.0.0341..CatalogFile.ntx86.= PS3EyeCamera.cat..CatalogFile.ntamd64 = PS3EyeCamera.cat....; ========== Manufacturer/Models sections ===========..[Manufacturer]..%Manufacturer% = Sony, NTx86, NTamd64....[Sony.NTx86]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[Sony.NTamd64]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[PS3EyeInstall]..Include = winusb.inf..Needs = WINUSB.NT..AddProperty = DeviceProperties....[DeviceProperties]..Dev
                                  C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\SET3282.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1721576
                                  Entropy (8bit):7.978334410477683
                                  Encrypted:false
                                  SSDEEP:24576:oU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWF:BFCsfZRZA6Xn388avVovfLd+Mo4iEF
                                  MD5:4DA5DA193E0E4F86F6F8FD43EF25329A
                                  SHA1:68A44D37FF535A2C454F2440E1429833A1C6D810
                                  SHA-256:18487B4FF94EDCCC98ED59D9FCA662D4A1331C5F1E14DF8DB3093256DD9F1C3E
                                  SHA-512:B3D73ED5E45D6F2908B2F3086390DD28C1631E298756CEE9BDF26B185F0B77D1B8C03AD55E0495DBA982C5BED4A03337B130C76F7112F3E19821127D2CF36853
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.v...%...%...%.m+%...%.m:%...%...% ..%.m-%...%.m=%...%.m,%...%.m7%...%...%...%.m*%...%.m/%...%Rich...%........................PE..d.....[J.........." .........0............................................................@.........................................`................p..l!...`..,....,...............................................................................................text...L........................... ..`.data....J..........................@....pdata..,....`......................@..@.rsrc...l!...p..."..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................
                                  C:\Windows\System32\DriverStore\Temp\{7ab2634a-f85e-b348-867e-cd8035a46a15}\SET32F0.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1002728
                                  Entropy (8bit):7.9188668904013815
                                  Encrypted:false
                                  SSDEEP:24576:aAEBXzGJ7fW6hHv62VYeL7WCE3wixdLZWQzMjp:uBXQz/hPzxRwPdcO
                                  MD5:246900CE6474718730ECD4F873234CF5
                                  SHA1:0C84B56C82E4624824154D27926DED1C45F4B331
                                  SHA-256:981A17EFFDDBC20377512DDAEC9F22C2B7067E17A3E2A8CCF82BB7BB7B2420B6
                                  SHA-512:6A9E305BFBFB57D8F8FD16EDABEF9291A8A97E4B9C2AE90622F6C056E518A0A731FBB3E33A2591D87C8E4293D0F983EC515E6A241792962257B82401A8811D5C
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............8............>....../.-....(.T....9......!......?......:....Rich...........PE..d.....[J.........." ................ {....................................................@.........................................@.......8...P....p.......`.......4..................................................................(............................text............................... ..`.data....:... ......................@....pdata.......`....... ..............@..@.rsrc........p.......*..............@..@.reloc..D............0..............@..B................................................................................................................................................................................................................................................................................................................
                                  C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\SETE76D.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):9121
                                  Entropy (8bit):7.154218995176762
                                  Encrypted:false
                                  SSDEEP:192:Tt+quC09Qw335/wJirNmL/TSrR1DHC+v+pSXjtlAur9ZCspE+TMcrZQvM:YP3mirILTaTICUHeMcQE
                                  MD5:2B1EF3BE14DB406855E7EF58A725FFE0
                                  SHA1:7498D416AD02288CE86696CA1633E750FD8A2C7F
                                  SHA-256:D70910EB2D223F843328443A18B79B50A71470B40F0A19B7C422F062322CD562
                                  SHA-512:1633ED6842962A135F5750A2C2AAF48D2C5FCB6EBD44C84514425546BDF0AFC1F2F8FD2290AA8EDD57F9F5E642EDB481278FBD3A7ED16DC3684699F13D885F14
                                  Malicious:false
                                  Preview: 0.#...*.H........#.0.#....1.0...+......0.....+.....7......0...0...+.....7.....4b7#.}.C..SDE.=...121206095708Z0...+.....7.....0...0....R0.5.6.3.9.9.F.A.A.C.B.9.F.C.4.9.F.3.C.F.7.8.B.F.C.3.D.9.F.2.F.4.6.3.E.5.0.1.2.E...1...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........c.....I..x.....c...0....R7.A.5.6.F.9.7.8.C.E.9.F.6.6.F.F.9.F.E.7.C.3.9.9.1.5.5.D.9.C.1.6.F.0.3.0.9.B.2.F...1..q0D..+.....7...1604...F.i.l.e......."p.s.3.e.y.e.c.a.m.e.r.a...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........zV.x.f.....]...0./0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.
                                  C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\SETE76E.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:Windows setup INFormation, ASCII text, with CRLF line terminators
                                  Category:dropped
                                  Size (bytes):2621
                                  Entropy (8bit):5.399183015547126
                                  Encrypted:false
                                  SSDEEP:48:nq14WON4iA4W5gcgg1SVtJDNru9Qjd7U/CSHeokbKmd+N1+J1HEe+ofePCQGNtWX:n63ON4iA4W3zqIQZ7UzyH1fmCjb+
                                  MD5:60BB6D15F8989D61064565C5E7B7E7BB
                                  SHA1:7A56F978CE9F66FF9FE7C399155D9C16F0309B2F
                                  SHA-256:3D75843CF756E744177C3C5B31B9100D2C18C9FE8A7B6D0CF62FFEE9B5F53788
                                  SHA-512:74E9A3AB0507272D5DFA928C870BD3D0DAC23C32CFB8C95149819AEFE4F033CCA54BD9BB27C988004F83758689E88521D0BD3421FE6F206A6AA138A6A19A516D
                                  Malicious:false
                                  Preview: ; =====================================================================..; PS3Eye Driver for Windows XP/2003/Vista/Win7/Win8 x86/x64..; PS3EyeCamera.inf..; Driver installation file for the Sony PS3Eye camera..; Copyright (c) 2008-2012 Code Laboratories, Inc. All Rights Reserved...; =====================================================================..[Version]..Signature = "$Windows NT$"..Class = Image..ClassGuid = {6bdd1fc6-810f-11d0-bec7-08002be2092f}..Provider = %ProviderName%..DriverVer = 12/06/2012, 5.3.0.0341..CatalogFile.ntx86.= PS3EyeCamera.cat..CatalogFile.ntamd64 = PS3EyeCamera.cat....; ========== Manufacturer/Models sections ===========..[Manufacturer]..%Manufacturer% = Sony, NTx86, NTamd64....[Sony.NTx86]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[Sony.NTamd64]..%PS3EyeDesc% = PS3EyeInstall, USB\VID_1415&PID_2000&MI_00....[PS3EyeInstall]..Include = winusb.inf..Needs = WINUSB.NT..AddProperty = DeviceProperties....[DeviceProperties]..Dev
                                  C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\SETE76F.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1721576
                                  Entropy (8bit):7.978334410477683
                                  Encrypted:false
                                  SSDEEP:24576:oU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWF:BFCsfZRZA6Xn388avVovfLd+Mo4iEF
                                  MD5:4DA5DA193E0E4F86F6F8FD43EF25329A
                                  SHA1:68A44D37FF535A2C454F2440E1429833A1C6D810
                                  SHA-256:18487B4FF94EDCCC98ED59D9FCA662D4A1331C5F1E14DF8DB3093256DD9F1C3E
                                  SHA-512:B3D73ED5E45D6F2908B2F3086390DD28C1631E298756CEE9BDF26B185F0B77D1B8C03AD55E0495DBA982C5BED4A03337B130C76F7112F3E19821127D2CF36853
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.v...%...%...%.m+%...%.m:%...%...% ..%.m-%...%.m=%...%.m,%...%.m7%...%...%...%.m*%...%.m/%...%Rich...%........................PE..d.....[J.........." .........0............................................................@.........................................`................p..l!...`..,....,...............................................................................................text...L........................... ..`.data....J..........................@....pdata..,....`......................@..@.rsrc...l!...p..."..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................
                                  C:\Windows\System32\DriverStore\Temp\{88807a61-0916-0a43-908c-9b4e3daf539e}\SETE79F.tmp
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                  Category:dropped
                                  Size (bytes):1002728
                                  Entropy (8bit):7.9188668904013815
                                  Encrypted:false
                                  SSDEEP:24576:aAEBXzGJ7fW6hHv62VYeL7WCE3wixdLZWQzMjp:uBXQz/hPzxRwPdcO
                                  MD5:246900CE6474718730ECD4F873234CF5
                                  SHA1:0C84B56C82E4624824154D27926DED1C45F4B331
                                  SHA-256:981A17EFFDDBC20377512DDAEC9F22C2B7067E17A3E2A8CCF82BB7BB7B2420B6
                                  SHA-512:6A9E305BFBFB57D8F8FD16EDABEF9291A8A97E4B9C2AE90622F6C056E518A0A731FBB3E33A2591D87C8E4293D0F983EC515E6A241792962257B82401A8811D5C
                                  Malicious:false
                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............8............>....../.-....(.T....9......!......?......:....Rich...........PE..d.....[J.........." ................ {....................................................@.........................................@.......8...P....p.......`.......4..................................................................(............................text............................... ..`.data....:... ......................@....pdata.......`....... ..............@..@.rsrc........p.......*..............@..@.reloc..D............0..............@..B................................................................................................................................................................................................................................................................................................................
                                  C:\Windows\System32\catroot2\dberr.txt
                                  Process:C:\Windows\System32\drvinst.exe
                                  File Type:ASCII text, with CRLF line terminators
                                  Category:modified
                                  Size (bytes):75
                                  Entropy (8bit):4.8485114441935915
                                  Encrypted:false
                                  SSDEEP:3:WfudfUC2BOSQB3G3VW3yEA:YqfUtUSc93y1
                                  MD5:CB308687A5D96B8CC00CE23E32384621
                                  SHA1:304768F72216AF7EB8FEEADB2821F85B826B0E79
                                  SHA-256:EC4561B6E41225C867A9A7D4A97FB146AE5B14C76A12D04EF66BE55799A7B10F
                                  SHA-512:B937139BB9C6F77D4E94D20826FE2A4B3B83AC09D694FE3E0F1C98B8C5A6639A7950404C390B11EF4C60C5C7DDD69A52B6389611638DCAE4AE90737166CCAB7C
                                  Malicious:false
                                  Preview: CatalogDB: 1:55:13 PM 1/24/2021: DONE Adding Catalog File (0ms): oem3.cat..

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                  Entropy (8bit):7.997282359871388
                                  TrID:
                                  • Win32 Executable (generic) a (10002005/4) 92.16%
                                  • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                  • DOS Executable Generic (2002/1) 0.02%
                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                  File name:CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  File size:5410368
                                  MD5:64112c1df0d80d195d006da9c15bf710
                                  SHA1:f0bfbc32171ecfb03614470b9c06ef34c07e66b0
                                  SHA256:29cbd9d9bc6571d15d6a2b29dd2532fe6c7fb81d255778deb40f64dc79502bf5
                                  SHA512:eefac2d69ece3ac07745a71c6e895200f1fb1b7c1f144ba44fcb658f9232bd613d894929bb81f24d86815eb09f87757b96277f7cd0aa40b1f092c366b54bc1c6
                                  SSDEEP:98304:4cf1PgNuKGzp9kp2aqDNsmXWtKI/cdVo+J2v1I54UJV17j7MayZkxMCOaX:7xz3zApCXEtECd64eV1TyZkxJ
                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................\.........

                                  File Icon

                                  Icon Hash:f0e2fc64d4dccc4c

                                  Static PE Info

                                  General

                                  Entrypoint:0x40323c
                                  Entrypoint Section:.text
                                  Digitally signed:true
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                  Time Stamp:0x4B1AE3C6 [Sat Dec 5 22:50:46 2009 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:099c0646ea7282d232219f8807883be0

                                  Authenticode Signature

                                  Signature Valid:true
                                  Signature Issuer:CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                  Signature Validation Error:The operation completed successfully
                                  Error Number:0
                                  Not Before, Not After
                                  • 12/2/2012 1:00:00 AM 1/2/2014 12:59:59 AM
                                  Subject Chain
                                  • CN="Code Laboratories, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Code Laboratories, Inc.", L=Henderson, S=Nevada, C=US
                                  Version:3
                                  Thumbprint MD5:972B62B8C7088AF29C364514E6582F0B
                                  Thumbprint SHA-1:97B8DB93E99E6D5D8F6424143BE1F8F96D0F4FA7
                                  Thumbprint SHA-256:7D535AD3E333875076288791BBCE84FD7DB67624940B2639418EB40BF39CE465
                                  Serial:3621615D5DC8015358E6E878C541ABF0

                                  Entrypoint Preview

                                  Instruction
                                  sub esp, 00000180h
                                  push ebx
                                  push ebp
                                  push esi
                                  xor ebx, ebx
                                  push edi
                                  mov dword ptr [esp+18h], ebx
                                  mov dword ptr [esp+10h], 00409130h
                                  xor esi, esi
                                  mov byte ptr [esp+14h], 00000020h
                                  call dword ptr [00407030h]
                                  push 00008001h
                                  call dword ptr [004070B4h]
                                  push ebx
                                  call dword ptr [0040727Ch]
                                  push 00000008h
                                  mov dword ptr [00423F58h], eax
                                  call 00007FE194DA2E4Eh
                                  mov dword ptr [00423EA4h], eax
                                  push ebx
                                  lea eax, dword ptr [esp+34h]
                                  push 00000160h
                                  push eax
                                  push ebx
                                  push 0041F458h
                                  call dword ptr [00407158h]
                                  push 004091B8h
                                  push 004236A0h
                                  call 00007FE194DA2B01h
                                  call dword ptr [004070B0h]
                                  mov edi, 00429000h
                                  push eax
                                  push edi
                                  call 00007FE194DA2AEFh
                                  push ebx
                                  call dword ptr [0040710Ch]
                                  cmp byte ptr [00429000h], 00000022h
                                  mov dword ptr [00423EA0h], eax
                                  mov eax, edi
                                  jne 00007FE194DA024Ch
                                  mov byte ptr [esp+14h], 00000022h
                                  mov eax, 00429001h
                                  push dword ptr [esp+14h]
                                  push eax
                                  call 00007FE194DA25E2h
                                  push eax
                                  call dword ptr [0040721Ch]
                                  mov dword ptr [esp+1Ch], eax
                                  jmp 00007FE194DA02A5h
                                  cmp cl, 00000020h
                                  jne 00007FE194DA0248h
                                  inc eax
                                  cmp byte ptr [eax], 00000020h
                                  je 00007FE194DA023Ch
                                  cmp byte ptr [eax], 00000022h
                                  mov byte ptr [eax+eax+00h], 00000000h

                                  Rich Headers

                                  Programming Language:
                                  • [EXP] VC++ 6.0 SP5 build 8804

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x360000x7208.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x5271280x1d18
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  .text0x10000x5a5a0x5c00False0.660453464674data6.41769823686IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                  .rdata0x70000x11900x1200False0.4453125data5.18162709925IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .data0x90000x1af980x400False0.55859375data4.70902740305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                  .ndata0x240000x120000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                  .rsrc0x360000x72080x7400False0.236227101293data3.93551828229IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                  Resources

                                  NameRVASizeTypeLanguageCountry
                                  RT_ICON0x363880x25a8dataEnglishUnited States
                                  RT_ICON0x389300x10a8dataEnglishUnited States
                                  RT_ICON0x399d80xea8GLS_BINARY_LSB_FIRSTEnglishUnited States
                                  RT_ICON0x3a8800x8a8dataEnglishUnited States
                                  RT_ICON0x3b1280x668dataEnglishUnited States
                                  RT_ICON0x3b7900x568dataEnglishUnited States
                                  RT_ICON0x3bcf80x468dataEnglishUnited States
                                  RT_ICON0x3c1600x2e8dataEnglishUnited States
                                  RT_ICON0x3c4480x128dataEnglishUnited States
                                  RT_DIALOG0x3c5700xb4dataEnglishUnited States
                                  RT_DIALOG0x3c6280x200dataEnglishUnited States
                                  RT_DIALOG0x3c8280xf8dataEnglishUnited States
                                  RT_DIALOG0x3c9200xeedataEnglishUnited States
                                  RT_GROUP_ICON0x3ca100x84dataEnglishUnited States
                                  RT_VERSION0x3ca980x3acdata
                                  RT_MANIFEST0x3ce480x3beXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                  Imports

                                  DLLImport
                                  KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                                  USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                                  GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                                  SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                                  ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                                  COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                  ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                                  VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                                  Version Infos

                                  DescriptionData
                                  LegalCopyright 2008-2012 Code Laboratories, Inc.. All rights reserved.
                                  InternalNameCL-Eye Driver Setup
                                  FileVersion5.3.0.0341
                                  CompanyNameCode Laboratories, Inc.
                                  ProductNameCL-Eye Platform Driver for PS3Eye
                                  ProductVersion5.3.0.0341
                                  FileDescriptionCL-Eye Platform Driver Setup
                                  OriginalFilenameCL-Eye-Driver-5.3.0.0341.exe
                                  Translation0x0000 0x04e4

                                  Possible Origin

                                  Language of compilation systemCountry where language is spokenMap
                                  EnglishUnited States

                                  Network Behavior

                                  No network behavior found

                                  Code Manipulations

                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  Analysis Process: CL-Eye-Driver-5.3.0.0341-Emuline.exe PID: 6764 Parent PID: 5996

                                  General

                                  Start time:13:54:25
                                  Start date:24/01/2021
                                  Path:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe' -install
                                  Imagebase:0x400000
                                  File size:5410368 bytes
                                  MD5 hash:64112C1DF0D80D195D006DA9C15BF710
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: CL-Eye-Driver-5.3.0.0341-Emuline.exe PID: 6852 Parent PID: 5996

                                  General

                                  Start time:13:54:28
                                  Start date:24/01/2021
                                  Path:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe' /install
                                  Imagebase:0x400000
                                  File size:5410368 bytes
                                  MD5 hash:64112C1DF0D80D195D006DA9C15BF710
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: CL-Eye-Driver-5.3.0.0341-Emuline.exe PID: 6916 Parent PID: 5996

                                  General

                                  Start time:13:54:32
                                  Start date:24/01/2021
                                  Path:C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe
                                  Wow64 process (32bit):true
                                  Commandline:'C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe' /load
                                  Imagebase:0x400000
                                  File size:5410368 bytes
                                  MD5 hash:64112C1DF0D80D195D006DA9C15BF710
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: CertMgr.exe PID: 2108 Parent PID: 6764

                                  General

                                  Start time:13:54:47
                                  Start date:24/01/2021
                                  Path:C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\AppData\Local\Temp\nst827B.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nst827B.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisher
                                  Imagebase:0x460000
                                  File size:65024 bytes
                                  MD5 hash:1444BCFEFF029BB1E9B1CA3B896CD143
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Antivirus matches:
                                  • Detection: 0%, Metadefender, Browse
                                  • Detection: 0%, ReversingLabs
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 3660 Parent PID: 2108

                                  General

                                  Start time:13:54:47
                                  Start date:24/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff724c50000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: wdreg.exe PID: 6536 Parent PID: 6764

                                  General

                                  Start time:13:54:49
                                  Start date:24/01/2021
                                  Path:C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Users\user\AppData\Local\Temp\nst827B.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat install
                                  Imagebase:0x140000000
                                  File size:145920 bytes
                                  MD5 hash:D0047E39B0DFD11EC2A50E2A45C2D9BE
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 4240 Parent PID: 6536

                                  General

                                  Start time:13:54:49
                                  Start date:24/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff724c50000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: rundll32.exe PID: 6484 Parent PID: 6852

                                  General

                                  Start time:13:54:50
                                  Start date:24/01/2021
                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                  Wow64 process (32bit):true
                                  Commandline:rundll32 C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CLEyeCleaner.dll,Clean
                                  Imagebase:0xa30000
                                  File size:61952 bytes
                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: drvinst.exe PID: 6668 Parent PID: 6456

                                  General

                                  Start time:13:54:50
                                  Start date:24/01/2021
                                  Path:C:\Windows\System32\drvinst.exe
                                  Wow64 process (32bit):false
                                  Commandline:DrvInst.exe '4' '0' 'C:\Users\user\AppData\Local\Temp\{7ffaf115-5f1c-d24a-b468-aca55f6822d3}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001AC' 'WinSta0\Default' '00000000000001B0' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver'
                                  Imagebase:0x7ff6aee60000
                                  File size:166912 bytes
                                  MD5 hash:46F5A16FA391AB6EA97C602B4D2E7819
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:moderate

                                  Chronological Activities

                                  Analysis Process: rundll32.exe PID: 6684 Parent PID: 6916

                                  General

                                  Start time:13:54:52
                                  Start date:24/01/2021
                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                  Wow64 process (32bit):true
                                  Commandline:rundll32 C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CLEyeCleaner.dll,Clean
                                  Imagebase:0xa30000
                                  File size:61952 bytes
                                  MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: wdreg.exe PID: 6752 Parent PID: 6852

                                  General

                                  Start time:13:54:55
                                  Start date:24/01/2021
                                  Path:C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat uninstall
                                  Imagebase:0x140000000
                                  File size:145920 bytes
                                  MD5 hash:D0047E39B0DFD11EC2A50E2A45C2D9BE
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 6828 Parent PID: 6752

                                  General

                                  Start time:13:54:55
                                  Start date:24/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff724c50000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: regsvr32.exe PID: 4768 Parent PID: 6764

                                  General

                                  Start time:13:54:56
                                  Start date:24/01/2021
                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                  Wow64 process (32bit):true
                                  Commandline:regsvr32 /s PS3EyeAxFilter.ax
                                  Imagebase:0xb0000
                                  File size:20992 bytes
                                  MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: wdreg.exe PID: 6912 Parent PID: 6916

                                  General

                                  Start time:13:54:58
                                  Start date:24/01/2021
                                  Path:C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat uninstall
                                  Imagebase:0x140000000
                                  File size:145920 bytes
                                  MD5 hash:D0047E39B0DFD11EC2A50E2A45C2D9BE
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 6928 Parent PID: 6912

                                  General

                                  Start time:13:54:58
                                  Start date:24/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff724c50000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: regsvr32.exe PID: 6824 Parent PID: 6852

                                  General

                                  Start time:13:55:04
                                  Start date:24/01/2021
                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                  Wow64 process (32bit):true
                                  Commandline:regsvr32 /s /u PS3EyeAxFilter.ax
                                  Imagebase:0xb0000
                                  File size:20992 bytes
                                  MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high

                                  Chronological Activities

                                  Analysis Process: regsvr32.exe PID: 5792 Parent PID: 6916

                                  General

                                  Start time:13:55:05
                                  Start date:24/01/2021
                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                  Wow64 process (32bit):true
                                  Commandline:regsvr32 /s /u PS3EyeAxFilter.ax
                                  Imagebase:0xb0000
                                  File size:20992 bytes
                                  MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: CertMgr.exe PID: 4620 Parent PID: 6852

                                  General

                                  Start time:13:55:06
                                  Start date:24/01/2021
                                  Path:C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisher
                                  Imagebase:0x3f0000
                                  File size:65024 bytes
                                  MD5 hash:1444BCFEFF029BB1E9B1CA3B896CD143
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 5052 Parent PID: 4620

                                  General

                                  Start time:13:55:07
                                  Start date:24/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff724c50000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: CertMgr.exe PID: 5952 Parent PID: 6916

                                  General

                                  Start time:13:55:07
                                  Start date:24/01/2021
                                  Path:C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CertMgr.exe -add C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\CodeLabs.cer -c -s -r localMachine TrustedPublisher
                                  Imagebase:0x140000
                                  File size:65024 bytes
                                  MD5 hash:1444BCFEFF029BB1E9B1CA3B896CD143
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 5740 Parent PID: 5952

                                  General

                                  Start time:13:55:08
                                  Start date:24/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff724c50000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: wdreg.exe PID: 5728 Parent PID: 6852

                                  General

                                  Start time:13:55:08
                                  Start date:24/01/2021
                                  Path:C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat install
                                  Imagebase:0x140000000
                                  File size:145920 bytes
                                  MD5 hash:D0047E39B0DFD11EC2A50E2A45C2D9BE
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 4692 Parent PID: 5728

                                  General

                                  Start time:13:55:08
                                  Start date:24/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff724c50000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: wdreg.exe PID: 6500 Parent PID: 6916

                                  General

                                  Start time:13:55:09
                                  Start date:24/01/2021
                                  Path:C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Users\user\AppData\Local\Temp\nsz9D37.tmp\wdreg.exe -inf PS3EyeCamera.inf -silent -compat install
                                  Imagebase:0x140000000
                                  File size:145920 bytes
                                  MD5 hash:D0047E39B0DFD11EC2A50E2A45C2D9BE
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: drvinst.exe PID: 7040 Parent PID: 6456

                                  General

                                  Start time:13:55:09
                                  Start date:24/01/2021
                                  Path:C:\Windows\System32\drvinst.exe
                                  Wow64 process (32bit):false
                                  Commandline:DrvInst.exe '4' '20' 'C:\Users\user\AppData\Local\Temp\{19daf179-c484-874b-89e0-e03bcd8786bd}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001AC' 'WinSta0\Default' '00000000000001B0' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver'
                                  Imagebase:0x7ff6aee60000
                                  File size:166912 bytes
                                  MD5 hash:46F5A16FA391AB6EA97C602B4D2E7819
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: conhost.exe PID: 7048 Parent PID: 6500

                                  General

                                  Start time:13:55:10
                                  Start date:24/01/2021
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff724c50000
                                  File size:625664 bytes
                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: drvinst.exe PID: 7104 Parent PID: 6456

                                  General

                                  Start time:13:55:11
                                  Start date:24/01/2021
                                  Path:C:\Windows\System32\drvinst.exe
                                  Wow64 process (32bit):false
                                  Commandline:DrvInst.exe '4' '20' 'C:\Users\user\AppData\Local\Temp\{3e58976b-1ef7-cd48-bf8f-8307db7c715a}\PS3EyeCamera.inf' '9' '47b741263' '00000000000001D0' 'WinSta0\Default' '00000000000001D8' '208' 'C:\Program Files (x86)\Code Laboratories\CL-Eye Driver\Driver'
                                  Imagebase:0x7ff6aee60000
                                  File size:166912 bytes
                                  MD5 hash:46F5A16FA391AB6EA97C602B4D2E7819
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: regsvr32.exe PID: 5156 Parent PID: 6852

                                  General

                                  Start time:13:55:17
                                  Start date:24/01/2021
                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                  Wow64 process (32bit):true
                                  Commandline:regsvr32 /s PS3EyeAxFilter.ax
                                  Imagebase:0xb0000
                                  File size:20992 bytes
                                  MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Analysis Process: regsvr32.exe PID: 6448 Parent PID: 6916

                                  General

                                  Start time:13:55:18
                                  Start date:24/01/2021
                                  Path:C:\Windows\SysWOW64\regsvr32.exe
                                  Wow64 process (32bit):true
                                  Commandline:regsvr32 /s PS3EyeAxFilter.ax
                                  Imagebase:0xb0000
                                  File size:20992 bytes
                                  MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language

                                  Chronological Activities

                                  Disassembly

                                  Code Analysis

                                  Reset < >

                                    Analysis Process: CL-Eye-Driver-5.3.0.0341-Emuline.exe PID: 6764 Parent PID: 5996 CL-Eye-Driver-5.3.0.0341-Emuline.exeCOMMON

                                    Execution Graph

                                    Execution Coverage:28.3%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:22.1%
                                    Total number of Nodes:1274
                                    Total number of Limit Nodes:46

                                    Graph

                                    execution_graph 3055 401cc1 GetDlgItem GetClientRect 3056 4029f6 18 API calls 3055->3056 3057 401cf1 LoadImageA SendMessageA 3056->3057 3058 40288b 3057->3058 3059 401d0f DeleteObject 3057->3059 3059->3058 3820 401dc1 3821 4029f6 18 API calls 3820->3821 3822 401dc7 3821->3822 3823 4029f6 18 API calls 3822->3823 3824 401dd0 3823->3824 3825 4029f6 18 API calls 3824->3825 3826 401dd9 3825->3826 3827 4029f6 18 API calls 3826->3827 3828 401de2 3827->3828 3829 401423 25 API calls 3828->3829 3830 401de9 ShellExecuteA 3829->3830 3831 401e16 3830->3831 3070 405042 3071 405063 GetDlgItem GetDlgItem GetDlgItem 3070->3071 3072 4051ee 3070->3072 3116 403f4d SendMessageA 3071->3116 3074 4051f7 GetDlgItem CreateThread FindCloseChangeNotification 3072->3074 3075 40521f 3072->3075 3074->3075 3122 404fd6 OleInitialize 3074->3122 3077 40524a 3075->3077 3078 405236 ShowWindow ShowWindow 3075->3078 3079 40526c 3075->3079 3076 4050d4 3081 4050db GetClientRect GetSystemMetrics SendMessageA SendMessageA 3076->3081 3080 4052a8 3077->3080 3083 405281 ShowWindow 3077->3083 3084 40525b 3077->3084 3118 403f4d SendMessageA 3078->3118 3085 403f7f 8 API calls 3079->3085 3080->3079 3090 4052b3 SendMessageA 3080->3090 3088 40514a 3081->3088 3089 40512e SendMessageA SendMessageA 3081->3089 3086 4052a1 3083->3086 3087 405293 3083->3087 3119 403ef1 3084->3119 3097 40527a 3085->3097 3093 403ef1 SendMessageA 3086->3093 3092 404f04 25 API calls 3087->3092 3094 40515d 3088->3094 3095 40514f SendMessageA 3088->3095 3089->3088 3096 4052cc CreatePopupMenu 3090->3096 3090->3097 3092->3086 3093->3080 3099 403f18 19 API calls 3094->3099 3095->3094 3098 405b88 18 API calls 3096->3098 3100 4052dc AppendMenuA 3098->3100 3101 40516d 3099->3101 3102 405302 3100->3102 3103 4052ef GetWindowRect 3100->3103 3104 405176 ShowWindow 3101->3104 3105 4051aa GetDlgItem SendMessageA 3101->3105 3107 40530b TrackPopupMenu 3102->3107 3103->3107 3108 405199 3104->3108 3109 40518c ShowWindow 3104->3109 3105->3097 3106 4051d1 SendMessageA SendMessageA 3105->3106 3106->3097 3107->3097 3110 405329 3107->3110 3117 403f4d SendMessageA 3108->3117 3109->3108 3111 405345 SendMessageA 3110->3111 3111->3111 3113 405362 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3111->3113 3114 405384 SendMessageA 3113->3114 3114->3114 3115 4053a5 GlobalUnlock SetClipboardData CloseClipboard 3114->3115 3115->3097 3116->3076 3117->3105 3118->3077 3120 403ef8 3119->3120 3121 403efe SendMessageA 3119->3121 3120->3121 3121->3079 3129 403f64 3122->3129 3124 404ff9 3128 405020 3124->3128 3132 401389 3124->3132 3125 403f64 SendMessageA 3126 405032 OleUninitialize 3125->3126 3128->3125 3130 403f7c 3129->3130 3131 403f6d SendMessageA 3129->3131 3130->3124 3131->3130 3134 401390 3132->3134 3133 4013fe 3133->3124 3134->3133 3135 4013cb MulDiv SendMessageA 3134->3135 3135->3134 3226 403a45 3227 403b98 3226->3227 3228 403a5d 3226->3228 3230 403be9 3227->3230 3231 403ba9 GetDlgItem GetDlgItem 3227->3231 3228->3227 3229 403a69 3228->3229 3233 403a74 SetWindowPos 3229->3233 3234 403a87 3229->3234 3232 403c43 3230->3232 3240 401389 2 API calls 3230->3240 3235 403f18 19 API calls 3231->3235 3236 403f64 SendMessageA 3232->3236 3285 403b93 3232->3285 3233->3234 3237 403aa4 3234->3237 3238 403a8c ShowWindow 3234->3238 3239 403bd3 KiUserCallbackDispatcher 3235->3239 3283 403c55 3236->3283 3241 403ac6 3237->3241 3242 403aac KiUserCallbackDispatcher 3237->3242 3238->3237 3294 40140b 3239->3294 3244 403c1b 3240->3244 3245 403acb SetWindowLongA 3241->3245 3246 403adc 3241->3246 3293 403ea1 3242->3293 3244->3232 3248 403c1f SendMessageA 3244->3248 3245->3285 3247 403ae8 GetDlgItem 3246->3247 3260 403b53 3246->3260 3251 403afb SendMessageA IsWindowEnabled 3247->3251 3254 403b18 3247->3254 3248->3285 3249 40140b 2 API calls 3249->3283 3250 403ea3 DestroyWindow KiUserCallbackDispatcher 3250->3293 3251->3254 3251->3285 3252 403f7f 8 API calls 3252->3285 3253 403ed2 ShowWindow 3253->3285 3256 403b25 3254->3256 3257 403b6c SendMessageA 3254->3257 3258 403b38 3254->3258 3266 403b1d 3254->3266 3255 405b88 18 API calls 3255->3283 3256->3257 3256->3266 3257->3260 3261 403b40 3258->3261 3262 403b55 3258->3262 3259 403ef1 SendMessageA 3259->3260 3260->3252 3265 40140b 2 API calls 3261->3265 3264 40140b 2 API calls 3262->3264 3263 403f18 19 API calls 3263->3283 3264->3266 3265->3266 3266->3259 3266->3260 3267 403f18 19 API calls 3268 403cd0 GetDlgItem 3267->3268 3269 403ce5 3268->3269 3270 403ced ShowWindow KiUserCallbackDispatcher 3268->3270 3269->3270 3297 403f3a KiUserCallbackDispatcher 3270->3297 3272 403d17 KiUserCallbackDispatcher 3275 403d2b 3272->3275 3273 403d30 GetSystemMenu EnableMenuItem SendMessageA 3274 403d60 SendMessageA 3273->3274 3273->3275 3274->3275 3275->3273 3298 403f4d SendMessageA 3275->3298 3299 405b66 lstrcpynA 3275->3299 3278 403d8e lstrlenA 3279 405b88 18 API calls 3278->3279 3280 403d9f SetWindowTextA 3279->3280 3281 401389 2 API calls 3280->3281 3281->3283 3282 403de3 DestroyWindow 3284 403dfd CreateDialogParamA 3282->3284 3282->3293 3283->3249 3283->3250 3283->3255 3283->3263 3283->3267 3283->3282 3283->3285 3286 403e30 3284->3286 3284->3293 3287 403f18 19 API calls 3286->3287 3288 403e3b GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3287->3288 3289 401389 2 API calls 3288->3289 3290 403e81 3289->3290 3290->3285 3291 403e89 ShowWindow 3290->3291 3292 403f64 SendMessageA 3291->3292 3292->3293 3293->3253 3293->3285 3295 401389 2 API calls 3294->3295 3296 401420 3295->3296 3296->3230 3297->3272 3298->3275 3299->3278 3832 401645 3833 4029f6 18 API calls 3832->3833 3834 40164c 3833->3834 3835 4029f6 18 API calls 3834->3835 3836 401655 3835->3836 3837 4029f6 18 API calls 3836->3837 3838 40165e MoveFileA 3837->3838 3839 401671 3838->3839 3840 40166a 3838->3840 3841 405e61 2 API calls 3839->3841 3844 402169 3839->3844 3842 401423 25 API calls 3840->3842 3843 401680 3841->3843 3842->3844 3843->3844 3845 4058b4 38 API calls 3843->3845 3845->3840 3846 401ec5 3847 4029f6 18 API calls 3846->3847 3848 401ecc GetFileVersionInfoSizeA 3847->3848 3849 401eef GlobalAlloc 3848->3849 3850 401f45 3848->3850 3849->3850 3851 401f03 GetFileVersionInfoA 3849->3851 3851->3850 3852 401f14 VerQueryValueA 3851->3852 3852->3850 3853 401f2d 3852->3853 3857 405ac4 wsprintfA 3853->3857 3855 401f39 3858 405ac4 wsprintfA 3855->3858 3857->3855 3858->3850 3330 4014ca 3331 404f04 25 API calls 3330->3331 3332 4014d1 3331->3332 3333 4025cc 3334 4025d3 3333->3334 3340 402838 3333->3340 3335 4029d9 18 API calls 3334->3335 3336 4025de 3335->3336 3337 4025e5 SetFilePointer 3336->3337 3338 4025f5 3337->3338 3337->3340 3341 405ac4 wsprintfA 3338->3341 3341->3340 3485 401f51 3486 401f63 3485->3486 3496 402012 3485->3496 3487 4029f6 18 API calls 3486->3487 3488 401f6a 3487->3488 3490 4029f6 18 API calls 3488->3490 3489 401423 25 API calls 3494 402169 3489->3494 3491 401f73 3490->3491 3492 401f88 LoadLibraryExA 3491->3492 3493 401f7b GetModuleHandleA 3491->3493 3495 401f98 GetProcAddress 3492->3495 3492->3496 3493->3492 3493->3495 3497 401fe5 3495->3497 3498 401fa8 3495->3498 3496->3489 3499 404f04 25 API calls 3497->3499 3500 401fb0 3498->3500 3501 401fc7 KiUserCallbackDispatcher 3498->3501 3502 401fb8 3499->3502 3503 401423 25 API calls 3500->3503 3501->3502 3502->3494 3504 402006 FreeLibrary 3502->3504 3503->3502 3504->3494 3866 404853 GetDlgItem GetDlgItem 3867 4048a7 7 API calls 3866->3867 3874 404ac4 3866->3874 3868 404940 SendMessageA 3867->3868 3869 40494d DeleteObject 3867->3869 3868->3869 3870 404958 3869->3870 3872 40498f 3870->3872 3873 405b88 18 API calls 3870->3873 3871 404bae 3876 404c5d 3871->3876 3881 404ab7 3871->3881 3886 404c07 SendMessageA 3871->3886 3875 403f18 19 API calls 3872->3875 3877 404971 SendMessageA SendMessageA 3873->3877 3874->3871 3900 404b38 3874->3900 3919 4047d3 SendMessageA 3874->3919 3880 4049a3 3875->3880 3878 404c72 3876->3878 3879 404c66 SendMessageA 3876->3879 3877->3870 3888 404c84 ImageList_Destroy 3878->3888 3889 404c8b 3878->3889 3895 404c9b 3878->3895 3879->3878 3885 403f18 19 API calls 3880->3885 3882 403f7f 8 API calls 3881->3882 3887 404e4d 3882->3887 3883 404ba0 SendMessageA 3883->3871 3901 4049b1 3885->3901 3886->3881 3891 404c1c SendMessageA 3886->3891 3888->3889 3893 404c94 GlobalFree 3889->3893 3889->3895 3890 404e01 3890->3881 3896 404e13 ShowWindow GetDlgItem ShowWindow 3890->3896 3892 404c2f 3891->3892 3904 404c40 SendMessageA 3892->3904 3893->3895 3894 404a85 GetWindowLongA SetWindowLongA 3897 404a9e 3894->3897 3895->3890 3903 40140b 2 API calls 3895->3903 3910 404ccd 3895->3910 3896->3881 3898 404aa4 ShowWindow 3897->3898 3899 404abc 3897->3899 3917 403f4d SendMessageA 3898->3917 3918 403f4d SendMessageA 3899->3918 3900->3871 3900->3883 3901->3894 3902 404a00 SendMessageA 3901->3902 3905 404a7f 3901->3905 3908 404a3c SendMessageA 3901->3908 3909 404a4d SendMessageA 3901->3909 3902->3901 3903->3910 3904->3876 3905->3894 3905->3897 3908->3901 3909->3901 3912 404d11 3910->3912 3913 404cfb SendMessageA 3910->3913 3911 404dd7 InvalidateRect 3911->3890 3914 404ded 3911->3914 3912->3911 3916 404d85 SendMessageA SendMessageA 3912->3916 3913->3912 3924 4046f1 3914->3924 3916->3912 3917->3881 3918->3874 3920 404832 SendMessageA 3919->3920 3921 4047f6 GetMessagePos ScreenToClient SendMessageA 3919->3921 3922 40482a 3920->3922 3921->3922 3923 40482f 3921->3923 3922->3900 3923->3920 3925 40470b 3924->3925 3926 405b88 18 API calls 3925->3926 3927 404740 3926->3927 3928 405b88 18 API calls 3927->3928 3929 40474b 3928->3929 3930 405b88 18 API calls 3929->3930 3931 40477c lstrlenA wsprintfA SetDlgItemTextA 3930->3931 3931->3890 3932 404e54 3933 404e62 3932->3933 3934 404e79 3932->3934 3935 404e68 3933->3935 3950 404ee2 3933->3950 3936 404e87 IsWindowVisible 3934->3936 3942 404e9e 3934->3942 3937 403f64 SendMessageA 3935->3937 3939 404e94 3936->3939 3936->3950 3940 404e72 3937->3940 3938 404ee8 CallWindowProcA 3938->3940 3941 4047d3 5 API calls 3939->3941 3941->3942 3942->3938 3951 405b66 lstrcpynA 3942->3951 3944 404ecd 3952 405ac4 wsprintfA 3944->3952 3946 404ed4 3947 40140b 2 API calls 3946->3947 3948 404edb 3947->3948 3953 405b66 lstrcpynA 3948->3953 3950->3938 3951->3944 3952->3946 3953->3950 3954 404356 3955 404394 3954->3955 3956 404387 3954->3956 3958 40439d GetDlgItem 3955->3958 3964 404400 3955->3964 4015 40540b GetDlgItemTextA 3956->4015 3960 4043b1 3958->3960 3959 40438e 3962 405dc8 5 API calls 3959->3962 3963 4043c5 SetWindowTextA 3960->3963 3967 4056ed 4 API calls 3960->3967 3961 4044e4 4012 404670 3961->4012 4017 40540b GetDlgItemTextA 3961->4017 3962->3955 3968 403f18 19 API calls 3963->3968 3964->3961 3969 405b88 18 API calls 3964->3969 3964->4012 3966 403f7f 8 API calls 3971 404684 3966->3971 3972 4043bb 3967->3972 3973 4043e3 3968->3973 3974 404476 SHBrowseForFolderA 3969->3974 3970 404510 3975 40573a 18 API calls 3970->3975 3972->3963 3981 405659 3 API calls 3972->3981 3976 403f18 19 API calls 3973->3976 3974->3961 3977 40448e CoTaskMemFree 3974->3977 3978 404516 3975->3978 3979 4043f1 3976->3979 3980 405659 3 API calls 3977->3980 4018 405b66 lstrcpynA 3978->4018 4016 403f4d SendMessageA 3979->4016 3983 40449b 3980->3983 3981->3963 3986 4044d2 SetDlgItemTextA 3983->3986 3990 405b88 18 API calls 3983->3990 3985 4043f9 3988 405e88 3 API calls 3985->3988 3986->3961 3987 40452d 3989 405e88 3 API calls 3987->3989 3988->3964 3997 404535 3989->3997 3991 4044ba lstrcmpiA 3990->3991 3991->3986 3994 4044cb lstrcatA 3991->3994 3992 40456f 4019 405b66 lstrcpynA 3992->4019 3994->3986 3995 404578 3996 4056ed 4 API calls 3995->3996 3998 40457e GetDiskFreeSpaceA 3996->3998 3997->3992 4001 4056a0 2 API calls 3997->4001 4002 4045c2 3997->4002 4000 4045a0 MulDiv 3998->4000 3998->4002 4000->4002 4001->3997 4003 4046f1 21 API calls 4002->4003 4013 40461f 4002->4013 4004 404611 4003->4004 4006 404621 SetDlgItemTextA 4004->4006 4007 404616 4004->4007 4005 40140b 2 API calls 4008 404642 4005->4008 4006->4013 4011 4046f1 21 API calls 4007->4011 4020 403f3a KiUserCallbackDispatcher 4008->4020 4010 40465e 4010->4012 4014 4042eb SendMessageA 4010->4014 4011->4013 4012->3966 4013->4005 4013->4008 4014->4012 4015->3959 4016->3985 4017->3970 4018->3987 4019->3995 4020->4010 4021 4014d6 4022 4029d9 18 API calls 4021->4022 4023 4014dc Sleep 4022->4023 4025 40288b 4023->4025 4031 4018d8 4032 40190f 4031->4032 4033 4029f6 18 API calls 4032->4033 4034 401914 4033->4034 4035 40548b 68 API calls 4034->4035 4036 40191d 4035->4036 4037 4018db 4038 4029f6 18 API calls 4037->4038 4039 4018e2 4038->4039 4040 405427 MessageBoxIndirectA 4039->4040 4041 4018eb 4040->4041 2926 404060 2927 404076 2926->2927 2934 404183 2926->2934 2955 403f18 2927->2955 2928 4041f2 2929 4042c6 2928->2929 2930 4041fc GetDlgItem 2928->2930 2964 403f7f 2929->2964 2932 404212 2930->2932 2933 404284 2930->2933 2932->2933 2941 404238 6 API calls 2932->2941 2933->2929 2942 404296 2933->2942 2934->2928 2934->2929 2936 4041c7 GetDlgItem SendMessageA 2934->2936 2935 4040cc 2938 403f18 19 API calls 2935->2938 2960 403f3a KiUserCallbackDispatcher 2936->2960 2940 4040d9 CheckDlgButton 2938->2940 2939 4042c1 2958 403f3a KiUserCallbackDispatcher 2940->2958 2941->2933 2945 40429c SendMessageA 2942->2945 2946 4042ad 2942->2946 2945->2946 2946->2939 2949 4042b3 SendMessageA 2946->2949 2947 4041ed 2961 4042eb 2947->2961 2948 4040f7 GetDlgItem 2959 403f4d SendMessageA 2948->2959 2949->2939 2952 40410d SendMessageA 2953 404134 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 2952->2953 2954 40412b GetSysColor 2952->2954 2953->2939 2954->2953 2978 405b88 2955->2978 2958->2948 2959->2952 2960->2947 2962 4042f9 2961->2962 2963 4042fe SendMessageA 2961->2963 2962->2963 2963->2928 2965 403f97 GetWindowLongA 2964->2965 2966 404020 2964->2966 2965->2966 2967 403fa8 2965->2967 2966->2939 2968 403fb7 GetSysColor 2967->2968 2969 403fba 2967->2969 2968->2969 2970 403fc0 SetTextColor 2969->2970 2971 403fca SetBkMode 2969->2971 2970->2971 2972 403fe2 GetSysColor 2971->2972 2973 403fe8 2971->2973 2972->2973 2974 403ff9 2973->2974 2975 403fef SetBkColor 2973->2975 2974->2966 2976 404013 CreateBrushIndirect 2974->2976 2977 40400c DeleteObject 2974->2977 2975->2974 2976->2966 2977->2976 2991 405b95 2978->2991 2979 405daf 2980 403f23 SetDlgItemTextA 2979->2980 3012 405b66 lstrcpynA 2979->3012 2980->2935 2982 405c2d GetVersion 2982->2991 2983 405d86 lstrlenA 2983->2991 2986 405b88 10 API calls 2986->2983 2987 405ca5 GetSystemDirectoryA 2987->2991 2989 405cb8 GetWindowsDirectoryA 2989->2991 2991->2979 2991->2982 2991->2983 2991->2986 2991->2987 2991->2989 2992 405cec SHGetSpecialFolderLocation 2991->2992 2993 405b88 10 API calls 2991->2993 2994 405d2f lstrcatA 2991->2994 2996 405a4d RegOpenKeyExA 2991->2996 3001 405dc8 2991->3001 3010 405ac4 wsprintfA 2991->3010 3011 405b66 lstrcpynA 2991->3011 2992->2991 2995 405d04 SHGetPathFromIDListA CoTaskMemFree 2992->2995 2993->2991 2994->2991 2995->2991 2997 405a80 RegQueryValueExA 2996->2997 2998 405abe 2996->2998 2999 405aa1 RegCloseKey 2997->2999 2998->2991 2999->2998 3007 405dd4 3001->3007 3002 405e3c 3003 405e40 CharPrevA 3002->3003 3005 405e5b 3002->3005 3003->3002 3004 405e31 CharNextA 3004->3002 3004->3007 3005->2991 3007->3002 3007->3004 3008 405e1f CharNextA 3007->3008 3009 405e2c CharNextA 3007->3009 3013 405684 3007->3013 3008->3007 3009->3004 3010->2991 3011->2991 3012->2980 3014 40568a 3013->3014 3015 40569d 3014->3015 3016 405690 CharNextA 3014->3016 3015->3007 3016->3014 4042 401ae5 4043 4029f6 18 API calls 4042->4043 4044 401aec 4043->4044 4045 4029d9 18 API calls 4044->4045 4046 401af5 wsprintfA 4045->4046 4047 40288b 4046->4047 3300 402866 SendMessageA 3301 402880 InvalidateRect 3300->3301 3302 40288b 3300->3302 3301->3302 4055 4019e6 4056 4029f6 18 API calls 4055->4056 4057 4019ef ExpandEnvironmentStringsA 4056->4057 4058 401a03 4057->4058 4060 401a16 4057->4060 4059 401a08 lstrcmpA 4058->4059 4058->4060 4059->4060 4061 402267 4062 4029f6 18 API calls 4061->4062 4063 402275 4062->4063 4064 4029f6 18 API calls 4063->4064 4065 40227e 4064->4065 4066 4029f6 18 API calls 4065->4066 4067 402288 GetPrivateProfileStringA 4066->4067 4075 401c6d 4076 4029d9 18 API calls 4075->4076 4077 401c73 IsWindow 4076->4077 4078 4019d6 4077->4078 4079 40366d 4080 403678 4079->4080 4081 40367c 4080->4081 4082 40367f GlobalAlloc 4080->4082 4082->4081 4090 4014f0 SetForegroundWindow 4091 40288b 4090->4091 4092 402172 4093 4029f6 18 API calls 4092->4093 4094 402178 4093->4094 4095 4029f6 18 API calls 4094->4095 4096 402181 4095->4096 4097 4029f6 18 API calls 4096->4097 4098 40218a 4097->4098 4099 405e61 2 API calls 4098->4099 4100 402193 4099->4100 4101 4021a4 lstrlenA lstrlenA 4100->4101 4105 402197 4100->4105 4103 404f04 25 API calls 4101->4103 4102 404f04 25 API calls 4106 40219f 4102->4106 4104 4021e0 SHFileOperationA 4103->4104 4104->4105 4104->4106 4105->4102 4105->4106 4107 4021f4 4108 4021fb 4107->4108 4110 40220e 4107->4110 4109 405b88 18 API calls 4108->4109 4111 402208 4109->4111 4112 405427 MessageBoxIndirectA 4111->4112 4112->4110 4113 4016fa 4114 4029f6 18 API calls 4113->4114 4115 401701 SearchPathA 4114->4115 4116 40171c 4115->4116 4117 4025fb 4118 402602 4117->4118 4119 40288b 4117->4119 4120 402608 FindClose 4118->4120 4120->4119 3580 40267c 3581 4029f6 18 API calls 3580->3581 3583 40268a 3581->3583 3582 4026a0 3584 40581e 2 API calls 3582->3584 3583->3582 3585 4029f6 18 API calls 3583->3585 3586 4026a6 3584->3586 3585->3582 3606 40583d GetFileAttributesA CreateFileA 3586->3606 3588 4026b3 3589 40275c 3588->3589 3590 4026bf GlobalAlloc 3588->3590 3593 402764 DeleteFileA 3589->3593 3594 402777 3589->3594 3591 402753 CloseHandle 3590->3591 3592 4026d8 3590->3592 3591->3589 3607 4031f1 SetFilePointer 3592->3607 3593->3594 3596 4026de 3597 4031bf ReadFile 3596->3597 3598 4026e7 GlobalAlloc 3597->3598 3599 4026f7 3598->3599 3600 40272b WriteFile GlobalFree 3598->3600 3602 402f18 48 API calls 3599->3602 3601 402f18 48 API calls 3600->3601 3603 402750 3601->3603 3605 402704 3602->3605 3603->3591 3604 402722 GlobalFree 3604->3600 3605->3604 3606->3588 3607->3596 4121 40277d 4122 4029d9 18 API calls 4121->4122 4123 402783 4122->4123 4124 4027a7 4123->4124 4125 4027be 4123->4125 4134 40265c 4123->4134 4128 4027bb 4124->4128 4131 4027ac 4124->4131 4126 4027d4 4125->4126 4127 4027c8 4125->4127 4130 405b88 18 API calls 4126->4130 4129 4029d9 18 API calls 4127->4129 4136 405ac4 wsprintfA 4128->4136 4129->4134 4130->4134 4135 405b66 lstrcpynA 4131->4135 4135->4134 4136->4134 4137 40647d 4141 405fb5 4137->4141 4138 406920 4139 406036 GlobalFree 4140 40603f GlobalAlloc 4139->4140 4140->4138 4140->4141 4141->4138 4141->4139 4141->4140 4141->4141 4142 4060b6 GlobalAlloc 4141->4142 4143 4060ad GlobalFree 4141->4143 4142->4138 4142->4141 4143->4142 4144 4014fe 4145 401506 4144->4145 4147 401519 4144->4147 4146 4029d9 18 API calls 4145->4146 4146->4147 4148 401000 4149 401037 BeginPaint GetClientRect 4148->4149 4150 40100c DefWindowProcA 4148->4150 4152 4010f3 4149->4152 4155 401179 4150->4155 4153 401073 CreateBrushIndirect FillRect DeleteObject 4152->4153 4154 4010fc 4152->4154 4153->4152 4156 401102 CreateFontIndirectA 4154->4156 4157 401167 EndPaint 4154->4157 4156->4157 4158 401112 6 API calls 4156->4158 4157->4155 4158->4157 3136 402303 3137 402309 3136->3137 3138 4029f6 18 API calls 3137->3138 3139 40231b 3138->3139 3140 4029f6 18 API calls 3139->3140 3141 402325 RegCreateKeyExA 3140->3141 3142 40288b 3141->3142 3143 40234f 3141->3143 3144 402367 3143->3144 3145 4029f6 18 API calls 3143->3145 3146 402373 3144->3146 3153 4029d9 3144->3153 3147 402360 lstrlenA 3145->3147 3149 40238e RegSetValueExA 3146->3149 3156 402f18 3146->3156 3147->3144 3151 4023a4 RegCloseKey 3149->3151 3151->3142 3154 405b88 18 API calls 3153->3154 3155 4029ed 3154->3155 3155->3146 3157 402f45 3156->3157 3158 402f29 SetFilePointer 3156->3158 3171 403043 GetTickCount 3157->3171 3158->3157 3161 402f56 ReadFile 3162 402f76 3161->3162 3167 403002 3161->3167 3163 403043 43 API calls 3162->3163 3162->3167 3164 402f8d 3163->3164 3165 403008 ReadFile 3164->3165 3164->3167 3168 402f9d 3164->3168 3165->3167 3167->3149 3168->3167 3169 402fb8 ReadFile 3168->3169 3170 402fd1 WriteFile 3168->3170 3169->3167 3169->3168 3170->3167 3170->3168 3172 403072 3171->3172 3173 4031ad 3171->3173 3184 4031f1 SetFilePointer 3172->3184 3174 402bd3 33 API calls 3173->3174 3180 402f4e 3174->3180 3176 40307d SetFilePointer 3182 4030a2 3176->3182 3180->3161 3180->3167 3181 403137 WriteFile 3181->3180 3181->3182 3182->3180 3182->3181 3183 40318e SetFilePointer 3182->3183 3185 4031bf ReadFile 3182->3185 3187 405f82 3182->3187 3194 402bd3 3182->3194 3183->3173 3184->3176 3186 4031e0 3185->3186 3186->3182 3188 405fa7 3187->3188 3189 405faf 3187->3189 3188->3182 3189->3188 3190 406036 GlobalFree 3189->3190 3191 40603f GlobalAlloc 3189->3191 3192 4060b6 GlobalAlloc 3189->3192 3193 4060ad GlobalFree 3189->3193 3190->3191 3191->3188 3191->3189 3192->3188 3192->3189 3193->3192 3195 402be1 3194->3195 3196 402bf9 3194->3196 3199 402bea DestroyWindow 3195->3199 3202 402bf1 3195->3202 3197 402c01 3196->3197 3198 402c09 GetTickCount 3196->3198 3209 405ec1 3197->3209 3201 402c17 3198->3201 3198->3202 3199->3202 3203 402c4c CreateDialogParamA ShowWindow 3201->3203 3204 402c1f 3201->3204 3202->3182 3203->3202 3204->3202 3213 402bb7 3204->3213 3206 402c2d wsprintfA 3207 404f04 25 API calls 3206->3207 3208 402c4a 3207->3208 3208->3202 3210 405ede PeekMessageA 3209->3210 3211 405ed4 DispatchMessageA 3210->3211 3212 405eee 3210->3212 3211->3210 3212->3202 3214 402bc6 3213->3214 3215 402bc8 MulDiv 3213->3215 3214->3215 3215->3206 4159 402803 4160 4029d9 18 API calls 4159->4160 4161 402809 4160->4161 4162 40283a 4161->4162 4164 40265c 4161->4164 4165 402817 4161->4165 4163 405b88 18 API calls 4162->4163 4162->4164 4163->4164 4165->4164 4167 405ac4 wsprintfA 4165->4167 4167->4164 3303 401b06 3304 401b13 3303->3304 3305 401b57 3303->3305 3306 4021fb 3304->3306 3313 401b2a 3304->3313 3307 401b80 GlobalAlloc 3305->3307 3308 401b5b 3305->3308 3310 405b88 18 API calls 3306->3310 3309 405b88 18 API calls 3307->3309 3311 401b9b 3308->3311 3324 405b66 lstrcpynA 3308->3324 3309->3311 3312 402208 3310->3312 3325 405427 3312->3325 3322 405b66 lstrcpynA 3313->3322 3315 401b6d GlobalFree 3315->3311 3318 401b39 3323 405b66 lstrcpynA 3318->3323 3320 401b48 3329 405b66 lstrcpynA 3320->3329 3322->3318 3323->3320 3324->3315 3328 40543c 3325->3328 3326 405488 3326->3311 3327 405450 MessageBoxIndirectA 3327->3326 3328->3326 3328->3327 3329->3311 4168 402506 4169 4029d9 18 API calls 4168->4169 4172 402510 4169->4172 4170 402586 4171 402544 ReadFile 4171->4170 4171->4172 4172->4170 4172->4171 4173 402588 4172->4173 4174 402598 4172->4174 4177 405ac4 wsprintfA 4173->4177 4174->4170 4176 4025ae SetFilePointer 4174->4176 4176->4170 4177->4170 4178 401c8a 4179 4029d9 18 API calls 4178->4179 4180 401c91 4179->4180 4181 4029d9 18 API calls 4180->4181 4182 401c99 GetDlgItem 4181->4182 4183 4024b8 4182->4183 4184 40468b 4185 4046b7 4184->4185 4186 40469b 4184->4186 4188 4046ea 4185->4188 4189 4046bd SHGetPathFromIDListA 4185->4189 4195 40540b GetDlgItemTextA 4186->4195 4191 4046d4 SendMessageA 4189->4191 4192 4046cd 4189->4192 4190 4046a8 SendMessageA 4190->4185 4191->4188 4194 40140b 2 API calls 4192->4194 4194->4191 4195->4190 3342 40190d 3343 40190f 3342->3343 3344 4029f6 18 API calls 3343->3344 3345 401914 3344->3345 3348 40548b 3345->3348 3389 40573a 3348->3389 3351 4054a8 DeleteFileA 3353 40191d 3351->3353 3352 4054bf 3354 4055f4 3352->3354 3403 405b66 lstrcpynA 3352->3403 3354->3353 3408 405e61 FindFirstFileA 3354->3408 3356 4054e9 3357 4054fa 3356->3357 3358 4054ed lstrcatA 3356->3358 3414 4056a0 lstrlenA 3357->3414 3360 405500 3358->3360 3362 40550e lstrcatA 3360->3362 3364 405519 lstrlenA FindFirstFileA 3360->3364 3362->3364 3364->3354 3374 40553d 3364->3374 3366 405684 CharNextA 3366->3374 3368 40581e 2 API calls 3369 405629 RemoveDirectoryA 3368->3369 3370 405634 3369->3370 3371 40564b 3369->3371 3370->3353 3376 40563a 3370->3376 3372 404f04 25 API calls 3371->3372 3372->3353 3373 4055d3 FindNextFileA 3373->3374 3377 4055eb FindClose 3373->3377 3374->3366 3374->3373 3382 40548b 59 API calls 3374->3382 3385 404f04 25 API calls 3374->3385 3388 4055b1 3374->3388 3404 405b66 lstrcpynA 3374->3404 3405 40581e GetFileAttributesA 3374->3405 3378 404f04 25 API calls 3376->3378 3377->3354 3379 405642 3378->3379 3380 4058b4 38 API calls 3379->3380 3383 405649 3380->3383 3382->3374 3383->3353 3385->3373 3386 404f04 25 API calls 3386->3388 3388->3373 3388->3386 3418 4058b4 3388->3418 3444 405b66 lstrcpynA 3389->3444 3391 40574b 3445 4056ed CharNextA CharNextA 3391->3445 3394 40549f 3394->3351 3394->3352 3395 405dc8 5 API calls 3401 405761 3395->3401 3396 40578c lstrlenA 3397 405797 3396->3397 3396->3401 3399 405659 3 API calls 3397->3399 3398 405e61 2 API calls 3398->3401 3400 40579c GetFileAttributesA 3399->3400 3400->3394 3401->3394 3401->3396 3401->3398 3402 4056a0 2 API calls 3401->3402 3402->3396 3403->3356 3404->3374 3406 4055a0 DeleteFileA 3405->3406 3407 40582d SetFileAttributesA 3405->3407 3406->3374 3407->3406 3409 405619 3408->3409 3410 405e77 FindClose 3408->3410 3409->3353 3411 405659 lstrlenA CharPrevA 3409->3411 3410->3409 3412 405673 lstrcatA 3411->3412 3413 405623 3411->3413 3412->3413 3413->3368 3415 4056ad 3414->3415 3416 4056b2 CharPrevA 3415->3416 3417 4056be 3415->3417 3416->3415 3416->3417 3417->3360 3451 405e88 GetModuleHandleA 3418->3451 3421 40591c GetShortPathNameA 3422 405931 3421->3422 3426 405a11 3421->3426 3425 405939 wsprintfA 3422->3425 3422->3426 3424 405900 CloseHandle GetShortPathNameA 3424->3426 3427 405914 3424->3427 3428 405b88 18 API calls 3425->3428 3426->3388 3427->3421 3427->3426 3429 405961 3428->3429 3456 40583d GetFileAttributesA CreateFileA 3429->3456 3431 40596e 3431->3426 3432 40597d GetFileSize GlobalAlloc 3431->3432 3433 405a0a CloseHandle 3432->3433 3434 40599b ReadFile 3432->3434 3433->3426 3434->3433 3435 4059af 3434->3435 3435->3433 3457 4057b2 lstrlenA 3435->3457 3438 4059c4 3462 405b66 lstrcpynA 3438->3462 3439 405a1e 3441 4057b2 4 API calls 3439->3441 3442 4059d2 3441->3442 3443 4059e5 SetFilePointer WriteFile GlobalFree 3442->3443 3443->3433 3444->3391 3446 405707 3445->3446 3450 405713 3445->3450 3447 40570e CharNextA 3446->3447 3446->3450 3448 405730 3447->3448 3448->3394 3448->3395 3449 405684 CharNextA 3449->3450 3450->3448 3450->3449 3452 405ea4 LoadLibraryA 3451->3452 3453 405eaf GetProcAddress 3451->3453 3452->3453 3454 4058bf 3452->3454 3453->3454 3454->3421 3454->3426 3455 40583d GetFileAttributesA CreateFileA 3454->3455 3455->3424 3456->3431 3458 4057e8 lstrlenA 3457->3458 3459 4057f2 3458->3459 3460 4057c6 lstrcmpiA 3458->3460 3459->3438 3459->3439 3460->3459 3461 4057df CharNextA 3460->3461 3461->3458 3462->3442 4196 40430f 4197 404345 4196->4197 4198 40431f 4196->4198 4199 403f7f 8 API calls 4197->4199 4200 403f18 19 API calls 4198->4200 4201 404351 4199->4201 4202 40432c SetDlgItemTextA 4200->4202 4202->4197 4203 401490 4204 404f04 25 API calls 4203->4204 4205 401497 4204->4205 3565 402615 3566 402618 3565->3566 3567 402630 3565->3567 3568 402625 FindNextFileA 3566->3568 3568->3567 3569 40266f 3568->3569 3571 405b66 lstrcpynA 3569->3571 3571->3567 3572 401d95 3573 4029d9 18 API calls 3572->3573 3574 401d9b 3573->3574 3575 4029d9 18 API calls 3574->3575 3576 401da4 3575->3576 3577 401db6 EnableWindow 3576->3577 3578 401dab ShowWindow 3576->3578 3579 40288b 3577->3579 3578->3579 4213 401595 4214 4029f6 18 API calls 4213->4214 4215 40159c SetFileAttributesA 4214->4215 4216 4015ae 4215->4216 4217 401e95 4218 4029f6 18 API calls 4217->4218 4219 401e9c 4218->4219 4220 405e61 2 API calls 4219->4220 4221 401ea2 4220->4221 4223 401eb4 4221->4223 4224 405ac4 wsprintfA 4221->4224 4224->4223 4225 401696 4226 4029f6 18 API calls 4225->4226 4227 40169c GetFullPathNameA 4226->4227 4228 4016b3 4227->4228 4229 4016d4 4227->4229 4228->4229 4232 405e61 2 API calls 4228->4232 4230 4016e8 GetShortPathNameA 4229->4230 4231 40288b 4229->4231 4230->4231 4233 4016c4 4232->4233 4233->4229 4235 405b66 lstrcpynA 4233->4235 4235->4229 4236 401d1b GetDC GetDeviceCaps 4237 4029d9 18 API calls 4236->4237 4238 401d37 MulDiv 4237->4238 4239 4029d9 18 API calls 4238->4239 4240 401d4c 4239->4240 4241 405b88 18 API calls 4240->4241 4242 401d85 CreateFontIndirectA 4241->4242 4243 4024b8 4242->4243 4244 401e1b 4245 4029f6 18 API calls 4244->4245 4246 401e21 4245->4246 4247 404f04 25 API calls 4246->4247 4248 401e2b 4247->4248 4249 4053c6 2 API calls 4248->4249 4253 401e31 4249->4253 4250 401e87 CloseHandle 4252 40265c 4250->4252 4251 401e50 WaitForSingleObject 4251->4253 4254 401e5e GetExitCodeProcess 4251->4254 4253->4250 4253->4251 4253->4252 4257 405ec1 2 API calls 4253->4257 4255 401e70 4254->4255 4256 401e79 4254->4256 4259 405ac4 wsprintfA 4255->4259 4256->4250 4257->4251 4259->4256 4260 40249c 4261 4029f6 18 API calls 4260->4261 4262 4024a3 4261->4262 4265 40583d GetFileAttributesA CreateFileA 4262->4265 4264 4024af 4265->4264 3017 402020 3035 4029f6 3017->3035 3020 4029f6 18 API calls 3021 402031 3020->3021 3022 4029f6 18 API calls 3021->3022 3023 40203a 3022->3023 3024 4029f6 18 API calls 3023->3024 3025 402044 3024->3025 3026 4029f6 18 API calls 3025->3026 3028 40204e 3026->3028 3027 402062 CoCreateInstance 3030 402081 3027->3030 3031 402137 3027->3031 3028->3027 3029 4029f6 18 API calls 3028->3029 3029->3027 3030->3031 3034 402116 MultiByteToWideChar 3030->3034 3033 402169 3031->3033 3041 401423 3031->3041 3034->3031 3036 402a02 3035->3036 3037 405b88 18 API calls 3036->3037 3038 402a23 3037->3038 3039 402027 3038->3039 3040 405dc8 5 API calls 3038->3040 3039->3020 3040->3039 3044 404f04 3041->3044 3045 401431 3044->3045 3046 404f1f 3044->3046 3045->3033 3047 404f3c lstrlenA 3046->3047 3048 405b88 18 API calls 3046->3048 3049 404f65 3047->3049 3050 404f4a lstrlenA 3047->3050 3048->3047 3052 404f78 3049->3052 3053 404f6b SetWindowTextA 3049->3053 3050->3045 3051 404f5c lstrcatA 3050->3051 3051->3049 3052->3045 3054 404f7e SendMessageA SendMessageA SendMessageA 3052->3054 3053->3052 3054->3045 3060 401721 3061 4029f6 18 API calls 3060->3061 3062 401728 3061->3062 3066 40586c 3062->3066 3064 40172f 3065 40586c 2 API calls 3064->3065 3065->3064 3067 405877 GetTickCount GetTempFileNameA 3066->3067 3068 4058a7 3067->3068 3069 4058a3 3067->3069 3068->3064 3069->3067 3069->3068 4266 401922 4267 4029f6 18 API calls 4266->4267 4268 401929 lstrlenA 4267->4268 4269 4024b8 4268->4269 3216 402223 3217 40222b 3216->3217 3219 402231 3216->3219 3218 4029f6 18 API calls 3217->3218 3218->3219 3220 4029f6 18 API calls 3219->3220 3223 402241 3219->3223 3220->3223 3221 4029f6 18 API calls 3224 40224f 3221->3224 3222 4029f6 18 API calls 3225 402258 WritePrivateProfileStringA 3222->3225 3223->3221 3223->3224 3224->3222 4277 401ca5 4278 4029d9 18 API calls 4277->4278 4279 401cb5 SetWindowLongA 4278->4279 4280 40288b 4279->4280 4281 401a26 4282 4029d9 18 API calls 4281->4282 4283 401a2c 4282->4283 4284 4029d9 18 API calls 4283->4284 4285 4019d6 4284->4285 4286 402427 4296 402b00 4286->4296 4288 402431 4289 4029d9 18 API calls 4288->4289 4290 40243a 4289->4290 4291 402451 RegEnumKeyA 4290->4291 4292 40245d RegEnumValueA 4290->4292 4294 40265c 4290->4294 4293 402476 RegCloseKey 4291->4293 4292->4293 4292->4294 4293->4294 4297 4029f6 18 API calls 4296->4297 4298 402b19 4297->4298 4299 402b27 RegOpenKeyExA 4298->4299 4299->4288 4300 4022a7 4301 4022d7 4300->4301 4302 4022ac 4300->4302 4303 4029f6 18 API calls 4301->4303 4304 402b00 19 API calls 4302->4304 4305 4022de 4303->4305 4306 4022b3 4304->4306 4311 402a36 RegOpenKeyExA 4305->4311 4307 4029f6 18 API calls 4306->4307 4310 4022f4 4306->4310 4308 4022c4 RegDeleteValueA RegCloseKey 4307->4308 4308->4310 4312 402aad 4311->4312 4315 402a61 4311->4315 4312->4310 4313 402a87 RegEnumKeyA 4314 402a99 RegCloseKey 4313->4314 4313->4315 4317 405e88 3 API calls 4314->4317 4315->4313 4315->4314 4316 402abe RegCloseKey 4315->4316 4318 402a36 3 API calls 4315->4318 4316->4312 4319 402aa9 4317->4319 4318->4315 4319->4312 4320 402ad9 RegDeleteKeyA 4319->4320 4320->4312 4321 40402c lstrcpynA lstrlenA 3463 401bad 3464 4029d9 18 API calls 3463->3464 3465 401bb4 3464->3465 3466 4029d9 18 API calls 3465->3466 3467 401bbe 3466->3467 3468 401bce 3467->3468 3469 4029f6 18 API calls 3467->3469 3470 401bde 3468->3470 3471 4029f6 18 API calls 3468->3471 3469->3468 3472 401be9 3470->3472 3473 401c2d 3470->3473 3471->3470 3474 4029d9 18 API calls 3472->3474 3475 4029f6 18 API calls 3473->3475 3477 401bee 3474->3477 3476 401c32 3475->3476 3478 4029f6 18 API calls 3476->3478 3479 4029d9 18 API calls 3477->3479 3480 401c3b FindWindowExA 3478->3480 3481 401bf7 3479->3481 3484 401c59 3480->3484 3482 401c1d SendMessageA 3481->3482 3483 401bff SendMessageTimeoutA 3481->3483 3482->3484 3483->3484 4322 4023af 4323 402b00 19 API calls 4322->4323 4324 4023b9 4323->4324 4325 4029f6 18 API calls 4324->4325 4326 4023c2 4325->4326 4327 4023cc RegQueryValueExA 4326->4327 4330 40265c 4326->4330 4328 4023f2 RegCloseKey 4327->4328 4329 4023ec 4327->4329 4328->4330 4329->4328 4333 405ac4 wsprintfA 4329->4333 4333->4328 4334 406131 4335 405fb5 4334->4335 4336 406920 4335->4336 4337 406036 GlobalFree 4335->4337 4338 40603f GlobalAlloc 4335->4338 4339 4060b6 GlobalAlloc 4335->4339 4340 4060ad GlobalFree 4335->4340 4337->4338 4338->4335 4338->4336 4339->4335 4339->4336 4340->4339 3505 4015b3 3506 4029f6 18 API calls 3505->3506 3507 4015ba 3506->3507 3508 4056ed 4 API calls 3507->3508 3520 4015c2 3508->3520 3509 40160a 3510 40162d 3509->3510 3511 40160f 3509->3511 3517 401423 25 API calls 3510->3517 3513 401423 25 API calls 3511->3513 3512 405684 CharNextA 3514 4015d0 CreateDirectoryA 3512->3514 3515 401616 3513->3515 3516 4015e5 GetLastError 3514->3516 3514->3520 3523 405b66 lstrcpynA 3515->3523 3519 4015f2 GetFileAttributesA 3516->3519 3516->3520 3522 402169 3517->3522 3519->3520 3520->3509 3520->3512 3521 401621 SetCurrentDirectoryA 3521->3522 3523->3521 3524 401734 3525 4029f6 18 API calls 3524->3525 3526 40173b 3525->3526 3527 401761 3526->3527 3528 401759 3526->3528 3564 405b66 lstrcpynA 3527->3564 3563 405b66 lstrcpynA 3528->3563 3531 40176c 3533 405659 3 API calls 3531->3533 3532 40175f 3535 405dc8 5 API calls 3532->3535 3534 401772 lstrcatA 3533->3534 3534->3532 3541 40177e 3535->3541 3536 405e61 2 API calls 3536->3541 3538 40581e 2 API calls 3538->3541 3539 401795 CompareFileTime 3539->3541 3540 401859 3542 404f04 25 API calls 3540->3542 3541->3536 3541->3538 3541->3539 3541->3540 3544 405b66 lstrcpynA 3541->3544 3550 405b88 18 API calls 3541->3550 3559 405427 MessageBoxIndirectA 3541->3559 3561 401830 3541->3561 3562 40583d GetFileAttributesA CreateFileA 3541->3562 3545 401863 3542->3545 3543 404f04 25 API calls 3549 401845 3543->3549 3544->3541 3546 402f18 48 API calls 3545->3546 3547 401876 3546->3547 3548 40188a SetFileTime 3547->3548 3551 40189c FindCloseChangeNotification 3547->3551 3548->3551 3550->3541 3551->3549 3552 4018ad 3551->3552 3553 4018b2 3552->3553 3554 4018c5 3552->3554 3555 405b88 18 API calls 3553->3555 3556 405b88 18 API calls 3554->3556 3557 4018ba lstrcatA 3555->3557 3558 4018cd 3556->3558 3557->3558 3560 405427 MessageBoxIndirectA 3558->3560 3559->3541 3560->3549 3561->3543 3561->3549 3562->3541 3563->3532 3564->3531 4341 401634 4342 4029f6 18 API calls 4341->4342 4343 40163a 4342->4343 4344 405e61 2 API calls 4343->4344 4345 401640 4344->4345 4346 401934 4347 4029d9 18 API calls 4346->4347 4348 40193b 4347->4348 4349 4029d9 18 API calls 4348->4349 4350 401945 4349->4350 4351 4029f6 18 API calls 4350->4351 4352 40194e 4351->4352 4353 401961 lstrlenA 4352->4353 4354 40199c 4352->4354 4355 40196b 4353->4355 4355->4354 4359 405b66 lstrcpynA 4355->4359 4357 401985 4357->4354 4358 401992 lstrlenA 4357->4358 4358->4354 4359->4357 4360 4019b5 4361 4029f6 18 API calls 4360->4361 4362 4019bc 4361->4362 4363 4029f6 18 API calls 4362->4363 4364 4019c5 4363->4364 4365 4019cc lstrcmpiA 4364->4365 4366 4019de lstrcmpA 4364->4366 4367 4019d2 4365->4367 4366->4367 4368 4014b7 4369 4014bd 4368->4369 4370 401389 2 API calls 4369->4370 4371 4014c5 4370->4371 4379 402b3b 4380 402b63 4379->4380 4381 402b4a SetTimer 4379->4381 4382 402bb1 4380->4382 4383 402bb7 MulDiv 4380->4383 4381->4380 4384 402b71 wsprintfA SetWindowTextA SetDlgItemTextA 4383->4384 4384->4382 3608 40323c #17 SetErrorMode OleInitialize 3609 405e88 3 API calls 3608->3609 3610 40327f SHGetFileInfoA 3609->3610 3678 405b66 lstrcpynA 3610->3678 3612 4032aa GetCommandLineA 3679 405b66 lstrcpynA 3612->3679 3614 4032bc GetModuleHandleA 3615 4032d3 3614->3615 3616 405684 CharNextA 3615->3616 3617 4032e7 CharNextA 3616->3617 3628 4032f4 3617->3628 3618 40335d 3619 403370 GetTempPathA 3618->3619 3680 403208 3619->3680 3621 403386 3622 4033aa DeleteFileA 3621->3622 3623 40338a GetWindowsDirectoryA lstrcatA 3621->3623 3688 402c72 GetTickCount GetModuleFileNameA 3622->3688 3625 403208 11 API calls 3623->3625 3624 405684 CharNextA 3624->3628 3627 4033a6 3625->3627 3627->3622 3631 403428 ExitProcess OleUninitialize 3627->3631 3628->3618 3628->3624 3629 40335f 3628->3629 3772 405b66 lstrcpynA 3629->3772 3630 4033bb 3630->3631 3633 403414 3630->3633 3638 405684 CharNextA 3630->3638 3634 403522 3631->3634 3635 40343d 3631->3635 3718 4036af 3633->3718 3636 4035a5 ExitProcess 3634->3636 3640 405e88 3 API calls 3634->3640 3639 405427 MessageBoxIndirectA 3635->3639 3643 4033d2 3638->3643 3644 40344b ExitProcess 3639->3644 3645 403531 3640->3645 3641 403424 3641->3631 3648 403453 lstrcatA lstrcmpiA 3643->3648 3649 4033ef 3643->3649 3646 405e88 3 API calls 3645->3646 3647 40353a 3646->3647 3650 405e88 3 API calls 3647->3650 3648->3631 3651 40346f CreateDirectoryA SetCurrentDirectoryA 3648->3651 3652 40573a 18 API calls 3649->3652 3654 403543 3650->3654 3655 403491 3651->3655 3656 403486 3651->3656 3653 4033fa 3652->3653 3653->3631 3773 405b66 lstrcpynA 3653->3773 3659 403591 ExitWindowsEx 3654->3659 3664 403551 GetCurrentProcess 3654->3664 3776 405b66 lstrcpynA 3655->3776 3775 405b66 lstrcpynA 3656->3775 3659->3636 3661 40359e 3659->3661 3663 40140b 2 API calls 3661->3663 3662 403409 3774 405b66 lstrcpynA 3662->3774 3663->3636 3667 403561 3664->3667 3666 405b88 18 API calls 3668 4034c1 DeleteFileA 3666->3668 3667->3659 3669 4034ce CopyFileA 3668->3669 3675 40349f 3668->3675 3669->3675 3670 403516 3671 4058b4 38 API calls 3670->3671 3673 40351d 3671->3673 3672 4058b4 38 API calls 3672->3675 3673->3631 3674 405b88 18 API calls 3674->3675 3675->3666 3675->3670 3675->3672 3675->3674 3677 403502 CloseHandle 3675->3677 3777 4053c6 CreateProcessA 3675->3777 3677->3675 3678->3612 3679->3614 3681 405dc8 5 API calls 3680->3681 3682 403214 3681->3682 3683 40321e 3682->3683 3684 405659 3 API calls 3682->3684 3683->3621 3685 403226 CreateDirectoryA 3684->3685 3686 40586c 2 API calls 3685->3686 3687 40323a 3686->3687 3687->3621 3780 40583d GetFileAttributesA CreateFileA 3688->3780 3690 402cb5 3717 402cc2 3690->3717 3781 405b66 lstrcpynA 3690->3781 3692 402cd8 3693 4056a0 2 API calls 3692->3693 3694 402cde 3693->3694 3782 405b66 lstrcpynA 3694->3782 3696 402ce9 GetFileSize 3697 402dea 3696->3697 3707 402d00 3696->3707 3698 402bd3 33 API calls 3697->3698 3700 402df1 3698->3700 3699 4031bf ReadFile 3699->3707 3702 402e2d GlobalAlloc 3700->3702 3700->3717 3783 4031f1 SetFilePointer 3700->3783 3701 402e85 3705 402bd3 33 API calls 3701->3705 3704 402e44 3702->3704 3710 40586c 2 API calls 3704->3710 3705->3717 3706 402e0e 3708 4031bf ReadFile 3706->3708 3707->3697 3707->3699 3707->3701 3709 402bd3 33 API calls 3707->3709 3707->3717 3711 402e19 3708->3711 3709->3707 3712 402e55 CreateFileA 3710->3712 3711->3702 3711->3717 3713 402e8f 3712->3713 3712->3717 3784 4031f1 SetFilePointer 3713->3784 3715 402e9d 3716 402f18 48 API calls 3715->3716 3716->3717 3717->3630 3719 405e88 3 API calls 3718->3719 3720 4036c3 3719->3720 3721 4036c9 3720->3721 3722 4036db 3720->3722 3794 405ac4 wsprintfA 3721->3794 3723 405a4d 3 API calls 3722->3723 3724 4036fc 3723->3724 3725 40371a lstrcatA 3724->3725 3727 405a4d 3 API calls 3724->3727 3728 4036d9 3725->3728 3727->3725 3785 403978 3728->3785 3731 40573a 18 API calls 3732 40374c 3731->3732 3733 4037d5 3732->3733 3735 405a4d 3 API calls 3732->3735 3734 40573a 18 API calls 3733->3734 3736 4037db 3734->3736 3737 403778 3735->3737 3738 4037eb LoadImageA 3736->3738 3739 405b88 18 API calls 3736->3739 3737->3733 3744 403794 lstrlenA 3737->3744 3745 405684 CharNextA 3737->3745 3740 403816 RegisterClassA 3738->3740 3741 40389f 3738->3741 3739->3738 3742 403852 SystemParametersInfoA CreateWindowExA 3740->3742 3769 4038a9 3740->3769 3743 40140b 2 API calls 3741->3743 3742->3741 3748 4038a5 3743->3748 3746 4037a2 lstrcmpiA 3744->3746 3747 4037c8 3744->3747 3749 403792 3745->3749 3746->3747 3750 4037b2 GetFileAttributesA 3746->3750 3751 405659 3 API calls 3747->3751 3753 403978 19 API calls 3748->3753 3748->3769 3749->3744 3752 4037be 3750->3752 3754 4037ce 3751->3754 3752->3747 3755 4056a0 2 API calls 3752->3755 3756 4038b6 3753->3756 3795 405b66 lstrcpynA 3754->3795 3755->3747 3758 4038c2 ShowWindow LoadLibraryA 3756->3758 3759 403945 3756->3759 3761 4038e1 LoadLibraryA 3758->3761 3762 4038e8 GetClassInfoA 3758->3762 3760 404fd6 5 API calls 3759->3760 3763 40394b 3760->3763 3761->3762 3764 403912 DialogBoxParamA 3762->3764 3765 4038fc GetClassInfoA RegisterClassA 3762->3765 3767 403967 3763->3767 3768 40394f 3763->3768 3766 40140b 2 API calls 3764->3766 3765->3764 3766->3769 3770 40140b 2 API calls 3767->3770 3768->3769 3771 40140b 2 API calls 3768->3771 3769->3641 3770->3769 3771->3769 3772->3619 3773->3662 3774->3633 3775->3655 3776->3675 3778 405401 3777->3778 3779 4053f5 CloseHandle 3777->3779 3778->3675 3779->3778 3780->3690 3781->3692 3782->3696 3783->3706 3784->3715 3786 40398c 3785->3786 3796 405ac4 wsprintfA 3786->3796 3788 4039fd 3789 405b88 18 API calls 3788->3789 3790 403a09 SetWindowTextA 3789->3790 3791 40372a 3790->3791 3792 403a25 3790->3792 3791->3731 3792->3791 3793 405b88 18 API calls 3792->3793 3793->3792 3794->3728 3795->3733 3796->3788 3797 4035bd 3798 4035d8 3797->3798 3799 4035ce CloseHandle 3797->3799 3800 4035e2 CloseHandle 3798->3800 3801 4035ec 3798->3801 3799->3798 3800->3801 3806 40361a 3801->3806 3804 40548b 68 API calls 3805 4035fd 3804->3805 3807 403628 3806->3807 3808 4035f1 3807->3808 3809 40362d FreeLibrary GlobalFree 3807->3809 3808->3804 3809->3808 3809->3809 3810 40263e 3811 4029f6 18 API calls 3810->3811 3812 402645 FindFirstFileA 3811->3812 3813 402668 3812->3813 3814 402658 3812->3814 3816 40266f 3813->3816 3818 405ac4 wsprintfA 3813->3818 3819 405b66 lstrcpynA 3816->3819 3818->3816 3819->3814 4386 4024be 4387 4024c3 4386->4387 4388 4024d4 4386->4388 4389 4029d9 18 API calls 4387->4389 4390 4029f6 18 API calls 4388->4390 4392 4024ca 4389->4392 4391 4024db lstrlenA 4390->4391 4391->4392 4393 4024fa WriteFile 4392->4393 4394 40265c 4392->4394 4393->4394

                                    Executed Functions

                                    Function 0040323C, Relevance: 73.8, APIs: 24, Strings: 18, Instructions: 270filestringcomCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 40323c-4032d1 #17 SetErrorMode OleInitialize call 405e88 SHGetFileInfoA call 405b66 GetCommandLineA call 405b66 GetModuleHandleA 7 4032d3-4032d8 0->7 8 4032dd-4032f2 call 405684 CharNextA 0->8 7->8 11 403357-40335b 8->11 12 4032f4-4032f7 11->12 13 40335d 11->13 14 4032f9-4032fd 12->14 15 4032ff-403307 12->15 16 403370-403388 GetTempPathA call 403208 13->16 14->14 14->15 17 403309-40330a 15->17 18 40330f-403312 15->18 23 4033aa-4033c1 DeleteFileA call 402c72 16->23 24 40338a-4033a8 GetWindowsDirectoryA lstrcatA call 403208 16->24 17->18 20 403314-403318 18->20 21 403347-403354 call 405684 18->21 26 403328-40332e 20->26 27 40331a-403323 20->27 21->11 38 403356 21->38 39 403428-403437 ExitProcess OleUninitialize 23->39 40 4033c3-4033c9 23->40 24->23 24->39 30 403330-403339 26->30 31 40333e-403345 26->31 27->26 28 403325 27->28 28->26 30->31 35 40333b 30->35 31->21 36 40335f-40336b call 405b66 31->36 35->31 36->16 38->11 44 403522-403528 39->44 45 40343d-40344d call 405427 ExitProcess 39->45 42 403418-40341f call 4036af 40->42 43 4033cb-4033d4 call 405684 40->43 52 403424 42->52 58 4033df-4033e1 43->58 46 4035a5-4035ad 44->46 47 40352a-403547 call 405e88 * 3 44->47 53 4035b3-4035b7 ExitProcess 46->53 54 4035af 46->54 76 403591-40359c ExitWindowsEx 47->76 77 403549-40354b 47->77 52->39 54->53 60 4033e3-4033ed 58->60 61 4033d6-4033dc 58->61 64 403453-40346d lstrcatA lstrcmpiA 60->64 65 4033ef-4033fc call 40573a 60->65 61->60 63 4033de 61->63 63->58 64->39 67 40346f-403484 CreateDirectoryA SetCurrentDirectoryA 64->67 65->39 74 4033fe-403414 call 405b66 * 2 65->74 71 403491-4034ab call 405b66 67->71 72 403486-40348c call 405b66 67->72 83 4034b0-4034cc call 405b88 DeleteFileA 71->83 72->71 74->42 76->46 80 40359e-4035a0 call 40140b 76->80 77->76 81 40354d-40354f 77->81 80->46 81->76 85 403551-403563 GetCurrentProcess 81->85 92 40350d-403514 83->92 93 4034ce-4034de CopyFileA 83->93 85->76 91 403565-403587 85->91 91->76 92->83 94 403516-40351d call 4058b4 92->94 93->92 95 4034e0-403500 call 4058b4 call 405b88 call 4053c6 93->95 94->39 95->92 105 403502-403509 CloseHandle 95->105 105->92
                                    C-Code - Quality: 81%
                                    			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v392;
				int _v396;
				int _v400;
				signed int _v404;
				CHAR* _v408;
				int _v412;
				struct _SECURITY_ATTRIBUTES* _v416;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				int _t50;
				signed int _t51;
				signed int _t54;
				int _t55;
				signed int _t59;
				intOrPtr _t70;
				intOrPtr _t76;
				void* _t78;
				void* _t88;
				void* _t90;
				char* _t95;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t99;
				signed int _t102;
				CHAR* _t104;
				signed int _t105;
				intOrPtr _t112;
				char _t119;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t98 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfoA(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66("CL-Eye Driver Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t95 = "\"C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe\" -install";
				E00405B66(_t95, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t95;
				if("\"C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe\" -install" == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E00405684(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t90 =  *_t44;
					_t108 = _t90;
					if(_t90 == 0) {
						break;
					}
					__eflags = _t90 - 0x20;
					if(_t90 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405684(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t98 = _t98 | 0x00000002;
									__eflags = _t98;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t98 = _t98 | 0x00000004;
									__eflags = _t98;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E00405B66("C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver", _t45);
								L20:
								_t104 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t104);
								_t48 = E00403208(_t108);
								_t109 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C72(_t110, _t98); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										ExitProcess(); // executed
										__imp__OleUninitialize(); // executed
										if(_v404 == 0) {
											__eflags =  *0x423f34; // 0x0
											if(__eflags != 0) {
												_t105 = E00405E88(3);
												_t99 = E00405E88(4);
												_t54 = E00405E88(5);
												__eflags = _t105;
												_t96 = _t54;
												if(_t105 != 0) {
													__eflags = _t99;
													if(_t99 != 0) {
														__eflags = _t96;
														if(_t96 != 0) {
															_t59 =  *_t105(GetCurrentProcess(), 0x28,  &_v392);
															__eflags = _t59;
															if(_t59 != 0) {
																 *_t99(0, "SeShutdownPrivilege",  &_v396);
																_v412 = 1;
																_v400 = 2;
																 *_t96(_v416, 0,  &_v412, 0, 0, 0);
															}
														}
													}
												}
												_t55 = ExitWindowsEx(2, 0);
												__eflags = _t55;
												if(_t55 == 0) {
													E0040140B(9);
												}
											}
											_t51 =  *0x423f4c; // 0xffffffff
											__eflags = _t51 - 0xffffffff;
											if(_t51 != 0xffffffff) {
												_v396 = _t51;
											}
											ExitProcess(_v396);
										}
										E00405427(_v404, 0x200010);
										ExitProcess(2);
									}
									_t112 =  *0x423ebc; // 0x0
									if(_t112 == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004036AF();
										goto L32;
									}
									_t102 = E00405684(_t95, 0);
									while(_t102 >= _t95) {
										__eflags =  *_t102 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t102 = _t102 - 1;
										__eflags = _t102;
									}
									_t114 = _t102 - _t95;
									_v408 = "Error launching installer";
									if(_t102 < _t95) {
										lstrcatA(_t104, "~nsu.tmp");
										_t100 = "C:\\Users\\jones\\Desktop";
										if(lstrcmpiA(_t104, "C:\\Users\\jones\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t104, 0);
										SetCurrentDirectoryA(_t104);
										_t119 = "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver"; // 0x43
										if(_t119 == 0) {
											E00405B66("C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver", _t100);
										}
										E00405B66(0x424000, _v396);
										 *0x424400 = 0x41;
										_t97 = 0x1a;
										do {
											_t70 =  *0x423eb0; // 0x4afae0
											E00405B88(0, _t97, 0x41f058, 0x41f058,  *((intOrPtr*)(_t70 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v416 != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												_t76 =  *0x423eb0; // 0x4afae0
												E00405B88(0, _t97, 0x41f058, 0x41f058,  *((intOrPtr*)(_t76 + 0x124)));
												_t78 = E004053C6(0x41f058);
												if(_t78 != 0) {
													CloseHandle(_t78);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t97 = _t97 - 1;
										} while (_t97 != 0);
										_push(0);
										_push(_t104);
										E004058B4();
										goto L32;
									}
									 *_t102 = 0;
									_t103 = _t102 + 4;
									if(E0040573A(_t114, _t102 + 4) == 0) {
										goto L32;
									}
									E00405B66("C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver", _t103);
									E00405B66("C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver", _t103);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t104, 0x3fb);
								lstrcatA(_t104, "\\Temp");
								_t88 = E00403208(_t109);
								_t110 = _t88;
								if(_t88 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                                    0x00403248
                                    0x0040324c
                                    0x00403254
                                    0x00403256
                                    0x0040325b
                                    0x00403266
                                    0x0040326d
                                    0x00403275
                                    0x0040327f
                                    0x00403295
                                    0x004032a5
                                    0x004032aa
                                    0x004032b0
                                    0x004032b7
                                    0x004032ca
                                    0x004032cf
                                    0x004032d1
                                    0x004032d3
                                    0x004032d8
                                    0x004032d8
                                    0x004032e8
                                    0x004032ee
                                    0x00403357
                                    0x00403357
                                    0x00403359
                                    0x0040335b
                                    0x00000000
                                    0x00000000
                                    0x004032f4
                                    0x004032f7
                                    0x004032ff
                                    0x004032ff
                                    0x00403302
                                    0x00403307
                                    0x00403309
                                    0x00403309
                                    0x0040330a
                                    0x0040330a
                                    0x0040330f
                                    0x00403312
                                    0x00403347
                                    0x0040334c
                                    0x00403351
                                    0x00403354
                                    0x00403356
                                    0x00403356
                                    0x00403356
                                    0x00000000
                                    0x00403314
                                    0x00403314
                                    0x00403315
                                    0x00403318
                                    0x00403320
                                    0x00403323
                                    0x00403325
                                    0x00403325
                                    0x00403325
                                    0x00403323
                                    0x00403328
                                    0x0040332e
                                    0x00403336
                                    0x00403339
                                    0x0040333b
                                    0x0040333b
                                    0x0040333b
                                    0x00403339
                                    0x0040333e
                                    0x00403345
                                    0x0040335f
                                    0x00403362
                                    0x00403362
                                    0x0040336b
                                    0x00403370
                                    0x00403370
                                    0x0040337b
                                    0x00403381
                                    0x00403386
                                    0x00403388
                                    0x004033aa
                                    0x004033af
                                    0x004033b6
                                    0x004033bd
                                    0x004033c1
                                    0x00403428
                                    0x00403428
                                    0x0040342d
                                    0x00403437
                                    0x00403522
                                    0x00403528
                                    0x00403533
                                    0x0040353c
                                    0x0040353e
                                    0x00403543
                                    0x00403545
                                    0x00403547
                                    0x00403549
                                    0x0040354b
                                    0x0040354d
                                    0x0040354f
                                    0x0040355f
                                    0x00403561
                                    0x00403563
                                    0x00403570
                                    0x0040357f
                                    0x00403587
                                    0x0040358f
                                    0x0040358f
                                    0x00403563
                                    0x0040354f
                                    0x0040354b
                                    0x00403594
                                    0x0040359a
                                    0x0040359c
                                    0x004035a0
                                    0x004035a0
                                    0x0040359c
                                    0x004035a5
                                    0x004035aa
                                    0x004035ad
                                    0x004035af
                                    0x004035af
                                    0x004035b7
                                    0x004035b7
                                    0x00403446
                                    0x0040344d
                                    0x0040344d
                                    0x004033c3
                                    0x004033c9
                                    0x00403418
                                    0x00403418
                                    0x00403424
                                    0x00000000
                                    0x00403424
                                    0x004033d2
                                    0x004033df
                                    0x004033d6
                                    0x004033dc
                                    0x00000000
                                    0x00000000
                                    0x004033de
                                    0x004033de
                                    0x004033de
                                    0x004033e3
                                    0x004033e5
                                    0x004033ed
                                    0x00403459
                                    0x0040345e
                                    0x0040346d
                                    0x00000000
                                    0x00000000
                                    0x00403471
                                    0x00403478
                                    0x0040347e
                                    0x00403484
                                    0x0040348c
                                    0x0040348c
                                    0x0040349a
                                    0x004034a1
                                    0x004034aa
                                    0x004034b0
                                    0x004034b0
                                    0x004034bc
                                    0x004034c2
                                    0x004034cc
                                    0x004034e0
                                    0x004034e1
                                    0x004034e2
                                    0x004034e7
                                    0x004034f3
                                    0x004034f9
                                    0x00403500
                                    0x00403503
                                    0x00403509
                                    0x00403509
                                    0x00403500
                                    0x0040350d
                                    0x00403513
                                    0x00403513
                                    0x00403516
                                    0x00403517
                                    0x00403518
                                    0x00000000
                                    0x00403518
                                    0x004033ef
                                    0x004033f1
                                    0x004033fc
                                    0x00000000
                                    0x00000000
                                    0x00403404
                                    0x0040340f
                                    0x00403414
                                    0x00000000
                                    0x00403414
                                    0x00403390
                                    0x0040339c
                                    0x004033a1
                                    0x004033a6
                                    0x004033a8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004033a8
                                    0x00000000
                                    0x00403345
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004032f9
                                    0x004032f9
                                    0x004032f9
                                    0x004032fa
                                    0x004032fa
                                    0x00000000
                                    0x004032f9
                                    0x00000000

                                    APIs
                                    • #17.COMCTL32 ref: 0040325B
                                    • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                    • OleInitialize.OLE32(00000000), ref: 0040326D
                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                      • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                    • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,CL-Eye Driver Setup,NSIS Error), ref: 00405B73
                                    • GetCommandLineA.KERNEL32(CL-Eye Driver Setup,NSIS Error), ref: 004032AA
                                    • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,00000000), ref: 004032BD
                                    • CharNextA.USER32(00000000,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,00000020), ref: 004032E8
                                    • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                    • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                    • ExitProcess.KERNEL32(00000000), ref: 00403428
                                    • OleUninitialize.OLE32(00000000), ref: 0040342D
                                    • ExitProcess.KERNEL32 ref: 0040344D
                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,00000000,00000000), ref: 00403459
                                    • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,00000000,00000000), ref: 00403465
                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                    • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                    • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                    • CopyFileA.KERNEL32 ref: 004034D6
                                    • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                    • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                    • ExitProcess.KERNEL32 ref: 004035B7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ExitFileProcess$DirectoryHandle$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                    • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install$1033$C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe$CL-Eye Driver Setup$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                    • API String ID: 553446912-1445937497
                                    • Opcode ID: 95b2644de8016f8df3482d777034fb250a64d332808757e83748c09c41b177fd
                                    • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                    • Opcode Fuzzy Hash: 95b2644de8016f8df3482d777034fb250a64d332808757e83748c09c41b177fd
                                    • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405042, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 106 405042-40505d 107 405063-40512c GetDlgItem * 3 call 403f4d call 4047a6 GetClientRect GetSystemMetrics SendMessageA * 2 106->107 108 4051ee-4051f5 106->108 128 40514a-40514d 107->128 129 40512e-405148 SendMessageA * 2 107->129 110 4051f7-405219 GetDlgItem CreateThread FindCloseChangeNotification 108->110 111 40521f-40522c 108->111 110->111 113 40524a-405251 111->113 114 40522e-405234 111->114 118 405253-405259 113->118 119 4052a8-4052ac 113->119 116 405236-405245 ShowWindow * 2 call 403f4d 114->116 117 40526c-405275 call 403f7f 114->117 116->113 132 40527a-40527e 117->132 123 405281-405291 ShowWindow 118->123 124 40525b-405267 call 403ef1 118->124 119->117 121 4052ae-4052b1 119->121 121->117 130 4052b3-4052c6 SendMessageA 121->130 126 4052a1-4052a3 call 403ef1 123->126 127 405293-40529c call 404f04 123->127 124->117 126->119 127->126 135 40515d-405174 call 403f18 128->135 136 40514f-40515b SendMessageA 128->136 129->128 137 4052cc-4052ed CreatePopupMenu call 405b88 AppendMenuA 130->137 138 4053bf-4053c1 130->138 145 405176-40518a ShowWindow 135->145 146 4051aa-4051cb GetDlgItem SendMessageA 135->146 136->135 143 405302-405308 137->143 144 4052ef-405300 GetWindowRect 137->144 138->132 148 40530b-405323 TrackPopupMenu 143->148 144->148 149 405199 145->149 150 40518c-405197 ShowWindow 145->150 146->138 147 4051d1-4051e9 SendMessageA * 2 146->147 147->138 148->138 151 405329-405340 148->151 152 40519f-4051a5 call 403f4d 149->152 150->152 153 405345-405360 SendMessageA 151->153 152->146 153->153 155 405362-405382 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 153->155 156 405384-4053a3 SendMessageA 155->156 156->156 157 4053a5-4053b9 GlobalUnlock SetClipboardData CloseClipboard 156->157 157->138
                                    C-Code - Quality: 96%
                                    			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t112;
				void* _t120;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684; // 0x302de
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						_t120 = CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t120); // executed
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405B88(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x4204a0;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42366c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423ea8, 8);
							__eflags =  *0x423f2c - _t149; // 0x0
							if(__eflags == 0) {
								_t112 =  *0x41fc70; // 0x4afc8c
								E00404F04( *((intOrPtr*)(_t112 + 0x34)), _t149); // executed
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403F4D(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0; // 0x4afae0
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149); // executed
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8); // executed
					}
					E00403F4D( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}




































                                    0x0040504b
                                    0x00405051
                                    0x0040505a
                                    0x0040505d
                                    0x004051ee
                                    0x004051f5
                                    0x00405212
                                    0x00405219
                                    0x00405219
                                    0x0040521f
                                    0x0040522c
                                    0x0040524a
                                    0x0040524a
                                    0x00405251
                                    0x004052a8
                                    0x004052a8
                                    0x004052ac
                                    0x00000000
                                    0x00000000
                                    0x004052ae
                                    0x004052b1
                                    0x00000000
                                    0x00000000
                                    0x004052bb
                                    0x004052c1
                                    0x004052c3
                                    0x004052c6
                                    0x004053bf
                                    0x00000000
                                    0x004053bf
                                    0x004052d5
                                    0x004052e1
                                    0x004052e7
                                    0x004052ea
                                    0x004052ed
                                    0x00405302
                                    0x00405305
                                    0x00405305
                                    0x00405308
                                    0x004052ef
                                    0x004052f4
                                    0x004052fa
                                    0x004052fd
                                    0x004052fd
                                    0x00405318
                                    0x00405320
                                    0x00405321
                                    0x00405323
                                    0x0040532c
                                    0x0040532f
                                    0x00405336
                                    0x0040533d
                                    0x00405345
                                    0x00405345
                                    0x00405353
                                    0x00405359
                                    0x0040535c
                                    0x0040535c
                                    0x00405363
                                    0x00405369
                                    0x00405372
                                    0x00405379
                                    0x00405382
                                    0x00405384
                                    0x00405387
                                    0x00405396
                                    0x00405398
                                    0x0040539e
                                    0x0040539f
                                    0x004053a0
                                    0x004053a0
                                    0x004053a8
                                    0x004053b3
                                    0x004053b9
                                    0x004053b9
                                    0x00000000
                                    0x00405323
                                    0x00405253
                                    0x00405259
                                    0x00405289
                                    0x0040528b
                                    0x00405291
                                    0x00405293
                                    0x0040529c
                                    0x0040529c
                                    0x004052a3
                                    0x00000000
                                    0x004052a3
                                    0x0040525d
                                    0x00405267
                                    0x00000000
                                    0x0040522e
                                    0x0040522e
                                    0x00405234
                                    0x0040526c
                                    0x00000000
                                    0x00405275
                                    0x0040523d
                                    0x00405242
                                    0x00405245
                                    0x00000000
                                    0x00405245
                                    0x0040522c
                                    0x00405063
                                    0x00405067
                                    0x00405070
                                    0x00405077
                                    0x0040507a
                                    0x0040507d
                                    0x00405080
                                    0x00405081
                                    0x00405082
                                    0x0040509b
                                    0x0040509e
                                    0x004050a8
                                    0x004050b7
                                    0x004050bf
                                    0x004050c7
                                    0x004050cc
                                    0x004050cf
                                    0x004050db
                                    0x004050e4
                                    0x004050ed
                                    0x00405110
                                    0x00405116
                                    0x00405127
                                    0x0040512c
                                    0x0040513a
                                    0x00405148
                                    0x00405148
                                    0x0040514d
                                    0x0040515b
                                    0x0040515b
                                    0x00405160
                                    0x00405163
                                    0x00405168
                                    0x00405174
                                    0x0040517d
                                    0x0040518a
                                    0x00405199
                                    0x0040518c
                                    0x00405191
                                    0x00405191
                                    0x004051a5
                                    0x004051a5
                                    0x004051b9
                                    0x004051c2
                                    0x004051cb
                                    0x004051db
                                    0x004051e7
                                    0x004051e7
                                    0x00000000

                                    APIs
                                    • GetDlgItem.USER32 ref: 004050A1
                                    • GetDlgItem.USER32 ref: 004050B0
                                    • GetClientRect.USER32 ref: 004050ED
                                    • GetSystemMetrics.USER32 ref: 004050F5
                                    • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405116
                                    • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405127
                                    • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040513A
                                    • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405148
                                    • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040515B
                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                    • ShowWindow.USER32(?,00000008), ref: 00405191
                                    • GetDlgItem.USER32 ref: 004051B2
                                    • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051C2
                                    • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051DB
                                    • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004051E7
                                    • GetDlgItem.USER32 ref: 004050BF
                                      • Part of subcall function 00403F4D: SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                    • GetDlgItem.USER32 ref: 00405204
                                    • CreateThread.KERNELBASE(00000000,00000000,Function_00004FD6,00000000), ref: 00405212
                                    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00405219
                                    • ShowWindow.USER32(00000000), ref: 0040523D
                                    • ShowWindow.USER32(000302DE,00000008), ref: 00405242
                                    • ShowWindow.USER32(00000008), ref: 00405289
                                    • SendMessageA.USER32(000302DE,00001004,00000000,00000000), ref: 004052BB
                                    • CreatePopupMenu.USER32 ref: 004052CC
                                    • AppendMenuA.USER32 ref: 004052E1
                                    • GetWindowRect.USER32 ref: 004052F4
                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405353
                                    • OpenClipboard.USER32(00000000), ref: 00405363
                                    • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                    • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                    • GlobalLock.KERNEL32 ref: 0040537C
                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405390
                                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                    • SetClipboardData.USER32(00000001,00000000), ref: 004053B3
                                    • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 004053B9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                    • String ID: {
                                    • API String ID: 4154960007-366298937
                                    • Opcode ID: 9f7d9b876b202325161314a9acb1789d5168722e9282c21d8966e97d135edffc
                                    • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                    • Opcode Fuzzy Hash: 9f7d9b876b202325161314a9acb1789d5168722e9282c21d8966e97d135edffc
                                    • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405B88, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 197stringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 443 405b88-405b93 444 405b95-405ba4 443->444 445 405ba6-405bc3 443->445 444->445 446 405da5-405da9 445->446 447 405bc9-405bd0 445->447 448 405bd5-405bdf 446->448 449 405daf-405db9 446->449 447->446 448->449 452 405be5-405bec 448->452 450 405dc4-405dc5 449->450 451 405dbb-405dbf call 405b66 449->451 451->450 453 405bf2-405c27 452->453 454 405d98 452->454 456 405d42-405d45 453->456 457 405c2d-405c38 GetVersion 453->457 458 405da2-405da4 454->458 459 405d9a-405da0 454->459 462 405d75-405d78 456->462 463 405d47-405d4a 456->463 460 405c52 457->460 461 405c3a-405c3e 457->461 458->446 459->446 467 405c59-405c60 460->467 461->460 464 405c40-405c44 461->464 468 405d86-405d96 lstrlenA 462->468 469 405d7a-405d81 call 405b88 462->469 465 405d5a-405d66 call 405b66 463->465 466 405d4c-405d58 call 405ac4 463->466 464->460 470 405c46-405c4a 464->470 480 405d6b-405d71 465->480 466->480 472 405c62-405c64 467->472 473 405c65-405c67 467->473 468->446 469->468 470->460 476 405c4c-405c50 470->476 472->473 478 405ca0-405ca3 473->478 479 405c69-405c84 call 405a4d 473->479 476->467 481 405cb3-405cb6 478->481 482 405ca5-405cb1 GetSystemDirectoryA 478->482 488 405c89-405c8c 479->488 480->468 484 405d73 480->484 486 405d20-405d22 481->486 487 405cb8-405cc6 GetWindowsDirectoryA 481->487 485 405d24-405d27 482->485 489 405d3a-405d40 call 405dc8 484->489 485->489 493 405d29-405d2d 485->493 486->485 491 405cc8-405cd2 486->491 487->486 492 405c92-405c9b call 405b88 488->492 488->493 489->468 495 405cd4-405cd7 491->495 496 405cec-405d02 SHGetSpecialFolderLocation 491->496 492->485 493->489 498 405d2f-405d35 lstrcatA 493->498 495->496 499 405cd9-405ce0 495->499 500 405d04-405d1b SHGetPathFromIDListA CoTaskMemFree 496->500 501 405d1d 496->501 498->489 503 405ce8-405cea 499->503 500->485 500->501 501->486 503->485 503->496
                                    C-Code - Quality: 74%
                                    			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42367c; // 0x4c4f3a
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423ed8; // 0x4b6d38
				_t74 = _t73 + _t36;
				_t37 = 0x422e40;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405B88(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E00405B66(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E00405AC4(_t86,  *0x423ea8);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DC8(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423ea4; // 0x73951340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86); // executed
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423ed8, _t86, _t69 & 0x00000040); // executed
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405B88(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}






























                                    0x00405b88
                                    0x00405b88
                                    0x00405b88
                                    0x00405b8e
                                    0x00405b93
                                    0x00405b95
                                    0x00405ba4
                                    0x00405ba4
                                    0x00405ba6
                                    0x00405baf
                                    0x00405bb1
                                    0x00405bb6
                                    0x00405bb9
                                    0x00405bba
                                    0x00405bc1
                                    0x00405bc3
                                    0x00405bc9
                                    0x00405bcc
                                    0x00405bcc
                                    0x00405da5
                                    0x00405da5
                                    0x00405da9
                                    0x00000000
                                    0x00000000
                                    0x00405bd9
                                    0x00405bdf
                                    0x00000000
                                    0x00000000
                                    0x00405be5
                                    0x00405be6
                                    0x00405be9
                                    0x00405bec
                                    0x00405d98
                                    0x00405da2
                                    0x00405da4
                                    0x00405da4
                                    0x00405d9a
                                    0x00405d9c
                                    0x00405d9e
                                    0x00405d9f
                                    0x00405d9f
                                    0x00000000
                                    0x00405d98
                                    0x00405bf2
                                    0x00405bf6
                                    0x00405c06
                                    0x00405c0a
                                    0x00405c11
                                    0x00405c14
                                    0x00405c18
                                    0x00405c1e
                                    0x00405c21
                                    0x00405c24
                                    0x00405c27
                                    0x00405d42
                                    0x00405d45
                                    0x00405d75
                                    0x00405d78
                                    0x00405d7d
                                    0x00405d81
                                    0x00405d81
                                    0x00405d86
                                    0x00405d87
                                    0x00405d8c
                                    0x00405d8f
                                    0x00405d91
                                    0x00000000
                                    0x00405d91
                                    0x00405d47
                                    0x00405d4a
                                    0x00405d5f
                                    0x00405d66
                                    0x00405d4c
                                    0x00405d53
                                    0x00405d53
                                    0x00405d6e
                                    0x00405d71
                                    0x00405d3a
                                    0x00405d3b
                                    0x00405d3b
                                    0x00000000
                                    0x00405d71
                                    0x00405c2f
                                    0x00405c30
                                    0x00405c36
                                    0x00405c38
                                    0x00405c52
                                    0x00405c52
                                    0x00405c59
                                    0x00405c59
                                    0x00405c60
                                    0x00405c64
                                    0x00405c64
                                    0x00405c65
                                    0x00405c67
                                    0x00405ca0
                                    0x00405ca3
                                    0x00405cb3
                                    0x00405cb6
                                    0x00405cbe
                                    0x00405cc4
                                    0x00405cc4
                                    0x00405d20
                                    0x00405d20
                                    0x00405d22
                                    0x00000000
                                    0x00000000
                                    0x00405cc8
                                    0x00405ccf
                                    0x00405cd0
                                    0x00405cd2
                                    0x00405cec
                                    0x00405cfa
                                    0x00405d00
                                    0x00405d02
                                    0x00405d1d
                                    0x00405d1d
                                    0x00405d1d
                                    0x00000000
                                    0x00405d1d
                                    0x00405d08
                                    0x00405d13
                                    0x00405d19
                                    0x00405d1b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405d1b
                                    0x00405cd4
                                    0x00405cd7
                                    0x00000000
                                    0x00000000
                                    0x00405ce6
                                    0x00405ce8
                                    0x00405cea
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405cea
                                    0x00000000
                                    0x00405d20
                                    0x00405cab
                                    0x00000000
                                    0x00405c69
                                    0x00405c6e
                                    0x00405c84
                                    0x00405c89
                                    0x00405c8c
                                    0x00405d29
                                    0x00405d29
                                    0x00405d2d
                                    0x00405d35
                                    0x00405d35
                                    0x00000000
                                    0x00405d2d
                                    0x00405c96
                                    0x00405d24
                                    0x00405d24
                                    0x00405d27
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405d27
                                    0x00405c67
                                    0x00405c3a
                                    0x00405c3e
                                    0x00000000
                                    0x00000000
                                    0x00405c40
                                    0x00405c44
                                    0x00000000
                                    0x00000000
                                    0x00405c46
                                    0x00405c4a
                                    0x00000000
                                    0x00405c4c
                                    0x00405c4c
                                    0x00000000
                                    0x00405c4c
                                    0x00405c4a
                                    0x00405daf
                                    0x00405db9
                                    0x00405dc5
                                    0x00405dc5
                                    0x00000000

                                    APIs
                                    • GetVersion.KERNEL32(00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00404F3C,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000), ref: 00405C30
                                    • GetSystemDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405CAB
                                    • GetWindowsDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405CBE
                                    • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                    • SHGetPathFromIDListA.SHELL32(00000000,Remove folder: ), ref: 00405D08
                                    • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                    • lstrcatA.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                    • lstrlenA.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00404F3C,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000), ref: 00405D87
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                    • String ID: 8mK$:OL$Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                    • API String ID: 900638850-1363310873
                                    • Opcode ID: 9f661340fe254e8532a48fa09532479d6b1db0db37beb981e71fc3962c80c576
                                    • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                    • Opcode Fuzzy Hash: 9f661340fe254e8532a48fa09532479d6b1db0db37beb981e71fc3962c80c576
                                    • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040548B, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 504 40548b-4054a6 call 40573a 507 4054a8-4054ba DeleteFileA 504->507 508 4054bf-4054c9 504->508 509 405653-405656 507->509 510 4054cb-4054cd 508->510 511 4054dd-4054eb call 405b66 508->511 512 4054d3-4054d7 510->512 513 4055fe-405604 510->513 519 4054fa-4054fb call 4056a0 511->519 520 4054ed-4054f8 lstrcatA 511->520 512->511 512->513 513->509 515 405606-405609 513->515 517 405613-40561b call 405e61 515->517 518 40560b-405611 515->518 517->509 528 40561d-405632 call 405659 call 40581e RemoveDirectoryA 517->528 518->509 522 405500-405503 519->522 520->522 524 405505-40550c 522->524 525 40550e-405514 lstrcatA 522->525 524->525 527 405519-405537 lstrlenA FindFirstFileA 524->527 525->527 529 4055f4-4055f8 527->529 530 40553d-405554 call 405684 527->530 543 405634-405638 528->543 544 40564b-40564e call 404f04 528->544 529->513 532 4055fa 529->532 537 405556-40555a 530->537 538 40555f-405562 530->538 532->513 537->538 540 40555c 537->540 541 405564-405569 538->541 542 405575-405583 call 405b66 538->542 540->538 546 4055d3-4055e5 FindNextFileA 541->546 547 40556b-40556d 541->547 555 405585-40558d 542->555 556 40559a-4055a9 call 40581e DeleteFileA 542->556 543->518 549 40563a-405649 call 404f04 call 4058b4 543->549 544->509 546->530 550 4055eb-4055ee FindClose 546->550 547->542 552 40556f-405573 547->552 549->509 550->529 552->542 552->546 555->546 557 40558f-405598 call 40548b 555->557 564 4055cb-4055ce call 404f04 556->564 565 4055ab-4055af 556->565 557->546 564->546 566 4055b1-4055c1 call 404f04 call 4058b4 565->566 567 4055c3-4055c9 565->567 566->546 567->546
                                    C-Code - Quality: 94%
                                    			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040573A(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B66(0x4214a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056A0(_t72);
					} else {
						lstrcatA(0x4214a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]); // executed
						_t37 = FindFirstFileA(0x4214a8,  &_v332); // executed
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B66(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t72);
									_t52 = DeleteFileA(_t72); // executed
									__eflags = _t52;
									if(_t52 != 0) {
										E00404F04(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t72);
							E0040581E(_t72);
							_t37 = RemoveDirectoryA(_t72); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                    0x00405496
                                    0x0040549a
                                    0x004054a3
                                    0x004054a6
                                    0x004054a9
                                    0x004054b1
                                    0x004054b3
                                    0x004054b4
                                    0x00000000
                                    0x004054b4
                                    0x004054c3
                                    0x004054c3
                                    0x004054c6
                                    0x004054c9
                                    0x004054dd
                                    0x004054e4
                                    0x004054e9
                                    0x004054eb
                                    0x004054fb
                                    0x004054ed
                                    0x004054f3
                                    0x004054f3
                                    0x00405500
                                    0x00405503
                                    0x0040550e
                                    0x00405514
                                    0x00405519
                                    0x00405529
                                    0x0040552b
                                    0x00405531
                                    0x00405534
                                    0x00405537
                                    0x004055f4
                                    0x004055f4
                                    0x004055f8
                                    0x004055fa
                                    0x004055fa
                                    0x004055fa
                                    0x004055fa
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040553d
                                    0x0040553d
                                    0x00405546
                                    0x0040554c
                                    0x00405551
                                    0x00405554
                                    0x00405556
                                    0x0040555a
                                    0x0040555c
                                    0x0040555c
                                    0x0040555a
                                    0x0040555f
                                    0x00405562
                                    0x00405575
                                    0x00405577
                                    0x0040557c
                                    0x00405583
                                    0x0040559b
                                    0x004055a1
                                    0x004055a7
                                    0x004055a9
                                    0x004055ce
                                    0x004055ab
                                    0x004055ab
                                    0x004055af
                                    0x004055c3
                                    0x004055b1
                                    0x004055b4
                                    0x004055b9
                                    0x004055bb
                                    0x004055bc
                                    0x004055bc
                                    0x004055af
                                    0x00405585
                                    0x0040558b
                                    0x0040558d
                                    0x00405593
                                    0x00405593
                                    0x0040558d
                                    0x00000000
                                    0x00405583
                                    0x00405564
                                    0x00405567
                                    0x00405569
                                    0x00000000
                                    0x00000000
                                    0x0040556b
                                    0x0040556d
                                    0x00000000
                                    0x00000000
                                    0x0040556f
                                    0x00405573
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004055d3
                                    0x004055dd
                                    0x004055e3
                                    0x004055e3
                                    0x004055ee
                                    0x00000000
                                    0x004055ee
                                    0x00405505
                                    0x0040550c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004054cb
                                    0x004054cb
                                    0x004054cd
                                    0x004055fe
                                    0x00405601
                                    0x00405604
                                    0x00405656
                                    0x00405656
                                    0x00405656
                                    0x00405606
                                    0x00405609
                                    0x00405614
                                    0x00405619
                                    0x0040561b
                                    0x00000000
                                    0x00000000
                                    0x0040561e
                                    0x00405624
                                    0x0040562a
                                    0x00405630
                                    0x00405632
                                    0x00000000
                                    0x0040564e
                                    0x00405634
                                    0x00405638
                                    0x00000000
                                    0x00000000
                                    0x0040563d
                                    0x00405642
                                    0x00405643
                                    0x00000000
                                    0x00405644
                                    0x0040560b
                                    0x0040560b
                                    0x00000000
                                    0x0040560b
                                    0x004054d3
                                    0x004054d7
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004054d7

                                    APIs
                                    • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,73BCF560), ref: 004054A9
                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nst827B.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nst827B.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,73BCF560), ref: 004054F3
                                    • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nst827B.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,73BCF560), ref: 00405514
                                    • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nst827B.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,73BCF560), ref: 0040551A
                                    • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nst827B.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nst827B.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,73BCF560), ref: 0040552B
                                    • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 004055DD
                                    • FindClose.KERNEL32(?), ref: 004055EE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nst827B.tmp\*.*$\*.*
                                    • API String ID: 2035342205-4037916684
                                    • Opcode ID: 0d5e4c23c8571cffb424adfe634a104f8b559ce694cc149621e7f7b2c072b745
                                    • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                    • Opcode Fuzzy Hash: 0d5e4c23c8571cffb424adfe634a104f8b559ce694cc149621e7f7b2c072b745
                                    • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402020, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134comCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 74%
                                    			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				short* _t99;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44); // executed
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t99 = L"C:\\Users\\Public\\Desktop\\CL-Eye Test.lnk";
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, _t99, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, _t99, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}






















                                    0x00402029
                                    0x00402033
                                    0x0040203c
                                    0x00402046
                                    0x0040204f
                                    0x00402059
                                    0x0040205d
                                    0x0040205d
                                    0x00402062
                                    0x00402073
                                    0x0040207b
                                    0x0040215b
                                    0x0040215b
                                    0x00402162
                                    0x00402081
                                    0x00402081
                                    0x00402092
                                    0x00402096
                                    0x0040209c
                                    0x004020a6
                                    0x004020a8
                                    0x004020b3
                                    0x004020b6
                                    0x004020c3
                                    0x004020c5
                                    0x004020c7
                                    0x004020ce
                                    0x004020d1
                                    0x004020d1
                                    0x004020d4
                                    0x004020de
                                    0x004020e6
                                    0x004020eb
                                    0x004020f7
                                    0x004020f7
                                    0x004020fa
                                    0x00402103
                                    0x00402106
                                    0x0040210f
                                    0x00402114
                                    0x00402116
                                    0x00402126
                                    0x00402135
                                    0x00402137
                                    0x00402143
                                    0x00402143
                                    0x00402135
                                    0x00402145
                                    0x0040214b
                                    0x0040214b
                                    0x0040214e
                                    0x00402154
                                    0x00402159
                                    0x0040216e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00402159
                                    0x00402164
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,C:\Users\Public\Desktop\CL-Eye Test.lnk,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ByteCharCreateInstanceMultiWide
                                    • String ID: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$C:\Users\Public\Desktop\CL-Eye Test.lnk
                                    • API String ID: 123533781-1765080787
                                    • Opcode ID: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                    • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                    • Opcode Fuzzy Hash: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                    • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                    0x00000000
                                    0x00406131
                                    0x00406131
                                    0x00406136
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x0040679d
                                    0x0040679d
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x004067ee
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x00000000
                                    0x004069a1
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00000000
                                    0x00406810
                                    0x00406138
                                    0x00406138
                                    0x0040613c
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063c6
                                    0x004063c9
                                    0x0040636c
                                    0x00406372
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004063cb
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x00000000
                                    0x00406369
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x00406275
                                    0x00406278
                                    0x004061ef
                                    0x004061ef
                                    0x004061f5
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x00406302
                                    0x00406305
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a5
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x004064dc
                                    0x004064dc
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040627e
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x00000000
                                    0x004061ec
                                    0x00406278
                                    0x00406181
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x00000000
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x00406509
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x00000000
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x00000000
                                    0x0040679a
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00000000
                                    0x0040690d
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x00000000
                                    0x00406762
                                    0x00406760
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4

                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                    • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                    • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                    • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405E61, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x4224f0;
			}




                                    0x00405e6c
                                    0x00405e75
                                    0x00000000
                                    0x00405e82
                                    0x00405e78
                                    0x00000000

                                    APIs
                                    • FindFirstFileA.KERNELBASE(?,004224F0,C:\,0040577D,C:\,C:\,00000000,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,73BCF560), ref: 00405E6C
                                    • FindClose.KERNEL32(00000000), ref: 00405E78
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Find$CloseFileFirst
                                    • String ID: C:\
                                    • API String ID: 2295610775-3404278061
                                    • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                    • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                    • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                    • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                    0x00405e90
                                    0x00405e93
                                    0x00405e9a
                                    0x00405ea2
                                    0x00405eaf
                                    0x00000000
                                    0x00405eb6
                                    0x00405ea5
                                    0x00405ead
                                    0x00000000
                                    0x00000000
                                    0x00405ebe

                                    APIs
                                    • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                    • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: AddressHandleLibraryLoadModuleProc
                                    • String ID:
                                    • API String ID: 310444273-0
                                    • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                    • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                    • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                    • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 41%
                                    			E0040263E(char __ebx, char* __edi, char* __esi) {
				void* _t6;
				void* _t19;

				_t6 = FindFirstFileA(E004029F6(2), _t19 - 0x1a4); // executed
				if(_t6 != 0xffffffff) {
					E00405AC4(__edi, _t6);
					_push(_t19 - 0x178);
					_push(__esi);
					E00405B66();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}





                                    0x0040264d
                                    0x00402656
                                    0x0040266a
                                    0x00402675
                                    0x00402676
                                    0x004027b1
                                    0x00402658
                                    0x00402658
                                    0x0040265a
                                    0x0040265c
                                    0x0040265c
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 0040264D
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileFindFirst
                                    • String ID:
                                    • API String ID: 1974802433-0
                                    • Opcode ID: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                    • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                    • Opcode Fuzzy Hash: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                    • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403A45, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 158 403a45-403a57 159 403b98-403ba7 158->159 160 403a5d-403a63 158->160 162 403bf6-403c0b 159->162 163 403ba9-403be4 GetDlgItem * 2 call 403f18 KiUserCallbackDispatcher call 40140b 159->163 160->159 161 403a69-403a72 160->161 166 403a74-403a81 SetWindowPos 161->166 167 403a87-403a8a 161->167 164 403c4b-403c50 call 403f64 162->164 165 403c0d-403c10 162->165 186 403be9-403bf1 163->186 177 403c55-403c70 164->177 169 403c12-403c1d call 401389 165->169 170 403c43-403c45 165->170 166->167 172 403aa4-403aaa 167->172 173 403a8c-403a9e ShowWindow 167->173 169->170 191 403c1f-403c3e SendMessageA 169->191 170->164 176 403ee5 170->176 178 403ac6-403ac9 172->178 179 403aac-403ac1 KiUserCallbackDispatcher 172->179 173->172 184 403ee7-403eee 176->184 182 403c72-403c74 call 40140b 177->182 183 403c79-403c7f 177->183 187 403acb-403ad7 SetWindowLongA 178->187 188 403adc-403ae2 178->188 185 403ec2-403ec8 179->185 182->183 194 403ea3-403ebc DestroyWindow KiUserCallbackDispatcher 183->194 195 403c85-403c90 183->195 185->176 192 403eca-403ed0 185->192 186->162 187->184 189 403b85-403b93 call 403f7f 188->189 190 403ae8-403af9 GetDlgItem 188->190 189->184 196 403b18-403b1b 190->196 197 403afb-403b12 SendMessageA IsWindowEnabled 190->197 191->184 192->176 199 403ed2-403edb ShowWindow 192->199 194->185 195->194 200 403c96-403ce3 call 405b88 call 403f18 * 3 GetDlgItem 195->200 201 403b20-403b23 196->201 202 403b1d-403b1e 196->202 197->176 197->196 199->176 228 403ce5-403cea 200->228 229 403ced-403d29 ShowWindow KiUserCallbackDispatcher call 403f3a KiUserCallbackDispatcher 200->229 206 403b31-403b36 201->206 207 403b25-403b2b 201->207 205 403b4e-403b53 call 403ef1 202->205 205->189 210 403b6c-403b7f SendMessageA 206->210 212 403b38-403b3e 206->212 207->210 211 403b2d-403b2f 207->211 210->189 211->205 216 403b40-403b46 call 40140b 212->216 217 403b55-403b5e call 40140b 212->217 226 403b4c 216->226 217->189 225 403b60-403b6a 217->225 225->226 226->205 228->229 232 403d2b-403d2c 229->232 233 403d2e 229->233 234 403d30-403d5e GetSystemMenu EnableMenuItem SendMessageA 232->234 233->234 235 403d60-403d71 SendMessageA 234->235 236 403d73 234->236 237 403d79-403db2 call 403f4d call 405b66 lstrlenA call 405b88 SetWindowTextA call 401389 235->237 236->237 237->177 246 403db8-403dba 237->246 246->177 247 403dc0-403dc4 246->247 248 403de3-403df7 DestroyWindow 247->248 249 403dc6-403dcc 247->249 248->185 251 403dfd-403e2a CreateDialogParamA 248->251 249->176 250 403dd2-403dd8 249->250 250->177 252 403dde 250->252 251->185 253 403e30-403e87 call 403f18 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 251->253 252->176 253->176 258 403e89-403e9c ShowWindow call 403f64 253->258 260 403ea1 258->260 260->185
                                    C-Code - Quality: 84%
                                    			E00403A45(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420484 = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420498 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t91;
						E00403F18(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688); // executed
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t122 =  *0x4091c4; // 0x5
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0x5
							__eflags = _t39 -  *0x423ec4; // 0x5
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423ec4; // 0x5
							__eflags =  *0x4091c4 - _t44; // 0x5
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405B88(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008); // executed
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100); // executed
							E00403F3A(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f460, _t117); // executed
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420498);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f460);
							}
							E00403F4D();
							E00405B66(0x4204a0, "CL-Eye Driver Setup");
							E00405B88(0x4204a0, _t125, _t130,  &(0x4204a0[lstrlenA(0x4204a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x4204a0); // executed
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678); // executed
									 *0x41fc70 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c8 +  *(_t130 + 4) * 4), _t130); // executed
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403F18(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423678, 8); // executed
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133; // 0x1
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678); // executed
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420478, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F7F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f868 = _t127;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t133; // 0x5
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678); // executed
						 *0x423678 = _a12;
						L58:
						_t141 =  *0x4214a0 - _t133; // 0x1
						if(_t141 == 0) {
							_t142 =  *0x423678 - _t133; // 0x40494
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa); // executed
								 *0x4214a0 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}

































                                    0x00403a4e
                                    0x00403a57
                                    0x00403b98
                                    0x00403b9c
                                    0x00403ba0
                                    0x00403ba2
                                    0x00403ba7
                                    0x00403bb2
                                    0x00403bbd
                                    0x00403bc2
                                    0x00403bc4
                                    0x00403bc6
                                    0x00403bc9
                                    0x00403bce
                                    0x00403bdc
                                    0x00403be9
                                    0x00403bf0
                                    0x00403bf0
                                    0x00403bf1
                                    0x00403bf1
                                    0x00403bf6
                                    0x00403bfc
                                    0x00403c03
                                    0x00403c09
                                    0x00403c0b
                                    0x00403c4b
                                    0x00403c50
                                    0x00403c55
                                    0x00403c55
                                    0x00403c5a
                                    0x00403c63
                                    0x00403c65
                                    0x00403c6a
                                    0x00403c70
                                    0x00403c74
                                    0x00403c74
                                    0x00403c79
                                    0x00403c7f
                                    0x00000000
                                    0x00000000
                                    0x00403c85
                                    0x00403c8a
                                    0x00403c90
                                    0x00000000
                                    0x00000000
                                    0x00403c99
                                    0x00403ca1
                                    0x00403ca6
                                    0x00403ca9
                                    0x00403caf
                                    0x00403cb4
                                    0x00403cb7
                                    0x00403cbd
                                    0x00403cc2
                                    0x00403cc5
                                    0x00403ccb
                                    0x00403cd3
                                    0x00403cd9
                                    0x00403cdf
                                    0x00403ce3
                                    0x00403cea
                                    0x00403cea
                                    0x00403cea
                                    0x00403cf4
                                    0x00403d06
                                    0x00403d12
                                    0x00403d17
                                    0x00403d21
                                    0x00403d27
                                    0x00403d29
                                    0x00403d2e
                                    0x00403d2b
                                    0x00403d2b
                                    0x00403d2b
                                    0x00403d3e
                                    0x00403d56
                                    0x00403d58
                                    0x00403d5e
                                    0x00403d73
                                    0x00403d60
                                    0x00403d69
                                    0x00403d6b
                                    0x00403d6b
                                    0x00403d79
                                    0x00403d89
                                    0x00403d9a
                                    0x00403da1
                                    0x00403da7
                                    0x00403dab
                                    0x00403db0
                                    0x00403db2
                                    0x00000000
                                    0x00403db8
                                    0x00403db8
                                    0x00403dba
                                    0x00000000
                                    0x00000000
                                    0x00403dc0
                                    0x00403dc4
                                    0x00403de9
                                    0x00403def
                                    0x00403df5
                                    0x00403df7
                                    0x00000000
                                    0x00000000
                                    0x00403e1d
                                    0x00403e23
                                    0x00403e25
                                    0x00403e2a
                                    0x00000000
                                    0x00000000
                                    0x00403e30
                                    0x00403e33
                                    0x00403e36
                                    0x00403e4d
                                    0x00403e59
                                    0x00403e72
                                    0x00403e78
                                    0x00403e7c
                                    0x00403e81
                                    0x00403e87
                                    0x00000000
                                    0x00000000
                                    0x00403e91
                                    0x00403e9c
                                    0x00000000
                                    0x00403e9c
                                    0x00403dc6
                                    0x00403dcc
                                    0x00000000
                                    0x00000000
                                    0x00403dd2
                                    0x00403dd8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403dde
                                    0x00403db2
                                    0x00403ea9
                                    0x00403eb5
                                    0x00403ebc
                                    0x00000000
                                    0x00403c0d
                                    0x00403c0d
                                    0x00403c10
                                    0x00403c43
                                    0x00403c43
                                    0x00403c45
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403c45
                                    0x00403c12
                                    0x00403c16
                                    0x00403c1b
                                    0x00403c1d
                                    0x00000000
                                    0x00000000
                                    0x00403c2d
                                    0x00403c35
                                    0x00000000
                                    0x00403c3b
                                    0x00403a69
                                    0x00403a69
                                    0x00403a6d
                                    0x00403a72
                                    0x00403a81
                                    0x00403a81
                                    0x00403a8a
                                    0x00403a93
                                    0x00403a9e
                                    0x00403a9e
                                    0x00403aaa
                                    0x00403ac6
                                    0x00403ac9
                                    0x00403adc
                                    0x00403ae2
                                    0x00403b85
                                    0x00000000
                                    0x00403b8e
                                    0x00403ae8
                                    0x00403af5
                                    0x00403af7
                                    0x00403af9
                                    0x00403b18
                                    0x00403b18
                                    0x00403b1b
                                    0x00403b20
                                    0x00403b23
                                    0x00403b33
                                    0x00403b34
                                    0x00403b36
                                    0x00403b6c
                                    0x00403b7f
                                    0x00000000
                                    0x00403b7f
                                    0x00403b38
                                    0x00403b3e
                                    0x00403b57
                                    0x00403b5c
                                    0x00403b5e
                                    0x00000000
                                    0x00000000
                                    0x00403b60
                                    0x00403b4c
                                    0x00403b4c
                                    0x00403b4e
                                    0x00403b4e
                                    0x00000000
                                    0x00403b4e
                                    0x00403b41
                                    0x00403b46
                                    0x00000000
                                    0x00403b46
                                    0x00403b25
                                    0x00403b2b
                                    0x00000000
                                    0x00000000
                                    0x00403b2d
                                    0x00000000
                                    0x00403b2d
                                    0x00403b1d
                                    0x00000000
                                    0x00403b1d
                                    0x00403b03
                                    0x00403b0a
                                    0x00403b10
                                    0x00403b12
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403b12
                                    0x00403ace
                                    0x00000000
                                    0x00403aac
                                    0x00403ab2
                                    0x00403abc
                                    0x00403ec2
                                    0x00403ec2
                                    0x00403ec8
                                    0x00403eca
                                    0x00403ed0
                                    0x00403ed5
                                    0x00403edb
                                    0x00403edb
                                    0x00403ed0
                                    0x00403ee5
                                    0x00000000
                                    0x00403ee5
                                    0x00403aaa

                                    APIs
                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                    • ShowWindow.USER32(?), ref: 00403A9E
                                    • KiUserCallbackDispatcher.NTDLL ref: 00403AB2
                                    • SetWindowLongA.USER32 ref: 00403ACE
                                    • GetDlgItem.USER32 ref: 00403AEF
                                    • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B03
                                    • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                    • GetDlgItem.USER32 ref: 00403BB8
                                    • GetDlgItem.USER32 ref: 00403BC2
                                    • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                    • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C2D
                                    • GetDlgItem.USER32 ref: 00403CD3
                                    • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D06
                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D21
                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                    • EnableMenuItem.USER32 ref: 00403D3E
                                    • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D56
                                    • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D69
                                    • lstrlenA.KERNEL32(004204A0,?,004204A0,CL-Eye Driver Setup), ref: 00403D92
                                    • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                    • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Window$Item$CallbackDispatcherMessageSendUser$Show$Menu$EnableEnabledLongSystemTextlstrlen
                                    • String ID: CL-Eye Driver Setup
                                    • API String ID: 3696009075-3438829928
                                    • Opcode ID: 5a851e1acd7e9b2c041f37148ddca57ebdb4acb3e701dc7f2e55be9cac4cc860
                                    • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                    • Opcode Fuzzy Hash: 5a851e1acd7e9b2c041f37148ddca57ebdb4acb3e701dc7f2e55be9cac4cc860
                                    • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004036AF, Relevance: 52.7, APIs: 15, Strings: 15, Instructions: 216stringregistrylibraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 261 4036af-4036c7 call 405e88 264 4036c9-4036d9 call 405ac4 261->264 265 4036db-403702 call 405a4d 261->265 273 403725-40374e call 403978 call 40573a 264->273 269 403704-403715 call 405a4d 265->269 270 40371a-403720 lstrcatA 265->270 269->270 270->273 279 403754-403759 273->279 280 4037d5-4037dd call 40573a 273->280 279->280 281 40375b-403773 call 405a4d 279->281 286 4037eb-403810 LoadImageA 280->286 287 4037df-4037e6 call 405b88 280->287 285 403778-40377f 281->285 285->280 291 403781-403783 285->291 289 403816-40384c RegisterClassA 286->289 290 40389f-4038a7 call 40140b 286->290 287->286 292 403852-40389a SystemParametersInfoA CreateWindowExA 289->292 293 40396e 289->293 304 4038b1-4038bc call 403978 290->304 305 4038a9-4038ac 290->305 295 403794-4037a0 lstrlenA 291->295 296 403785-403792 call 405684 291->296 292->290 301 403970-403977 293->301 298 4037a2-4037b0 lstrcmpiA 295->298 299 4037c8-4037d0 call 405659 call 405b66 295->299 296->295 298->299 303 4037b2-4037bc GetFileAttributesA 298->303 299->280 307 4037c2-4037c3 call 4056a0 303->307 308 4037be-4037c0 303->308 314 4038c2-4038df ShowWindow LoadLibraryA 304->314 315 403945-403946 call 404fd6 304->315 305->301 307->299 308->299 308->307 317 4038e1-4038e6 LoadLibraryA 314->317 318 4038e8-4038fa GetClassInfoA 314->318 319 40394b-40394d 315->319 317->318 320 403912-403935 DialogBoxParamA call 40140b 318->320 321 4038fc-40390c GetClassInfoA RegisterClassA 318->321 323 403967-403969 call 40140b 319->323 324 40394f-403955 319->324 325 40393a-403943 call 4035ff 320->325 321->320 323->293 324->305 326 40395b-403962 call 40140b 324->326 325->301 326->305
                                    C-Code - Quality: 96%
                                    			E004036AF() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423eb0; // 0x4afae0
				_t20 = E00405E88(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t76, _t88);
				_t24 =  *0x423eb8; // 0x81
				_t85 = "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver";
				 *0x423f20 = _t24 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t88, "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver") != 0) {
					L16:
					if(E0040573A(_t96, _t85) == 0) {
						E00405B88(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118))); // executed
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403978(_t76, __eflags);
							__eflags =  *0x423f40; // 0x0
							if(__eflags != 0) {
								_t31 = E00404FD6(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5); // executed
							_t37 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t86;
								RegisterClassA(0x423640);
							}
							_t39 =  *0x423680; // 0x0
							_t42 = DialogBoxParamA( *0x423ea0, _t39 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0); // executed
							E004035FF(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423ea0; // 0x400000
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 = _t76;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423ed8; // 0x4b6d38
					_t79 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422e40, 0);
					_t62 =  *0x422e40; // 0x52
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e41;
						 *((char*)(E00405684(0x422e41, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B66(_t85, E00405659(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056A0(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                    0x004036b5
                                    0x004036be
                                    0x004036c5
                                    0x004036c7
                                    0x004036db
                                    0x004036ed
                                    0x004036f7
                                    0x004036fc
                                    0x00403702
                                    0x00403715
                                    0x00403715
                                    0x00403720
                                    0x004036c9
                                    0x004036d4
                                    0x004036d4
                                    0x00403725
                                    0x0040372a
                                    0x0040372f
                                    0x00403738
                                    0x0040373d
                                    0x0040374e
                                    0x004037d5
                                    0x004037dd
                                    0x004037e6
                                    0x004037e6
                                    0x004037fc
                                    0x00403802
                                    0x00403810
                                    0x0040389f
                                    0x004038a7
                                    0x004038b1
                                    0x004038b6
                                    0x004038bc
                                    0x00403946
                                    0x0040394b
                                    0x0040394d
                                    0x00403969
                                    0x00000000
                                    0x00403969
                                    0x0040394f
                                    0x00403955
                                    0x0040395d
                                    0x0040395d
                                    0x00000000
                                    0x00403955
                                    0x004038ca
                                    0x004038db
                                    0x004038dd
                                    0x004038df
                                    0x004038e6
                                    0x004038e6
                                    0x004038ee
                                    0x004038f6
                                    0x004038f8
                                    0x004038fa
                                    0x00403903
                                    0x00403906
                                    0x0040390c
                                    0x0040390c
                                    0x00403912
                                    0x0040392b
                                    0x0040393c
                                    0x00000000
                                    0x00403941
                                    0x004038a9
                                    0x004038ab
                                    0x00000000
                                    0x00403816
                                    0x00403816
                                    0x0040381c
                                    0x00403826
                                    0x0040382e
                                    0x00403838
                                    0x0040383e
                                    0x0040384c
                                    0x0040396e
                                    0x0040396e
                                    0x00000000
                                    0x0040396e
                                    0x00403852
                                    0x0040385b
                                    0x0040389a
                                    0x00000000
                                    0x0040389a
                                    0x00403754
                                    0x00403754
                                    0x00403759
                                    0x00000000
                                    0x00000000
                                    0x0040375e
                                    0x00403763
                                    0x00403773
                                    0x00403778
                                    0x0040377f
                                    0x00000000
                                    0x00000000
                                    0x00403783
                                    0x00403785
                                    0x00403792
                                    0x00403792
                                    0x0040379a
                                    0x004037a0
                                    0x004037c8
                                    0x004037d0
                                    0x00000000
                                    0x004037b2
                                    0x004037b3
                                    0x004037bc
                                    0x004037c2
                                    0x004037c3
                                    0x00000000
                                    0x004037c3
                                    0x004037be
                                    0x004037c0
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004037c0
                                    0x004037a0

                                    APIs
                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                      • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                    • lstrcatA.KERNEL32(1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403720
                                    • lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Code Laboratories\CL-Eye Driver,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install), ref: 00403795
                                    • lstrcmpiA.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Code Laboratories\CL-Eye Driver,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000), ref: 004037A8
                                    • GetFileAttributesA.KERNEL32(Remove folder: ), ref: 004037B3
                                    • LoadImageA.USER32 ref: 004037FC
                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                    • RegisterClassA.USER32 ref: 00403843
                                    • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                    • CreateWindowExA.USER32 ref: 00403894
                                    • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                    • LoadLibraryA.KERNELBASE(RichEd20), ref: 004038DB
                                    • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                    • GetClassInfoA.USER32 ref: 004038F6
                                    • GetClassInfoA.USER32 ref: 00403903
                                    • RegisterClassA.USER32 ref: 0040390C
                                    • DialogBoxParamA.USER32 ref: 0040392B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install$.DEFAULT\Control Panel\International$.exe$1033$8mK$@6B$C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                    • API String ID: 914957316-1609011202
                                    • Opcode ID: dc3df647b14f5edb08e6c188d40f6c0d49eeeb874b61cd36a31c0d602ee76b1b
                                    • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                    • Opcode Fuzzy Hash: dc3df647b14f5edb08e6c188d40f6c0d49eeeb874b61cd36a31c0d602ee76b1b
                                    • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404060, Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 204windowstringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 332 404060-404070 333 404183-404196 332->333 334 404076-40407e 332->334 335 4041f2-4041f6 333->335 336 404198-4041a1 333->336 337 404080-40408f 334->337 338 404091-404129 call 403f18 * 2 CheckDlgButton call 403f3a GetDlgItem call 403f4d SendMessageA 334->338 339 4042c6-4042cd 335->339 340 4041fc-404210 GetDlgItem 335->340 341 4042d5 336->341 342 4041a7-4041af 336->342 337->338 370 404134-40417e SendMessageA * 2 lstrlenA SendMessageA * 2 338->370 371 40412b-40412e GetSysColor 338->371 339->341 347 4042cf 339->347 344 404212-404219 340->344 345 404284-40428b 340->345 348 4042d8-4042df call 403f7f 341->348 342->341 346 4041b5-4041c1 342->346 344->345 350 40421b-404236 344->350 345->348 351 40428d-404294 345->351 346->341 352 4041c7-4041ed GetDlgItem SendMessageA call 403f3a call 4042eb 346->352 347->341 355 4042e4-4042e8 348->355 350->345 357 404238-404281 SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 350->357 351->348 358 404296-40429a 351->358 352->335 357->345 361 40429c-4042ab SendMessageA 358->361 362 4042ad-4042b1 358->362 361->362 365 4042c1-4042c4 362->365 366 4042b3-4042bf SendMessageA 362->366 365->355 366->365 370->355 371->370
                                    C-Code - Quality: 93%
                                    			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t103 =  *0x41fc70; // 0x4afc8c
						_t25 = _t103 + 0x14; // 0x4afca0
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42367c; // 0x4c4f3a
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423ed8; // 0x4b6d38
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423eb0; // 0x4afae0
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16); // executed
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}





















                                    0x00404070
                                    0x00404196
                                    0x004041f2
                                    0x004041f6
                                    0x004042cd
                                    0x004042cf
                                    0x004042cf
                                    0x004042d5
                                    0x004042d5
                                    0x004042d8
                                    0x00000000
                                    0x004042df
                                    0x00404204
                                    0x00404206
                                    0x00404210
                                    0x0040421b
                                    0x0040421e
                                    0x00404221
                                    0x0040422c
                                    0x0040422f
                                    0x00404236
                                    0x00404244
                                    0x0040425c
                                    0x00404264
                                    0x0040426f
                                    0x0040427f
                                    0x00404281
                                    0x00404281
                                    0x00404236
                                    0x0040428b
                                    0x00000000
                                    0x00404296
                                    0x0040429a
                                    0x004042ab
                                    0x004042ab
                                    0x004042b1
                                    0x004042bf
                                    0x004042bf
                                    0x00000000
                                    0x004042c3
                                    0x0040428b
                                    0x004041a1
                                    0x00000000
                                    0x004041b5
                                    0x004041b5
                                    0x004041bb
                                    0x004041bb
                                    0x004041c1
                                    0x00000000
                                    0x00000000
                                    0x004041e6
                                    0x004041e8
                                    0x004041ed
                                    0x00000000
                                    0x004041ed
                                    0x004041a1
                                    0x00404076
                                    0x00404079
                                    0x0040407e
                                    0x00404080
                                    0x0040408f
                                    0x0040408f
                                    0x00404091
                                    0x00404096
                                    0x00404099
                                    0x0040409b
                                    0x004040a0
                                    0x004040a9
                                    0x004040af
                                    0x004040bb
                                    0x004040be
                                    0x004040c7
                                    0x004040cc
                                    0x004040cf
                                    0x004040d4
                                    0x004040eb
                                    0x004040f2
                                    0x00404105
                                    0x00404108
                                    0x0040411d
                                    0x0040411f
                                    0x00404124
                                    0x00404129
                                    0x0040412e
                                    0x0040412e
                                    0x0040413d
                                    0x0040414c
                                    0x0040414e
                                    0x00404164
                                    0x00404173
                                    0x00404175
                                    0x00000000

                                    APIs
                                    • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040EB
                                    • GetDlgItem.USER32 ref: 004040FF
                                    • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411D
                                    • GetSysColor.USER32(?), ref: 0040412E
                                    • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413D
                                    • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040414C
                                    • lstrlenA.KERNEL32(?), ref: 00404156
                                    • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404164
                                    • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404173
                                    • GetDlgItem.USER32 ref: 004041D6
                                    • SendMessageA.USER32(00000000), ref: 004041D9
                                    • GetDlgItem.USER32 ref: 00404204
                                    • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404244
                                    • LoadCursorA.USER32 ref: 00404253
                                    • SetCursor.USER32(00000000), ref: 0040425C
                                    • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040426F
                                    • LoadCursorA.USER32 ref: 0040427C
                                    • SetCursor.USER32(00000000), ref: 0040427F
                                    • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042AB
                                    • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                    • String ID: 8mK$:OL$@.B$N$open
                                    • API String ID: 3615053054-4097577908
                                    • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                    • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                    • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                    • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402C72, Relevance: 31.7, APIs: 5, Strings: 13, Instructions: 203memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 372 402c72-402cc0 GetTickCount GetModuleFileNameA call 40583d 375 402cc2-402cc7 372->375 376 402ccc-402cfa call 405b66 call 4056a0 call 405b66 GetFileSize 372->376 377 402f11-402f15 375->377 384 402d00-402d17 376->384 385 402dea-402df8 call 402bd3 376->385 386 402d19 384->386 387 402d1b-402d21 call 4031bf 384->387 392 402ec9-402ece 385->392 393 402dfe-402e01 385->393 386->387 391 402d26-402d28 387->391 394 402e85-402e8d call 402bd3 391->394 395 402d2e-402d34 391->395 392->377 396 402e03-402e14 call 4031f1 call 4031bf 393->396 397 402e2d-402e79 GlobalAlloc call 405f62 call 40586c CreateFileA 393->397 394->392 399 402db4-402db8 395->399 400 402d36-402d4e call 4057fe 395->400 415 402e19-402e1b 396->415 423 402e7b-402e80 397->423 424 402e8f-402ebf call 4031f1 call 402f18 397->424 404 402dc1-402dc7 399->404 405 402dba-402dc0 call 402bd3 399->405 400->404 418 402d50-402d57 400->418 411 402dc9-402dd7 call 405ef4 404->411 412 402dda-402de4 404->412 405->404 411->412 412->384 412->385 415->392 420 402e21-402e27 415->420 418->404 422 402d59-402d60 418->422 420->392 420->397 422->404 425 402d62-402d69 422->425 423->377 431 402ec4-402ec7 424->431 425->404 428 402d6b-402d72 425->428 428->404 430 402d74-402d94 428->430 430->392 432 402d9a-402d9e 430->432 431->392 433 402ed0-402ee1 431->433 434 402da0-402da4 432->434 435 402da6-402dae 432->435 437 402ee3 433->437 438 402ee9-402eee 433->438 434->385 434->435 435->404 436 402db0-402db2 435->436 436->404 437->438 439 402eef-402ef5 438->439 439->439 440 402ef7-402f0f call 4057fe 439->440 440->377
                                    C-Code - Quality: 96%
                                    			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t57;
				void* _t62;
				signed int _t63;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66("C:\\Users\\jones\\Desktop", "C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe");
				E00405B66("CL-Eye-Driver-5.3.0.0341-Emuline.exe", E004056A0("C:\\Users\\jones\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					__eflags =  *0x423eb4; // 0xea00
					if(__eflags == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t63 =  *0x423eb4; // 0xea00
							_t65 = E004031F1(_t63 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
									__eflags =  *0x423ebc;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x653b35
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					_t77 = E004031BF( &_a4, 4); // executed
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t79 =  *0x423eb4; // 0xea00
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~_t79 & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						__eflags = _t83;
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423eb4; // 0xea00
						if(__eflags != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x417040; // 0x2f569
						 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x423eb4 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x41f050; // 0x2fc52
						if(__eflags < 0) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}

































                                    0x00402c80
                                    0x00402c83
                                    0x00402c9d
                                    0x00402ca2
                                    0x00402cb5
                                    0x00402cba
                                    0x00402cc0
                                    0x00000000
                                    0x00402cc2
                                    0x00402cd3
                                    0x00402ce4
                                    0x00402ceb
                                    0x00402cf1
                                    0x00402cf3
                                    0x00402cf8
                                    0x00402cfa
                                    0x00402dea
                                    0x00402dec
                                    0x00402df1
                                    0x00402df8
                                    0x00000000
                                    0x00000000
                                    0x00402dfe
                                    0x00402e01
                                    0x00402e2d
                                    0x00402e32
                                    0x00402e3d
                                    0x00402e3f
                                    0x00402e50
                                    0x00402e6b
                                    0x00402e71
                                    0x00402e74
                                    0x00402e79
                                    0x00402e8f
                                    0x00402e98
                                    0x00402ea8
                                    0x00402eba
                                    0x00402ebf
                                    0x00402ec4
                                    0x00402ec7
                                    0x00402ed0
                                    0x00402ed4
                                    0x00402edc
                                    0x00402ee1
                                    0x00402ee3
                                    0x00402ee3
                                    0x00402ee3
                                    0x00402eeb
                                    0x00402eeb
                                    0x00402eee
                                    0x00402eef
                                    0x00402eef
                                    0x00402ef2
                                    0x00402ef4
                                    0x00402ef4
                                    0x00402ef4
                                    0x00402ef7
                                    0x00402efe
                                    0x00402f0a
                                    0x00402f0f
                                    0x00000000
                                    0x00402f0f
                                    0x00000000
                                    0x00402ec7
                                    0x00000000
                                    0x00402e7b
                                    0x00402e09
                                    0x00402e14
                                    0x00402e19
                                    0x00402e1b
                                    0x00000000
                                    0x00000000
                                    0x00402e24
                                    0x00402e27
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00402d00
                                    0x00402d00
                                    0x00402d00
                                    0x00402d05
                                    0x00402d09
                                    0x00402d10
                                    0x00402d15
                                    0x00402d17
                                    0x00402d19
                                    0x00402d19
                                    0x00402d21
                                    0x00402d26
                                    0x00402d28
                                    0x00402e87
                                    0x00402ec9
                                    0x00000000
                                    0x00402ec9
                                    0x00402d2e
                                    0x00402d34
                                    0x00402db4
                                    0x00402db8
                                    0x00402dbb
                                    0x00402dc0
                                    0x00000000
                                    0x00402db8
                                    0x00402d41
                                    0x00402d46
                                    0x00402d49
                                    0x00402d4e
                                    0x00000000
                                    0x00000000
                                    0x00402d50
                                    0x00402d57
                                    0x00000000
                                    0x00000000
                                    0x00402d59
                                    0x00402d60
                                    0x00000000
                                    0x00000000
                                    0x00402d62
                                    0x00402d69
                                    0x00000000
                                    0x00000000
                                    0x00402d6b
                                    0x00402d72
                                    0x00000000
                                    0x00000000
                                    0x00402d74
                                    0x00402d7a
                                    0x00402d83
                                    0x00402d89
                                    0x00402d8c
                                    0x00402d8e
                                    0x00402d94
                                    0x00000000
                                    0x00000000
                                    0x00402d9a
                                    0x00402d9e
                                    0x00402da6
                                    0x00402da6
                                    0x00402da9
                                    0x00402dac
                                    0x00402dae
                                    0x00402db0
                                    0x00402db0
                                    0x00000000
                                    0x00402dae
                                    0x00402da0
                                    0x00402da4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00402dc1
                                    0x00402dc1
                                    0x00402dc7
                                    0x00402dd7
                                    0x00402dd7
                                    0x00402dda
                                    0x00402de0
                                    0x00402de2
                                    0x00402de2
                                    0x00000000
                                    0x00402d00

                                    APIs
                                    • GetTickCount.KERNEL32 ref: 00402C86
                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,00000400), ref: 00402CA2
                                      • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,80000000,00000003), ref: 00405841
                                      • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                    • GetFileSize.KERNEL32(00000000,00000000,CL-Eye-Driver-5.3.0.0341-Emuline.exe,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,80000000,00000003), ref: 00402CEB
                                    • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E32
                                    Strings
                                    • C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                    • Error launching installer, xrefs: 00402CC2
                                    • Null, xrefs: 00402D6B
                                    • "qR, xrefs: 00402EBA
                                    • soft, xrefs: 00402D62
                                    • C:\Users\user\Desktop, xrefs: 00402CCD, 00402CD2, 00402CD8
                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                    • CL-Eye-Driver-5.3.0.0341-Emuline.exe, xrefs: 00402CDF
                                    • "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install, xrefs: 00402C7F
                                    • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                    • Inst, xrefs: 00402D59
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                    • 5;e, xrefs: 00402EF7
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install$"qR$5;e$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe$CL-Eye-Driver-5.3.0.0341-Emuline.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                    • API String ID: 2803837635-877813050
                                    • Opcode ID: a9f02fa87dcfd966b73a569bd813c187ceb7b56ac983ed574234296b30cca538
                                    • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                    • Opcode Fuzzy Hash: a9f02fa87dcfd966b73a569bd813c187ceb7b56ac983ed574234296b30cca538
                                    • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 573 401734-401757 call 4029f6 call 4056c6 578 401761-401773 call 405b66 call 405659 lstrcatA 573->578 579 401759-40175f call 405b66 573->579 585 401778-40177e call 405dc8 578->585 579->585 589 401783-401787 585->589 590 401789-401793 call 405e61 589->590 591 4017ba-4017bd 589->591 599 4017a5-4017b7 590->599 600 401795-4017a3 CompareFileTime 590->600 593 4017c5-4017e1 call 40583d 591->593 594 4017bf-4017c0 call 40581e 591->594 601 4017e3-4017e6 593->601 602 401859-401882 call 404f04 call 402f18 593->602 594->593 599->591 600->599 603 4017e8-40182a call 405b66 * 2 call 405b88 call 405b66 call 405427 601->603 604 40183b-401845 call 404f04 601->604 616 401884-401888 602->616 617 40188a-401896 SetFileTime 602->617 603->589 637 401830-401831 603->637 614 40184e-401854 604->614 618 402894 614->618 616->617 620 40189c-4018a7 FindCloseChangeNotification 616->620 617->620 621 402896-40289a 618->621 623 40288b-40288e 620->623 624 4018ad-4018b0 620->624 623->618 625 4018b2-4018c3 call 405b88 lstrcatA 624->625 626 4018c5-4018c8 call 405b88 624->626 632 4018cd-402213 call 405427 625->632 626->632 632->621 640 40265c-402663 632->640 637->614 638 401833-401834 637->638 638->604 640->623
                                    C-Code - Quality: 75%
                                    			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405659(E00405B66(0x409b70, "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver")), ??);
				} else {
					_push(0x409b70);
					E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E61(0x409b70);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404F04(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t75, 0x40a370, 0x409b70, "C:\Users\jones\AppData\Local\Temp\nst827B.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t62 = E00405427("C:\Users\jones\AppData\Local\Temp\nst827B.tmp\System.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404F04(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F18(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffe9);
						lstrcatA(0x409b70,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                    0x00401734
                                    0x0040173b
                                    0x00401744
                                    0x00401747
                                    0x0040174a
                                    0x0040174f
                                    0x00401757
                                    0x00401773
                                    0x00401759
                                    0x00401759
                                    0x0040175a
                                    0x0040175a
                                    0x00401779
                                    0x00401783
                                    0x00401783
                                    0x00401787
                                    0x0040178a
                                    0x0040178f
                                    0x00401791
                                    0x00401793
                                    0x00401798
                                    0x00401798
                                    0x004017a3
                                    0x004017a3
                                    0x004017b4
                                    0x004017b6
                                    0x004017b6
                                    0x004017b7
                                    0x004017b7
                                    0x004017ba
                                    0x004017bd
                                    0x004017c0
                                    0x004017c0
                                    0x004017c7
                                    0x004017d6
                                    0x004017db
                                    0x004017de
                                    0x004017e1
                                    0x00000000
                                    0x00000000
                                    0x004017e3
                                    0x004017e6
                                    0x00401840
                                    0x00401845
                                    0x004015a8
                                    0x0040265c
                                    0x0040265c
                                    0x0040288b
                                    0x0040288e
                                    0x0040288e
                                    0x00000000
                                    0x004017e8
                                    0x004017ee
                                    0x004017f9
                                    0x00401806
                                    0x00401811
                                    0x00401827
                                    0x00401827
                                    0x0040182a
                                    0x00000000
                                    0x00401830
                                    0x00401830
                                    0x00401831
                                    0x0040184e
                                    0x00402894
                                    0x00402894
                                    0x00402894
                                    0x00401833
                                    0x00401833
                                    0x00401834
                                    0x00401492
                                    0x0040220e
                                    0x0040220e
                                    0x0040220e
                                    0x00401831
                                    0x0040182a
                                    0x00402896
                                    0x0040289a
                                    0x0040289a
                                    0x0040185e
                                    0x00401863
                                    0x00401871
                                    0x00401876
                                    0x0040187c
                                    0x00401880
                                    0x00401882
                                    0x0040188a
                                    0x00401896
                                    0x00401884
                                    0x00401884
                                    0x00401888
                                    0x00000000
                                    0x00000000
                                    0x00401888
                                    0x0040189f
                                    0x004018a5
                                    0x004018a7
                                    0x00000000
                                    0x004018ad
                                    0x004018ad
                                    0x004018b0
                                    0x004018c8
                                    0x004018b2
                                    0x004018b5
                                    0x004018be
                                    0x004018be
                                    0x004018cd
                                    0x004018d2
                                    0x00402209
                                    0x00000000
                                    0x00402209
                                    0x00000000

                                    APIs
                                    • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Program Files (x86)\Code Laboratories\CL-Eye Driver,00000000,00000000,00000031), ref: 00401773
                                    • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Program Files (x86)\Code Laboratories\CL-Eye Driver,00000000,00000000,00000031), ref: 0040179D
                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,CL-Eye Driver Setup,NSIS Error), ref: 00405B73
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00402C4A,00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000), ref: 00404F60
                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\), ref: 00404F72
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                    • String ID: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$C:\Users\user\AppData\Local\Temp\nst827B.tmp$C:\Users\user\AppData\Local\Temp\nst827B.tmp\System.dll$Call
                                    • API String ID: 1941528284-4056146852
                                    • Opcode ID: f8a6a444128ea722c5b0654b800be12f190068aadf11e0c26a2a13909132d046
                                    • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                    • Opcode Fuzzy Hash: f8a6a444128ea722c5b0654b800be12f190068aadf11e0c26a2a13909132d046
                                    • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404F04, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 641 404f04-404f19 642 404fcf-404fd3 641->642 643 404f1f-404f31 641->643 644 404f33-404f37 call 405b88 643->644 645 404f3c-404f48 lstrlenA 643->645 644->645 647 404f65-404f69 645->647 648 404f4a-404f5a lstrlenA 645->648 650 404f78-404f7c 647->650 651 404f6b-404f72 SetWindowTextA 647->651 648->642 649 404f5c-404f60 lstrcatA 648->649 649->647 652 404fc2-404fc4 650->652 653 404f7e-404fc0 SendMessageA * 3 650->653 651->650 652->642 654 404fc6-404fc9 652->654 653->652 654->642
                                    C-Code - Quality: 100%
                                    			E00404F04(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684; // 0x302de
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B88(0, _t39, 0x41fc78, 0x41fc78, _a4);
					}
					_t26 = lstrlenA(0x41fc78);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc78)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc78, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                    0x00404f0a
                                    0x00404f16
                                    0x00404f19
                                    0x00404f1f
                                    0x00404f2b
                                    0x00404f2e
                                    0x00404f31
                                    0x00404f37
                                    0x00404f37
                                    0x00404f3d
                                    0x00404f45
                                    0x00404f48
                                    0x00404f65
                                    0x00404f69
                                    0x00404f72
                                    0x00404f72
                                    0x00404f7c
                                    0x00404f85
                                    0x00404f91
                                    0x00404f98
                                    0x00404f9c
                                    0x00404f9f
                                    0x00404fb2
                                    0x00404fc0
                                    0x00404fc0
                                    0x00404fc4
                                    0x00404fc6
                                    0x00404fc9
                                    0x00000000
                                    0x00404fc9
                                    0x00404f4a
                                    0x00404f52
                                    0x00404f5a
                                    0x00404f60
                                    0x00000000
                                    0x00404f60
                                    0x00404f5a
                                    0x00404f48
                                    0x00404fd3

                                    APIs
                                    • lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                    • lstrlenA.KERNEL32(00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                    • lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00402C4A,00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000), ref: 00404F60
                                    • SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\), ref: 00404F72
                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                    • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                    • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                    • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\
                                    • API String ID: 2531174081-3387780045
                                    • Opcode ID: 6f5438f81cf7a4cf278200178885afddebba4b3e10535ae1fdd8142835d36988
                                    • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                    • Opcode Fuzzy Hash: 6f5438f81cf7a4cf278200178885afddebba4b3e10535ae1fdd8142835d36988
                                    • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402F18, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 109fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 655 402f18-402f27 656 402f45-402f50 call 403043 655->656 657 402f29-402f3f SetFilePointer 655->657 660 402f56-402f70 ReadFile 656->660 661 40303c-403040 656->661 657->656 662 402f76-402f79 660->662 663 403039 660->663 662->663 665 402f7f-402f92 call 403043 662->665 664 40303b 663->664 664->661 665->661 668 402f98-402f9b 665->668 669 403008-40300e 668->669 670 402f9d-402fa0 668->670 673 403010 669->673 674 403013-403026 ReadFile 669->674 671 403034-403037 670->671 672 402fa6 670->672 671->661 675 402fab-402fb3 672->675 673->674 674->663 676 403028-403031 674->676 677 402fb5 675->677 678 402fb8-402fca ReadFile 675->678 676->671 677->678 678->663 679 402fcc-402fcf 678->679 679->663 680 402fd1-402fe6 WriteFile 679->680 681 403004-403006 680->681 682 402fe8-402feb 680->682 681->664 682->681 683 402fed-403000 682->683 683->675 684 403002 683->684 684->671
                                    C-Code - Quality: 93%
                                    			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				intOrPtr _t51;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t51 =  *0x423ef8; // 0x155aa
					_t44 = _t31 + _t51;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}


















                                    0x00402f1d
                                    0x00402f27
                                    0x00402f29
                                    0x00402f30
                                    0x00402f34
                                    0x00402f3f
                                    0x00402f3f
                                    0x00402f47
                                    0x00402f49
                                    0x00402f50
                                    0x00402f6c
                                    0x00402f70
                                    0x00403039
                                    0x00403039
                                    0x00000000
                                    0x00402f7f
                                    0x00402f82
                                    0x00402f88
                                    0x00402f8f
                                    0x00402f92
                                    0x00402f9b
                                    0x00403008
                                    0x0040300e
                                    0x00403010
                                    0x00403010
                                    0x00403022
                                    0x00403026
                                    0x00000000
                                    0x00403028
                                    0x00403028
                                    0x0040302b
                                    0x00403031
                                    0x00000000
                                    0x00403031
                                    0x00402f9d
                                    0x00402fa0
                                    0x00403034
                                    0x00403034
                                    0x00402fa6
                                    0x00402fab
                                    0x00402fab
                                    0x00402fb3
                                    0x00402fb5
                                    0x00402fb5
                                    0x00402fc6
                                    0x00402fca
                                    0x00000000
                                    0x00000000
                                    0x00402fde
                                    0x00402fe6
                                    0x00403004
                                    0x0040303b
                                    0x0040303b
                                    0x00402fed
                                    0x00402fed
                                    0x00402ff0
                                    0x00402ff3
                                    0x00402ff6
                                    0x00403000
                                    0x00000000
                                    0x00403002
                                    0x00000000
                                    0x00403002
                                    0x00403000
                                    0x00000000
                                    0x00402fe6
                                    0x00000000
                                    0x00402fab
                                    0x00402fa0
                                    0x00402f9b
                                    0x00402f92
                                    0x00402f70
                                    0x0040303c
                                    0x00403040

                                    APIs
                                    • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,0000E9E4), ref: 00402F3F
                                    • ReadFile.KERNELBASE(00409130,00000004,0000E9E4,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                    • ReadFile.KERNELBASE(00413040,00004000,0000E9E4,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,0000E9E4), ref: 00402FC6
                                    • WriteFile.KERNELBASE(00000000,00413040,0000E9E4,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,0000E9E4), ref: 00402FDE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: File$Read$PointerWrite
                                    • String ID: 5;e$@0A
                                    • API String ID: 2113905535-3641682052
                                    • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                    • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                    • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                    • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403043, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 108fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 685 403043-40306c GetTickCount 686 403072-40309d call 4031f1 SetFilePointer 685->686 687 4031ad-4031b5 call 402bd3 685->687 693 4030a2-4030b4 686->693 692 4031b7-4031bc 687->692 694 4030b6 693->694 695 4030b8-4030c6 call 4031bf 693->695 694->695 698 4030cc-4030d8 695->698 699 40319f-4031a2 695->699 700 4030de-4030e4 698->700 699->692 701 4030e6-4030ec 700->701 702 40310f-40312b call 405f82 700->702 701->702 704 4030ee-40310e call 402bd3 701->704 708 4031a8 702->708 709 40312d-403135 702->709 704->702 710 4031aa-4031ab 708->710 711 403137-40314d WriteFile 709->711 712 403169-40316f 709->712 710->692 713 4031a4-4031a6 711->713 714 40314f-403153 711->714 712->708 715 403171-403173 712->715 713->710 714->713 716 403155-403161 714->716 715->708 717 403175-403188 715->717 716->700 718 403167 716->718 717->693 719 40318e-40319d SetFilePointer 717->719 718->717 719->687
                                    C-Code - Quality: 94%
                                    			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t22;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x653b35
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					L2:
					_t12 =  *0x417048; // 0x527122
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					while(1) {
						_t46 =  *0x423eb0; // 0x4afae0
						if(_t46 != 0) {
							_t47 =  *0x423f40; // 0x0
							if(_t47 == 0) {
								_t22 =  *0x41f050; // 0x2fc52
								 *0x417040 = _t22 -  *0x417044 - _a4 +  *0x40afb0;
								E00402BD3(0);
							}
						}
						 *0x40afd8 = 0x40b040;
						 *0x40afdc = 0x8000; // executed
						_t16 = E00405F82(0x40afb8); // executed
						if(_t16 < 0) {
							break;
						}
						_t39 =  *0x40afd8; // 0x40b729
						_t40 = _t39 - 0x40b040;
						if(_t40 == 0) {
							__eflags =  *0x40afd4; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags = _t34;
							if(_t34 == 0) {
								break;
							}
							L17:
							_t18 =  *0x417044; // 0x653b35
							if(_t18 -  *0x40afb0 + _a4 > 0) {
								goto L2;
							}
							SetFilePointer( *0x409018, _t18, 0, 0); // executed
							goto L23;
						}
						_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
						if(_t21 == 0 || _t40 != _v4) {
							_push(0xfffffffe);
							L22:
							_pop(_t17);
							return _t17;
						} else {
							 *0x40afb0 =  *0x40afb0 + _t40;
							_t53 =  *0x40afd4; // 0x0
							if(_t53 != 0) {
								continue;
							}
							goto L17;
						}
					}
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}





















                                    0x00403047
                                    0x00403054
                                    0x00403067
                                    0x0040306c
                                    0x004031ad
                                    0x004031af
                                    0x00000000
                                    0x004031b5
                                    0x00403078
                                    0x0040308b
                                    0x00403091
                                    0x00403097
                                    0x004030a2
                                    0x004030a2
                                    0x004030a2
                                    0x004030a7
                                    0x004030ac
                                    0x004030b4
                                    0x004030b6
                                    0x004030b6
                                    0x004030bf
                                    0x004030c6
                                    0x00000000
                                    0x00000000
                                    0x004030cc
                                    0x004030d2
                                    0x004030d8
                                    0x004030de
                                    0x004030de
                                    0x004030e4
                                    0x004030e6
                                    0x004030ec
                                    0x004030ee
                                    0x00403104
                                    0x00403109
                                    0x0040310e
                                    0x004030ec
                                    0x00403114
                                    0x0040311a
                                    0x00403124
                                    0x0040312b
                                    0x00000000
                                    0x00000000
                                    0x0040312d
                                    0x00403133
                                    0x00403135
                                    0x00403169
                                    0x0040316f
                                    0x00000000
                                    0x00000000
                                    0x00403171
                                    0x00403173
                                    0x00000000
                                    0x00000000
                                    0x00403175
                                    0x00403175
                                    0x00403188
                                    0x00000000
                                    0x00000000
                                    0x00403197
                                    0x00000000
                                    0x00403197
                                    0x00403145
                                    0x0040314d
                                    0x004031a4
                                    0x004031aa
                                    0x004031aa
                                    0x00000000
                                    0x00403155
                                    0x00403155
                                    0x0040315b
                                    0x00403161
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403167
                                    0x0040314d
                                    0x004031a8
                                    0x00000000
                                    0x004031a8
                                    0x00000000

                                    APIs
                                    • GetTickCount.KERNEL32 ref: 00403058
                                      • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,0000E9E4), ref: 004031FF
                                    • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                    • WriteFile.KERNELBASE(0040B040,0040B729,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                    • SetFilePointer.KERNELBASE(00653B35,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: File$Pointer$CountTickWrite
                                    • String ID: "qR$5;e$@0A
                                    • API String ID: 2146148272-3372686330
                                    • Opcode ID: 2d56d82600b3f5df3c78828dba8606990429b5df5c6eae6ec82e8be78dfd61ee
                                    • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                    • Opcode Fuzzy Hash: 2d56d82600b3f5df3c78828dba8606990429b5df5c6eae6ec82e8be78dfd61ee
                                    • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    C-Code - Quality: 93%
                                    			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				void* _t33;
				long _t41;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4; // 0xea00
					 *(_t58 - 0x2c) = _t32;
					_t33 = GlobalAlloc(0x40, _t32); // executed
					_t51 = _t33;
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c)); // executed
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x1c));
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c)); // executed
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47); // executed
						GlobalFree(_t51); // executed
						_t41 = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47); // executed
						 *(_t58 - 8) = _t41;
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}













                                    0x0040267c
                                    0x0040267e
                                    0x0040268a
                                    0x0040268d
                                    0x00402697
                                    0x0040269b
                                    0x0040269b
                                    0x004026a1
                                    0x004026ae
                                    0x004026b6
                                    0x004026b9
                                    0x004026bf
                                    0x004026cd
                                    0x004026d0
                                    0x004026d2
                                    0x004026d6
                                    0x004026d9
                                    0x004026e2
                                    0x004026ee
                                    0x004026f2
                                    0x004026f5
                                    0x004026ff
                                    0x0040271e
                                    0x00402706
                                    0x0040270b
                                    0x00402713
                                    0x00402716
                                    0x0040271b
                                    0x0040271b
                                    0x00402725
                                    0x00402725
                                    0x00402737
                                    0x0040273e
                                    0x0040274b
                                    0x00402750
                                    0x00402750
                                    0x00402756
                                    0x00402756
                                    0x00402761
                                    0x00402762
                                    0x00402766
                                    0x0040276a
                                    0x00402770
                                    0x00402770
                                    0x00402777
                                    0x00402164
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • GlobalAlloc.KERNELBASE(00000040,0000EA00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                    • GlobalFree.KERNEL32 ref: 00402725
                                    • WriteFile.KERNELBASE(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                    • GlobalFree.KERNEL32 ref: 0040273E
                                    • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                    • String ID:
                                    • API String ID: 3294113728-0
                                    • Opcode ID: a3b63d379b6164846a5749b4daa30d91fd7fc09e5761b43eced119004dd52135
                                    • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                    • Opcode Fuzzy Hash: a3b63d379b6164846a5749b4daa30d91fd7fc09e5761b43eced119004dd52135
                                    • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401F51, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 753 401f51-401f5d 754 401f63-401f79 call 4029f6 * 2 753->754 755 402019-40201b 753->755 765 401f88-401f96 LoadLibraryExA 754->765 766 401f7b-401f86 GetModuleHandleA 754->766 757 402164-402169 call 401423 755->757 763 40288b-40289a 757->763 768 401f98-401fa6 GetProcAddress 765->768 769 402012-402014 765->769 766->765 766->768 770 401fe5-401fea call 404f04 768->770 771 401fa8-401fae 768->771 769->757 775 401fef-401ff2 770->775 773 401fb0-401fbc call 401423 771->773 774 401fc7-401fe3 KiUserCallbackDispatcher 771->774 773->775 782 401fbe-401fc5 773->782 774->775 775->763 777 401ff8-402000 call 40364f 775->777 777->763 783 402006-40200d FreeLibrary 777->783 782->775 783->763
                                    C-Code - Quality: 60%
                                    			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                    0x00401f51
                                    0x00401f51
                                    0x00401f56
                                    0x00401f5d
                                    0x00402019
                                    0x00402164
                                    0x00402164
                                    0x0040288b
                                    0x0040288e
                                    0x0040289a
                                    0x0040289a
                                    0x00401f6c
                                    0x00401f76
                                    0x00401f79
                                    0x00401f88
                                    0x00401f8c
                                    0x00401f92
                                    0x00401f96
                                    0x00402012
                                    0x00000000
                                    0x00402012
                                    0x00401f98
                                    0x00401fa2
                                    0x00401fa6
                                    0x00401fea
                                    0x00401fa8
                                    0x00401fab
                                    0x00401fae
                                    0x00401fde
                                    0x00401fb0
                                    0x00401fb3
                                    0x00401fbc
                                    0x00401fbe
                                    0x00401fbe
                                    0x00401fbc
                                    0x00401fae
                                    0x00401ff2
                                    0x00402007
                                    0x00402007
                                    0x00000000
                                    0x00401ff2
                                    0x00401f7c
                                    0x00401f82
                                    0x00401f86
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    APIs
                                    • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                    • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                    • KiUserCallbackDispatcher.NTDLL(?,00000400,00424000,0040AF70, ?B,?,00000008,00000001,000000F0), ref: 00401FDE
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00402C4A,00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000), ref: 00404F60
                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\), ref: 00404F72
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                    • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$Librarylstrlen$AddressCallbackDispatcherFreeHandleLoadModuleProcTextUserWindowlstrcat
                                    • String ID: ?B
                                    • API String ID: 4236411475-117478770
                                    • Opcode ID: a57e8c0769ea844e22e0c1e1f0cba5f5542df926a794c83fcda134ba5213478a
                                    • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                    • Opcode Fuzzy Hash: a57e8c0769ea844e22e0c1e1f0cba5f5542df926a794c83fcda134ba5213478a
                                    • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 784 402303-402349 call 402aeb call 4029f6 * 2 RegCreateKeyExA 791 40288b-40289a 784->791 792 40234f-402357 784->792 794 402367-40236a 792->794 795 402359-402366 call 4029f6 lstrlenA 792->795 798 40237a-40237d 794->798 799 40236c-402379 call 4029d9 794->799 795->794 802 40238e-4023a2 RegSetValueExA 798->802 803 40237f-402389 call 402f18 798->803 799->798 806 4023a4 802->806 807 4023a7-402483 RegCloseKey 802->807 803->802 806->807 807->791
                                    C-Code - Quality: 90%
                                    			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				long _t22;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t30 =  *0x423f50; // 0x0
				_t31 = _t30 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27); // executed
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a370) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F18(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a370, 0xc00);
					}
					_t22 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a370, _t19); // executed
					if(_t22 == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}












                                    0x00402304
                                    0x00402309
                                    0x00402313
                                    0x0040231d
                                    0x00402320
                                    0x0040232a
                                    0x00402330
                                    0x0040233a
                                    0x00402341
                                    0x00402349
                                    0x00402357
                                    0x0040235b
                                    0x00402366
                                    0x00402366
                                    0x0040236a
                                    0x0040236e
                                    0x00402374
                                    0x00402379
                                    0x00402379
                                    0x0040237d
                                    0x00402389
                                    0x00402389
                                    0x0040239a
                                    0x004023a2
                                    0x004023a4
                                    0x004023a4
                                    0x004023a7
                                    0x0040247d
                                    0x0040247d
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402341
                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nst827B.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402361
                                    • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nst827B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040239A
                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nst827B.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040247D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CloseCreateValuelstrlen
                                    • String ID: C:\Users\user\AppData\Local\Temp\nst827B.tmp
                                    • API String ID: 1356686001-2810308008
                                    • Opcode ID: a542455d9f9526f25a51f1532c83397ec4fb85749294bc37414485deefa1f1b8
                                    • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                    • Opcode Fuzzy Hash: a542455d9f9526f25a51f1532c83397ec4fb85749294bc37414485deefa1f1b8
                                    • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 85%
                                    			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                    0x004015b3
                                    0x004015ba
                                    0x004015bd
                                    0x004015c2
                                    0x004015c6
                                    0x004015c8
                                    0x004015d0
                                    0x004015d6
                                    0x004015d8
                                    0x004015db
                                    0x004015e3
                                    0x004015f0
                                    0x004015fd
                                    0x004015fd
                                    0x004015f2
                                    0x004015f3
                                    0x004015fb
                                    0x00000000
                                    0x00000000
                                    0x004015fb
                                    0x004015f0
                                    0x00401600
                                    0x00401603
                                    0x00401605
                                    0x00401606
                                    0x004015c8
                                    0x0040160d
                                    0x0040162d
                                    0x00402164
                                    0x0040160f
                                    0x00401611
                                    0x0040161c
                                    0x00401622
                                    0x00401622
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                      • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,C:\,00000000,00405751,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,73BCF560), ref: 004056FB
                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                    • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                    • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                    • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                    • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files (x86)\Code Laboratories\CL-Eye Driver,00000000,00000000,000000F0), ref: 00401622
                                    Strings
                                    • C:\Program Files (x86)\Code Laboratories\CL-Eye Driver, xrefs: 00401617
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                    • String ID: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver
                                    • API String ID: 3751793516-1878831446
                                    • Opcode ID: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                    • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                    • Opcode Fuzzy Hash: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                    • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040586C, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                    0x00405870
                                    0x00405876
                                    0x00405877
                                    0x00405877
                                    0x00405878
                                    0x0040587f
                                    0x00405889
                                    0x00405896
                                    0x00405899
                                    0x004058a1
                                    0x00000000
                                    0x00000000
                                    0x004058a5
                                    0x00000000
                                    0x00000000
                                    0x004058a7
                                    0x00000000
                                    0x004058a7
                                    0x00000000

                                    APIs
                                    • GetTickCount.KERNEL32 ref: 0040587F
                                    • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                    Strings
                                    • "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install, xrefs: 00405873
                                    • nsa, xrefs: 00405878
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 0040586C, 0040586F
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CountFileNameTempTick
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install$C:\Users\user\AppData\Local\Temp\$nsa
                                    • API String ID: 1716503409-1533766568
                                    • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                    • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                    • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                    • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00401CC1(int __edx) {
				long _t16;
				void* _t17;
				int _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t16 = LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10); // executed
				_t17 = SendMessageA(_t25, 0x172, _t21, _t16); // executed
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}








                                    0x00401ccb
                                    0x00401cd2
                                    0x00401cf3
                                    0x00401d01
                                    0x00401d09
                                    0x00401d10
                                    0x00401d10
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • GetDlgItem.USER32 ref: 00401CC5
                                    • GetClientRect.USER32 ref: 00401CD2
                                    • LoadImageA.USER32 ref: 00401CF3
                                    • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                    • DeleteObject.GDI32(00000000), ref: 00401D10
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                    • String ID:
                                    • API String ID: 1849352358-0
                                    • Opcode ID: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                    • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                    • Opcode Fuzzy Hash: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                    • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 51%
                                    			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28); // executed
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8)); // executed
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                    0x00401bb6
                                    0x00401bc2
                                    0x00401bc5
                                    0x00401bce
                                    0x00401bce
                                    0x00401bd1
                                    0x00401bd5
                                    0x00401bde
                                    0x00401bde
                                    0x00401be1
                                    0x00401be5
                                    0x00401be7
                                    0x00401c34
                                    0x00401c36
                                    0x00401c3f
                                    0x00401c47
                                    0x00401c4a
                                    0x00401c4a
                                    0x00401c53
                                    0x00000000
                                    0x00401be9
                                    0x00401bf0
                                    0x00401bf2
                                    0x00401bfa
                                    0x00401bfd
                                    0x00401c25
                                    0x00401c59
                                    0x00401c59
                                    0x00401bff
                                    0x00401c0d
                                    0x00401c15
                                    0x00401c18
                                    0x00401c18
                                    0x00401bfd
                                    0x00401c5c
                                    0x00401c5f
                                    0x00401c65
                                    0x00402833
                                    0x00402833
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                    • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$Timeout
                                    • String ID: !
                                    • API String ID: 1777923405-2657877971
                                    • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                    • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                    • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                    • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040573A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 53%
                                    			E0040573A(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405B66(0x4218a8, _a4);
				_t21 = E004056ED(0x4218a8);
				if(_t21 != 0) {
					E00405DC8(_t21);
					if(( *0x423eb8 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x4218a8;
						while(1) {
							_t11 = lstrlenA(0x4218a8);
							_push(0x4218a8);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405E61();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004056A0(0x4218a8);
								continue;
							} else {
								goto L1;
							}
						}
						E00405659();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                    0x00405746
                                    0x00405751
                                    0x00405755
                                    0x0040575c
                                    0x00405768
                                    0x00405774
                                    0x00405774
                                    0x0040578c
                                    0x0040578d
                                    0x00405794
                                    0x00405795
                                    0x00000000
                                    0x00000000
                                    0x00405778
                                    0x0040577f
                                    0x00405787
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040577f
                                    0x00405797
                                    0x0040579d
                                    0x00000000
                                    0x004057ab
                                    0x0040576a
                                    0x0040576e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040576e
                                    0x00405757
                                    0x00000000

                                    APIs
                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,CL-Eye Driver Setup,NSIS Error), ref: 00405B73
                                      • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,C:\,00000000,00405751,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,73BCF560), ref: 004056FB
                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                    • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,73BCF560), ref: 0040578D
                                    • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,73BCF560), ref: 0040579D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                    • String ID: C:\
                                    • API String ID: 3248276644-3404278061
                                    • Opcode ID: 716f681fdc2f335f171507b78212e4fdddf35da2e6b413ee0daba6d976a18fc7
                                    • Instruction ID: 7155b9e5202267c574e320c9449d9087b3e4f671a0d42f3ce7b213b6d11f415d
                                    • Opcode Fuzzy Hash: 716f681fdc2f335f171507b78212e4fdddf35da2e6b413ee0daba6d976a18fc7
                                    • Instruction Fuzzy Hash: A1F0F425104D509AC72636395C09EAF1A55CE833A4F48053FF894B32D1CB3C8943EDAE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403208, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 84%
                                    			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                    0x00403209
                                    0x0040320f
                                    0x00403215
                                    0x0040321c
                                    0x00403221
                                    0x00403229
                                    0x00403235
                                    0x0040323b
                                    0x0040321f
                                    0x0040321f
                                    0x0040321f

                                    APIs
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                      • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                    • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Char$Next$CreateDirectoryPrev
                                    • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                    • API String ID: 4115351271-517883005
                                    • Opcode ID: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                    • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                    • Opcode Fuzzy Hash: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                    • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040361A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c; // 0x0
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8)); // executed
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                    0x0040361b
                                    0x00403623
                                    0x0040362a
                                    0x0040362d
                                    0x0040362d
                                    0x0040362f
                                    0x00403634
                                    0x0040363b
                                    0x00403641
                                    0x00403645
                                    0x00403646
                                    0x0040364e

                                    APIs
                                    • FreeLibrary.KERNELBASE(?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,00000000,73BCF560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                    • GlobalFree.KERNEL32 ref: 0040363B
                                    Strings
                                    • "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install, xrefs: 0040362C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Free$GlobalLibrary
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install
                                    • API String ID: 1100898210-848346126
                                    • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                    • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                    • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                    • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 99%
                                    			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                    0x00406566
                                    0x00406566
                                    0x00406566
                                    0x00406566
                                    0x0040656c
                                    0x00406570
                                    0x00406574
                                    0x0040657e
                                    0x0040658c
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x00000000
                                    0x00000000
                                    0x0040689f
                                    0x004068a8
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068f6
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x0040689d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004068f8
                                    0x004068f8
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x004069ad
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x0040687b
                                    0x00406881
                                    0x00406888
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00000000
                                    0x00406893
                                    0x004068fd
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00406819
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcb
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd5
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406030
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607a
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a4
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060ea
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x004069a1
                                    0x00000000
                                    0x004069a1
                                    0x004067f8
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x00000000
                                    0x004061be
                                    0x00406138
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x004063d0
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x00000000
                                    0x00000000
                                    0x0040647d
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x00406509
                                    0x004064f4
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x00000000
                                    0x00000000
                                    0x00406767
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040676d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x0040686f
                                    0x0040682a
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406915
                                    0x00406918
                                    0x00406819
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x0040681f
                                    0x00000000
                                    0x0040654f
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x0040686f
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406594
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x0040662d
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00406819
                                    0x00406899
                                    0x00406862

                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                    • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                    • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                    • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                    0x00000000
                                    0x00406767
                                    0x00406767
                                    0x0040676b
                                    0x00406790
                                    0x0040679a
                                    0x00000000
                                    0x0040676d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x0040677a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x0040685b
                                    0x0040685b
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00406819
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x00000000
                                    0x004069a1
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x00000000
                                    0x004061be
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x00000000
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x00406509
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x00000000
                                    0x00406854
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00000000
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x004069b7
                                    0x004069bd
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00406819
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x004068f6
                                    0x00000000
                                    0x0040676b

                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                    • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                    • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                    • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                    0x00000000
                                    0x0040647d
                                    0x0040647d
                                    0x00406481
                                    0x00406538
                                    0x0040653b
                                    0x00406547
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x0040679d
                                    0x0040679d
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x004067ee
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x00000000
                                    0x004069a1
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00000000
                                    0x00406810
                                    0x00406487
                                    0x0040648b
                                    0x004069cc
                                    0x004069cc
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x00406491
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x00000000
                                    0x004069c8
                                    0x004064ab
                                    0x004064ae
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x004064df
                                    0x004064df
                                    0x004064df
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x00000000
                                    0x004061be
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x00406509
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x00000000
                                    0x0040679a
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00000000
                                    0x0040690d
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x00000000
                                    0x00406762
                                    0x00406760
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4

                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                    • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                    • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                    • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                    0x00405f92
                                    0x00405f99
                                    0x00405f9f
                                    0x00405fa5
                                    0x00000000
                                    0x00405fa9
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcb
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe0
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602b
                                    0x0040602e
                                    0x00406056
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406030
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x00406048
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x0040609f
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a4
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c1
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406107
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067af
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067e5
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x00000000
                                    0x004069a1
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x0040680d
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x00000000
                                    0x004061be
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x004061a1
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x00000000
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x00406509
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x00000000
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x00406819
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x004069b7
                                    0x004069bd
                                    0x004069bf
                                    0x004069c6
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                    • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                    • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                    • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                    0x00000000
                                    0x004063d0
                                    0x004063d0
                                    0x004063d4
                                    0x004063f5
                                    0x004063fc
                                    0x00406402
                                    0x00406408
                                    0x0040641a
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x004063d6
                                    0x004063dc
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x004067a0
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00406819
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x0040681f
                                    0x00406819
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00406819
                                    0x004067a0
                                    0x0040679d
                                    0x00000000
                                    0x004063d4

                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                    • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                    • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                    • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                    0x00000000
                                    0x004064ee
                                    0x004064ee
                                    0x004064f2
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x004064f4
                                    0x004064f4
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00406428
                                    0x0040642b
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x004067a0
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00406819
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x0040681f
                                    0x00406819
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00406819
                                    0x004067a0
                                    0x0040679d
                                    0x00000000
                                    0x004064f2

                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                    • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                    • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                    • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                    0x00000000
                                    0x0040643a
                                    0x0040643a
                                    0x0040643e
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x0040679d
                                    0x0040679d
                                    0x004067a0
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x0040679d
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00406819
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x0040681f
                                    0x00406819
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00406819
                                    0x004067a0
                                    0x0040679d

                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                    • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                    • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                    • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401B06, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 59%
                                    			E00401B06(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x1c));
				_t30 =  *0x40af70; // 0x4e93b8
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00405B88(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x24)));
						_t11 =  *0x40af70; // 0x4e93b8
						 *_t34 = _t11;
						 *0x40af70 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x4e93bc
							E00405B66(_t33, _t2);
							_push(_t30);
							 *0x40af70 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00405B66(0x409b70, _t30 + 4);
								_t21 =  *0x40af70; // 0x4e93b8
								E00405B66(_t32, _t21 + 4);
								_t24 =  *0x40af70; // 0x4e93b8
								_push(0x409b70);
								_push(_t24 + 4);
								E00405B66();
								L15:
								 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00405B88(_t27, _t30, _t33, _t27, 0xffffffe8));
					E00405427();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                    0x00401b06
                                    0x00401b06
                                    0x00401b09
                                    0x00401b11
                                    0x00401b59
                                    0x00401b87
                                    0x00401b90
                                    0x00401b92
                                    0x00401b96
                                    0x00401b9b
                                    0x00401ba0
                                    0x00401ba2
                                    0x00401b5b
                                    0x00401b5d
                                    0x0040265c
                                    0x00401b63
                                    0x00401b63
                                    0x00401b68
                                    0x00401b6f
                                    0x00401b70
                                    0x00401b75
                                    0x00401b75
                                    0x00401b5d
                                    0x00000000
                                    0x00401b13
                                    0x00401b13
                                    0x00401b13
                                    0x00401b16
                                    0x00000000
                                    0x00000000
                                    0x00401b1c
                                    0x00401b20
                                    0x00000000
                                    0x00401b22
                                    0x00401b24
                                    0x00000000
                                    0x00401b2a
                                    0x00401b2a
                                    0x00401b34
                                    0x00401b39
                                    0x00401b43
                                    0x00401b48
                                    0x00401b4d
                                    0x00401b51
                                    0x004027b1
                                    0x0040288b
                                    0x0040288e
                                    0x00402894
                                    0x00402894
                                    0x00401b24
                                    0x00000000
                                    0x00401b20
                                    0x004021fb
                                    0x00402208
                                    0x00402209
                                    0x0040220e
                                    0x0040220e
                                    0x00402896
                                    0x0040289a

                                    APIs
                                    • GlobalFree.KERNEL32 ref: 00401B75
                                    • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401B87
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Global$AllocFree
                                    • String ID: Call
                                    • API String ID: 3394109436-1824292864
                                    • Opcode ID: 9b92690919ab3925ef73853116ce48ab465fb75dc046896ca91c647f4bc949d6
                                    • Instruction ID: f6df762d61d54559a5bd4bb911f236f7c2d089bf7a2c1af573ad77b5def0dbe6
                                    • Opcode Fuzzy Hash: 9b92690919ab3925ef73853116ce48ab465fb75dc046896ca91c647f4bc949d6
                                    • Instruction Fuzzy Hash: 9F2181B2A006169BC710AFA4DE85D5E73B4EB44318724463BF502F32D0DB7CB9129B5E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405A4D, Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E00405A4D(void* _a4, int _a8, char* _a12, int _a16, void* _a20) {
				long _t20;
				long _t23;
				long _t24;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExA(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				if(_t20 == 0) {
					_a8 = 0x400;
					_t23 = RegQueryValueExA(_a20, _a12, 0,  &_a16, _t26,  &_a8); // executed
					if(_t23 != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x3ff] = 0;
					_t24 = RegCloseKey(_a20); // executed
					return _t24;
				}
				return _t20;
			}







                                    0x00405a5d
                                    0x00405a5f
                                    0x00405a6c
                                    0x00405a76
                                    0x00405a7e
                                    0x00405a83
                                    0x00405a97
                                    0x00405a9f
                                    0x00405aad
                                    0x00405aad
                                    0x00405ab2
                                    0x00405ab8
                                    0x00000000
                                    0x00405ab8
                                    0x00405ac1

                                    APIs
                                    • RegOpenKeyExA.KERNELBASE(80000002,00405C89,00000000,00000002,?,00000002,00092E61,?,00405C89,80000002,Software\Microsoft\Windows\CurrentVersion,00092E61,Remove folder: ,004B6D39), ref: 00405A76
                                    • RegQueryValueExA.KERNELBASE(00092E61,?,00000000,00405C89,00092E61,00405C89), ref: 00405A97
                                    • RegCloseKey.KERNELBASE(?), ref: 00405AB8
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CloseOpenQueryValue
                                    • String ID:
                                    • API String ID: 3677997916-0
                                    • Opcode ID: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                    • Instruction ID: 1f5187eb0d206272966296eac295dca0b6851c7ebc3b2299c22a00064415c0d3
                                    • Opcode Fuzzy Hash: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                    • Instruction Fuzzy Hash: 5E01487114020AEFDB128F64EC84AEB3FACEF14394F004526F945E6120D335D964DFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004035BD, Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 20COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004035BD() {
				void* _t1;
				void* _t2;
				void* _t4;
				void* _t7;
				signed int _t12;

				_t1 =  *0x409014; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x409014 =  *0x409014 | 0xffffffff;
				}
				_t2 =  *0x409018; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x409018 =  *0x409018 | 0xffffffff;
					_t12 =  *0x409018;
				}
				E0040361A();
				_t4 = E0040548B(_t7, _t12, "C:\\Users\\jones\\AppData\\Local\\Temp\\nst827B.tmp\\", 7); // executed
				return _t4;
			}








                                    0x004035bd
                                    0x004035cc
                                    0x004035cf
                                    0x004035d1
                                    0x004035d1
                                    0x004035d8
                                    0x004035e0
                                    0x004035e3
                                    0x004035e5
                                    0x004035e5
                                    0x004035e5
                                    0x004035ec
                                    0x004035f8
                                    0x004035fe

                                    APIs
                                    • CloseHandle.KERNEL32(FFFFFFFF,00000000,0040342D,00000000), ref: 004035CF
                                    • CloseHandle.KERNEL32(FFFFFFFF,00000000,0040342D,00000000), ref: 004035E3
                                    Strings
                                    • C:\Users\user\AppData\Local\Temp\nst827B.tmp\, xrefs: 004035F3
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CloseHandle
                                    • String ID: C:\Users\user\AppData\Local\Temp\nst827B.tmp\
                                    • API String ID: 2962429428-1752520813
                                    • Opcode ID: d5091cb339cf9ca4b2a17f3525511bedeea9812c5bf65782ecb3b679df28d270
                                    • Instruction ID: 5c77e6c533590f6c422f1e12d180fd4ee44bb6ddfd602f374d0031013ab669df
                                    • Opcode Fuzzy Hash: d5091cb339cf9ca4b2a17f3525511bedeea9812c5bf65782ecb3b679df28d270
                                    • Instruction Fuzzy Hash: 3AE08C30900610AAC234AF7CAE4594A3A1C9B413327248722F538F21F2C738AE824AAD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403EF1, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00403EF1(int _a4) {
				long _t3;

				if(_a4 == 0x78) {
					 *0x42366c =  *0x42366c + 1;
				}
				_t3 = SendMessageA( *0x423ea8, 0x408, _a4, 0); // executed
				return _t3;
			}




                                    0x00403ef6
                                    0x00403ef8
                                    0x00403ef8
                                    0x00403f0f
                                    0x00403f15

                                    APIs
                                    • SendMessageA.USER32(00000408,?,00000000,00403B53), ref: 00403F0F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID: x
                                    • API String ID: 3850602802-2363233923
                                    • Opcode ID: 46d605fedc9b17ed3aa99e624faff798016ffe450984ce7ce2feb54509c3447d
                                    • Instruction ID: 0a00224ba8322c10e7c5ad3fa7d0cdf23506fb3b21bf1cf3cfca3f20ccc8a775
                                    • Opcode Fuzzy Hash: 46d605fedc9b17ed3aa99e624faff798016ffe450984ce7ce2feb54509c3447d
                                    • Instruction Fuzzy Hash: 29C012B2688200BECB205F12DE01F06BA31E7A0703F109039F344200B4C2B86622EB0D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 69%
                                    			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423ed0; // 0x4b0994
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42368c =  *0x42368c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42368c, 0x7530,  *0x423674), 0); // executed
					}
				}
				return 0;
			}












                                    0x0040138a
                                    0x004013fa
                                    0x00401392
                                    0x0040139b
                                    0x004013a0
                                    0x00000000
                                    0x00000000
                                    0x004013a2
                                    0x004013a3
                                    0x004013ad
                                    0x00000000
                                    0x00401404
                                    0x004013b0
                                    0x004013b7
                                    0x004013bd
                                    0x004013be
                                    0x004013c0
                                    0x004013c2
                                    0x004013b9
                                    0x004013b9
                                    0x004013ba
                                    0x004013ba
                                    0x004013c9
                                    0x004013cb
                                    0x004013f4
                                    0x004013f4
                                    0x004013c9
                                    0x00000000

                                    APIs
                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                    • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                    • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                    • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                    • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404FD6, Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 50%
                                    			E00404FD6(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x423ec8; // 0x4afd4c
				_t10 =  *0x423ecc; // 0x3
				__imp__OleInitialize(0);
				 *0x423f58 =  *0x423f58 | __eax;
				E00403F64(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					while(1) {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) != 0 && E00401389( *_t12, _v0) != 0) {
							break;
						}
						_t12 = _t12 + 0x418;
						if(_t10 != 0) {
							continue;
						} else {
						}
						goto L7;
					}
					 *0x423f2c =  *0x423f2c + 1;
				}
				L7:
				E00403F64(0x404); // executed
				__imp__OleUninitialize();
				_t8 =  *0x423f2c; // 0x0
				return _t8;
			}








                                    0x00404fd7
                                    0x00404fde
                                    0x00404fe6
                                    0x00404fec
                                    0x00404ff4
                                    0x00404ffb
                                    0x00404ffd
                                    0x00405000
                                    0x00405000
                                    0x00405005
                                    0x00000000
                                    0x00000000
                                    0x00405016
                                    0x0040501e
                                    0x00000000
                                    0x00000000
                                    0x00405020
                                    0x00000000
                                    0x0040501e
                                    0x00405022
                                    0x00405022
                                    0x00405028
                                    0x0040502d
                                    0x00405032
                                    0x00405038
                                    0x0040503f

                                    APIs
                                    • OleInitialize.OLE32(00000000), ref: 00404FE6
                                      • Part of subcall function 00403F64: SendMessageA.USER32(00040494,00000000,00000000,00000000), ref: 00403F76
                                    • OleUninitialize.OLE32(00000404,00000000), ref: 00405032
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: InitializeMessageSendUninitialize
                                    • String ID:
                                    • API String ID: 2896919175-0
                                    • Opcode ID: 556d00a79d4960ff1ce6e89c465a7e0d9a54ac6e1d471b85b6eeaa2226694139
                                    • Instruction ID: 3b1d1a5f3629fb090bd5a0ea86c798931cabf3c291590e76d9817694e46b8829
                                    • Opcode Fuzzy Hash: 556d00a79d4960ff1ce6e89c465a7e0d9a54ac6e1d471b85b6eeaa2226694139
                                    • Instruction Fuzzy Hash: BEF02477E00201AAD3206F68AD00B1B7774EF88302F06443AFE04722E1C77D89428B9D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402866, Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00402866(signed int __eax) {
				RECT* _t10;
				signed int _t12;
				void* _t16;

				_t12 =  *0x4214a0; // 0x1
				SendMessageA( *(_t16 - 0x34), 0xb, _t12 & __eax, _t10); // executed
				if( *((intOrPtr*)(_t16 - 0x24)) != _t10) {
					InvalidateRect( *(_t16 - 0x34), _t10, _t10);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t16 - 4));
				return 0;
			}






                                    0x00402866
                                    0x00402875
                                    0x0040287e
                                    0x00402885
                                    0x00402885
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • SendMessageA.USER32(?,0000000B,00000001), ref: 00402875
                                    • InvalidateRect.USER32(?), ref: 00402885
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: InvalidateMessageRectSend
                                    • String ID:
                                    • API String ID: 909852535-0
                                    • Opcode ID: 46d6f11c940701ec0eb3576edbaf6f76ecda1d887e6a847d8cdde8d99bec7f9f
                                    • Instruction ID: bcd717e7596d016e205178ba64243b8d7c77eee19d70b8784ae4534d65a4b435
                                    • Opcode Fuzzy Hash: 46d6f11c940701ec0eb3576edbaf6f76ecda1d887e6a847d8cdde8d99bec7f9f
                                    • Instruction Fuzzy Hash: 2AE08C72B00104FFDB10DF94FE959AE77BAEB44359B10007AF201F10A0D2341D00CA28
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401D95, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                    Download Yara Rule
                                    APIs
                                    • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DAB
                                    • EnableWindow.USER32(00000000,00000000), ref: 00401DB6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Window$EnableShow
                                    • String ID:
                                    • API String ID: 1136574915-0
                                    • Opcode ID: 01184a99a098fa4f7b5ffd0caf4b96e4eb64a91bfbc6cfc84e1934e58c82cbe0
                                    • Instruction ID: 0a77d41913575adca2a7ede6e8d56263b744db67c7fbf003078f88b8ecd5966f
                                    • Opcode Fuzzy Hash: 01184a99a098fa4f7b5ffd0caf4b96e4eb64a91bfbc6cfc84e1934e58c82cbe0
                                    • Instruction Fuzzy Hash: 24E0C272F08210DBD710FBB4AE899AE3274DB403A9B10453BF503F20C1D6B89C8196EE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040583D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 68%
                                    			E0040583D(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                    0x00405841
                                    0x0040584e
                                    0x00405863
                                    0x00405869

                                    APIs
                                    • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,80000000,00000003), ref: 00405841
                                    • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: File$AttributesCreate
                                    • String ID:
                                    • API String ID: 415043291-0
                                    • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                    • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                    • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                    • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040581E, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040581E(CHAR* _a4) {
				signed char _t3;
				int _t5;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
					return _t5;
				}
				return _t3;
			}





                                    0x00405822
                                    0x0040582b
                                    0x00405834
                                    0x00000000
                                    0x00405834
                                    0x0040583a

                                    APIs
                                    • GetFileAttributesA.KERNELBASE(?,00405629,?,?,?), ref: 00405822
                                    • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405834
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: AttributesFile
                                    • String ID:
                                    • API String ID: 3188754299-0
                                    • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                    • Instruction ID: 89544605ef234ac14ed66c3b065a2d642d1346908a696065e0ba681aeed38476
                                    • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                    • Instruction Fuzzy Hash: F8C04CB1808501ABD7056B24EF0D81F7B66EF50325B108B35F5A9E00F0C7355C66DA1A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402615, Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 33%
                                    			E00402615(char __ebx, char* __esi, void* __eflags) {
				int _t9;
				char _t12;
				void* _t14;
				void* _t15;
				void* _t19;

				_t17 = __esi;
				_t12 = __ebx;
				_pop(ds);
				if(__eflags == 0) {
					L2:
					 *((intOrPtr*)(_t19 - 4)) = 1;
					 *_t17 = _t12;
				} else {
					_t9 = FindNextFileA(E00405ADD(_t14, _t15), _t19 - 0x1a4); // executed
					if(_t9 != 0) {
						_push(_t19 - 0x178);
						_push(__esi);
						E00405B66();
					} else {
						goto L2;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}








                                    0x00402615
                                    0x00402615
                                    0x00402615
                                    0x00402616
                                    0x00402630
                                    0x00402630
                                    0x00402637
                                    0x00402618
                                    0x00402626
                                    0x0040262e
                                    0x00402675
                                    0x00402676
                                    0x004027b1
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040262e
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • FindNextFileA.KERNELBASE(00000000,?,?), ref: 00402626
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileFindNext
                                    • String ID:
                                    • API String ID: 2029273394-0
                                    • Opcode ID: 1b2096366f9d60c073af6be6c907b9621ce39872e8c26c5f5c0e0ec0b15a29fb
                                    • Instruction ID: 985f2403c07579d6712aaa9ce172f0afd7b6bd539b2011b98a7510670cf64351
                                    • Opcode Fuzzy Hash: 1b2096366f9d60c073af6be6c907b9621ce39872e8c26c5f5c0e0ec0b15a29fb
                                    • Instruction Fuzzy Hash: D7E06D32A04104DBD710EFA4AA88AEA73B8DB41348F60447BE402F21C1E2BD9A455B6A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402223, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00402223(int __eax, CHAR* __ebx) {
				CHAR* _t11;
				void* _t13;
				CHAR* _t14;
				void* _t18;
				int _t22;

				_t11 = __ebx;
				_t5 = __eax;
				_t14 = 0;
				if(__eax != __ebx) {
					__eax = E004029F6(__ebx);
				}
				if(_t13 != _t11) {
					_t14 = E004029F6(0x11);
				}
				if( *((intOrPtr*)(_t18 - 0x14)) != _t11) {
					_t11 = E004029F6(0x22);
				}
				_t5 = WritePrivateProfileStringA(0, _t14, _t11, E004029F6(0xffffffcd)); // executed
				_t22 = _t5;
				if(_t22 == 0) {
					 *((intOrPtr*)(_t18 - 4)) = 1;
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t18 - 4));
				return 0;
			}








                                    0x00402223
                                    0x00402223
                                    0x00402225
                                    0x00402229
                                    0x0040222c
                                    0x00402234
                                    0x00402238
                                    0x00402241
                                    0x00402241
                                    0x00402246
                                    0x0040224f
                                    0x0040224f
                                    0x0040225c
                                    0x004015a6
                                    0x004015a8
                                    0x0040265c
                                    0x0040265c
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040225C
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: PrivateProfileStringWrite
                                    • String ID:
                                    • API String ID: 390214022-0
                                    • Opcode ID: b6116c209c80720ea8c5b66b32d343bdc214f8bf2523826a10554ae8e2aaa3ef
                                    • Instruction ID: 7f0f3d0bfb11d3a69440f7e30d7772d63b8707f304f836d716d69bda9ce5b450
                                    • Opcode Fuzzy Hash: b6116c209c80720ea8c5b66b32d343bdc214f8bf2523826a10554ae8e2aaa3ef
                                    • Instruction Fuzzy Hash: 31E04871F002656BDBA07AF14F8D97F115C7B84344F14027EBA15762C6E9BC4D416169
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004025CC, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 44%
                                    			E004025CC(void* __eflags) {
				long _t6;
				long _t8;
				LONG* _t10;
				void* _t12;
				void* _t15;
				void* _t17;

				_push(ds);
				if(__eflags != 0) {
					_t6 = E004029D9(2);
					_t8 = SetFilePointer(E00405ADD(_t12, _t15), _t6, _t10,  *(_t17 - 0x18)); // executed
					if( *((intOrPtr*)(_t17 - 0x20)) >= _t10) {
						_push(_t8);
						E00405AC4();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                    0x004025cc
                                    0x004025cd
                                    0x004025d9
                                    0x004025e6
                                    0x004025ef
                                    0x00402831
                                    0x00402833
                                    0x00402833
                                    0x004025ef
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004025E6
                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FilePointerwsprintf
                                    • String ID:
                                    • API String ID: 327478801-0
                                    • Opcode ID: 3059be8c82d4397c86f1532bacb28e72089f78617d9c0675f34511d3d01b3758
                                    • Instruction ID: 2b12485fa52346b996e4869e092ed6d36d9f18209e02d62845b21ba0c7d9cf2c
                                    • Opcode Fuzzy Hash: 3059be8c82d4397c86f1532bacb28e72089f78617d9c0675f34511d3d01b3758
                                    • Instruction Fuzzy Hash: 88E04876A00101ABD701F7955E89CBF7678DB50359B10453BF501F00D1C67D49429A6E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004031BF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004031BF(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                    0x004031c3
                                    0x004031d6
                                    0x004031de
                                    0x00000000
                                    0x004031e5
                                    0x00000000
                                    0x004031e7

                                    APIs
                                    • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileRead
                                    • String ID:
                                    • API String ID: 2738559852-0
                                    • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                    • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                    • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                    • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403F18, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00403F18(intOrPtr _a12) {
				intOrPtr _v0;
				struct HWND__* _v4;
				int _t7;
				void* _t8;
				void* _t9;
				void* _t10;

				_t7 = SetDlgItemTextA(_v4, _v0 + 0x3e8, E00405B88(_t8, _t9, _t10, 0, _a12)); // executed
				return _t7;
			}









                                    0x00403f32
                                    0x00403f37

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ItemText
                                    • String ID:
                                    • API String ID: 3367045223-0
                                    • Opcode ID: a4344885837872da06a0b73f422c0a40da7d5145ed9eee0f172373294b1062d3
                                    • Instruction ID: 32956ba5a052c000d200729fffd4f2c944d874cb1110b62223aa4bdd109d9e57
                                    • Opcode Fuzzy Hash: a4344885837872da06a0b73f422c0a40da7d5145ed9eee0f172373294b1062d3
                                    • Instruction Fuzzy Hash: E4C08C31048200BFD241AB04CC42F1FB3A8EFA0327F00C92EB05CE00D2C634D420CE2A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403F64, Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00403F64(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x423678; // 0x40494
				if(_t2 != 0) {
					_t3 = SendMessageA(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                    0x00403f64
                                    0x00403f6b
                                    0x00403f76
                                    0x00000000
                                    0x00403f76
                                    0x00403f7c

                                    APIs
                                    • SendMessageA.USER32(00040494,00000000,00000000,00000000), ref: 00403F76
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: 74a19277012f6d931596f598d2f6ffa2ec736fc7041dbb57cfa43a045af561dc
                                    • Instruction ID: 4934297729c285da13a483c37f1bad53b44c21571947472378d90217470b6476
                                    • Opcode Fuzzy Hash: 74a19277012f6d931596f598d2f6ffa2ec736fc7041dbb57cfa43a045af561dc
                                    • Instruction Fuzzy Hash: 6CC04C71B442017AEA209F619D45F177B68A754701F5444657204A51D0C674E510D61D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403F4D, Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00403F4D(int _a4) {
				long _t2;

				_t2 = SendMessageA( *0x423ea8, 0x28, _a4, 1); // executed
				return _t2;
			}




                                    0x00403f5b
                                    0x00403f61

                                    APIs
                                    • SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                                    • Instruction ID: 0662716cb4741bc9db58cdf5bc89cb1196afa115b106f7c4ea820954fb206898
                                    • Opcode Fuzzy Hash: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                                    • Instruction Fuzzy Hash: 17B09276685201BADA215B10DE09F457E62E764702F018064B204240B0C6B200A5DB09
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004031F1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004031F1(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                    0x004031ff
                                    0x00403205

                                    APIs
                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,0000E9E4), ref: 004031FF
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FilePointer
                                    • String ID:
                                    • API String ID: 973152223-0
                                    • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                    • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                    • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                    • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403F3A, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00403F3A(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x420498, _a4); // executed
				return _t2;
			}




                                    0x00403f44
                                    0x00403f4a

                                    APIs
                                    • KiUserCallbackDispatcher.NTDLL(?,00403D17), ref: 00403F44
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CallbackDispatcherUser
                                    • String ID:
                                    • API String ID: 2492992576-0
                                    • Opcode ID: 315e157356e8942ef3b8d7e2082c61631171d9164c942d8812de0ab912510814
                                    • Instruction ID: 218003202f2b1835e3bff4e9bf146b8b4f872d9b8cc4e3003fd48478f7f9154f
                                    • Opcode Fuzzy Hash: 315e157356e8942ef3b8d7e2082c61631171d9164c942d8812de0ab912510814
                                    • Instruction Fuzzy Hash: 09A002755051049BCA519B54DE048057A62A754701741C479B24551575C7315461EB6E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 00404853, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8; // 0x4afd4c
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423eb0; // 0x4afae0
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423eb9 & 0x00000002;
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423eb8; // 0x81
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x42047c;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x420494;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x42047c = _t315;
									 *0x420494 = _t315;
									 *0x423f00 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423eb9 & 0x00000001;
										if(( *0x423eb9 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423ecc - _t315; // 0x3
										_v32 =  *0x420494;
										_t196 =  *0x423ec8; // 0x4afd4c
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42367c; // 0x4c4f3a
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x4afd54
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x4afd64
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423ecc; // 0x3
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x420494);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423f00 = _a4;
					_t247 =  *0x423ecc; // 0x3
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					 *0x420490 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423ecc - _t318; // 0x3
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423ecc; // 0x3
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                    0x00404871
                                    0x00404877
                                    0x00404879
                                    0x0040487f
                                    0x00404885
                                    0x00404888
                                    0x00404892
                                    0x0040489b
                                    0x0040489e
                                    0x004048a1
                                    0x00404ac9
                                    0x00404ac9
                                    0x00404ad0
                                    0x00404ae4
                                    0x00404ad2
                                    0x00404ad4
                                    0x00404ad7
                                    0x00404ad8
                                    0x00404adf
                                    0x00404adf
                                    0x00404ae7
                                    0x00404af0
                                    0x00404afb
                                    0x00404afb
                                    0x00404afe
                                    0x00404b01
                                    0x00404b10
                                    0x00404b10
                                    0x00404b17
                                    0x00404b8f
                                    0x00404b8f
                                    0x00404b92
                                    0x00404b94
                                    0x00404b97
                                    0x00404b9e
                                    0x00404bac
                                    0x00404bac
                                    0x00404bae
                                    0x00404bb1
                                    0x00404bb8
                                    0x00404bba
                                    0x00404bbe
                                    0x00404bdb
                                    0x00404bdf
                                    0x00404bdf
                                    0x00404bc0
                                    0x00404bcd
                                    0x00404bcd
                                    0x00404bbe
                                    0x00404bb8
                                    0x00000000
                                    0x00404b92
                                    0x00404b19
                                    0x00404b1c
                                    0x00404b27
                                    0x00404b29
                                    0x00404b2c
                                    0x00404b33
                                    0x00404b38
                                    0x00404b3a
                                    0x00404b44
                                    0x00404b44
                                    0x00404b48
                                    0x00404b4a
                                    0x00404b4d
                                    0x00404b4f
                                    0x00404b52
                                    0x00404b68
                                    0x00404b68
                                    0x00404b54
                                    0x00404b54
                                    0x00404b5a
                                    0x00404b5c
                                    0x00404b63
                                    0x00404b5e
                                    0x00404b5e
                                    0x00404b5e
                                    0x00404b5c
                                    0x00404b6c
                                    0x00404b6e
                                    0x00404b73
                                    0x00404b7c
                                    0x00404b7d
                                    0x00404b87
                                    0x00404b87
                                    0x00404b89
                                    0x00404b8c
                                    0x00404b8c
                                    0x00404b4d
                                    0x00000000
                                    0x00404b3a
                                    0x00404b1e
                                    0x00404b21
                                    0x00404b25
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404b25
                                    0x00404b03
                                    0x00404b0a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404af2
                                    0x00404af2
                                    0x00404af5
                                    0x00404be2
                                    0x00404be2
                                    0x00404be9
                                    0x00404c5d
                                    0x00404c5d
                                    0x00404c64
                                    0x00404c70
                                    0x00404c70
                                    0x00404c72
                                    0x00404c79
                                    0x00404c7b
                                    0x00404c80
                                    0x00404c82
                                    0x00404c85
                                    0x00404c85
                                    0x00404c8b
                                    0x00404c90
                                    0x00404c92
                                    0x00404c95
                                    0x00404c95
                                    0x00404c9b
                                    0x00404ca1
                                    0x00404ca7
                                    0x00404ca7
                                    0x00404cad
                                    0x00404cb4
                                    0x00404e01
                                    0x00404e01
                                    0x00404e08
                                    0x00404e0a
                                    0x00404e11
                                    0x00404e15
                                    0x00404e22
                                    0x00404e22
                                    0x00404e25
                                    0x00404e2b
                                    0x00404e3d
                                    0x00404e3d
                                    0x00404e11
                                    0x00000000
                                    0x00404cba
                                    0x00404cbc
                                    0x00404cc1
                                    0x00404cc4
                                    0x00404cc8
                                    0x00404cc8
                                    0x00404ccd
                                    0x00404cd0
                                    0x00404d11
                                    0x00404d13
                                    0x00404d1d
                                    0x00404d23
                                    0x00404d26
                                    0x00404d2b
                                    0x00404d32
                                    0x00404d35
                                    0x00404dd7
                                    0x00404ddd
                                    0x00404de3
                                    0x00404de8
                                    0x00404deb
                                    0x00404dfc
                                    0x00404dfc
                                    0x00000000
                                    0x00404d3b
                                    0x00404d3b
                                    0x00404d3b
                                    0x00404d3e
                                    0x00404d44
                                    0x00404d47
                                    0x00404d49
                                    0x00404d4b
                                    0x00404d4d
                                    0x00404d50
                                    0x00404d53
                                    0x00404d5a
                                    0x00404d5c
                                    0x00404d5f
                                    0x00404d66
                                    0x00404d69
                                    0x00404d69
                                    0x00404d69
                                    0x00404d69
                                    0x00404d6d
                                    0x00404d70
                                    0x00404d7c
                                    0x00404d7d
                                    0x00404d80
                                    0x00404d82
                                    0x00404d82
                                    0x00404d82
                                    0x00404d72
                                    0x00404d74
                                    0x00404d74
                                    0x00404da1
                                    0x00404da1
                                    0x00404da2
                                    0x00404dae
                                    0x00404dbd
                                    0x00404dbd
                                    0x00404dbf
                                    0x00404dc2
                                    0x00404dcb
                                    0x00404dcb
                                    0x00000000
                                    0x00404d3e
                                    0x00404cd2
                                    0x00404cdd
                                    0x00404ce0
                                    0x00404ce5
                                    0x00404ce7
                                    0x00404ce9
                                    0x00404ceb
                                    0x00404cfb
                                    0x00404d05
                                    0x00404d07
                                    0x00404d0a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404ced
                                    0x00404ced
                                    0x00404ced
                                    0x00404cf0
                                    0x00404cf3
                                    0x00404cf5
                                    0x00404cf5
                                    0x00404cf5
                                    0x00404cf6
                                    0x00404cf7
                                    0x00404cf7
                                    0x00000000
                                    0x00404ced
                                    0x00404cd0
                                    0x00404cb4
                                    0x00404beb
                                    0x00404bf1
                                    0x00000000
                                    0x00000000
                                    0x00404bfd
                                    0x00404c01
                                    0x00000000
                                    0x00000000
                                    0x00404c11
                                    0x00404c13
                                    0x00404c16
                                    0x00000000
                                    0x00000000
                                    0x00404c28
                                    0x00404c2a
                                    0x00404c2d
                                    0x00404c37
                                    0x00404c39
                                    0x00404c3a
                                    0x00404c3b
                                    0x00404c4a
                                    0x00404c4c
                                    0x00404c53
                                    0x00404c56
                                    0x00000000
                                    0x00404c56
                                    0x00404c2f
                                    0x00404c32
                                    0x00404c35
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404c35
                                    0x00000000
                                    0x00404af5
                                    0x004048a7
                                    0x004048ac
                                    0x004048b1
                                    0x004048b6
                                    0x004048b7
                                    0x004048c0
                                    0x004048cb
                                    0x004048d6
                                    0x004048dc
                                    0x004048ea
                                    0x004048ff
                                    0x00404904
                                    0x0040490f
                                    0x00404918
                                    0x0040492d
                                    0x0040493e
                                    0x0040494b
                                    0x0040494b
                                    0x00404950
                                    0x00404956
                                    0x00404958
                                    0x0040495b
                                    0x00404960
                                    0x00404965
                                    0x00404967
                                    0x00404967
                                    0x00404987
                                    0x00404987
                                    0x00404989
                                    0x0040498a
                                    0x0040498f
                                    0x00404992
                                    0x00404995
                                    0x00404999
                                    0x0040499e
                                    0x004049a3
                                    0x004049a7
                                    0x004049ac
                                    0x004049b1
                                    0x004049b3
                                    0x004049b5
                                    0x004049bb
                                    0x00404a85
                                    0x00404a98
                                    0x00000000
                                    0x004049c1
                                    0x004049c4
                                    0x004049c7
                                    0x004049ca
                                    0x004049ca
                                    0x004049d0
                                    0x004049d6
                                    0x004049d9
                                    0x004049df
                                    0x004049e0
                                    0x004049e5
                                    0x004049ee
                                    0x004049f5
                                    0x004049f8
                                    0x004049fb
                                    0x004049fe
                                    0x00404a38
                                    0x00404a3a
                                    0x00404a63
                                    0x00404a3c
                                    0x00404a49
                                    0x00404a49
                                    0x00404a00
                                    0x00404a03
                                    0x00404a12
                                    0x00404a1c
                                    0x00404a24
                                    0x00404a2b
                                    0x00404a33
                                    0x00404a33
                                    0x004049fe
                                    0x00404a69
                                    0x00404a6a
                                    0x00404a70
                                    0x00404a76
                                    0x00404a76
                                    0x00404a83
                                    0x00404a9e
                                    0x00404aa2
                                    0x00404abf
                                    0x00404ac4
                                    0x00404ac7
                                    0x00404ac7
                                    0x00000000
                                    0x00404aa4
                                    0x00404aa9
                                    0x00404ab2
                                    0x00404e3f
                                    0x00404e51
                                    0x00404e51
                                    0x00404aa2
                                    0x00000000
                                    0x00404a83
                                    0x004049bb

                                    APIs
                                    • GetDlgItem.USER32 ref: 0040486A
                                    • GetDlgItem.USER32 ref: 00404877
                                    • GlobalAlloc.KERNEL32(00000040,00000003), ref: 004048C3
                                    • LoadBitmapA.USER32 ref: 004048D6
                                    • SetWindowLongA.USER32 ref: 004048F0
                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404904
                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404918
                                    • SendMessageA.USER32(?,00001109,00000002), ref: 0040492D
                                    • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404939
                                    • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040494B
                                    • DeleteObject.GDI32(?), ref: 00404950
                                    • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040497B
                                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404987
                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A1C
                                    • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A47
                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A5B
                                    • GetWindowLongA.USER32 ref: 00404A8A
                                    • SetWindowLongA.USER32 ref: 00404A98
                                    • ShowWindow.USER32(?,00000005), ref: 00404AA9
                                    • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BAC
                                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C11
                                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C26
                                    • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C4A
                                    • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C70
                                    • ImageList_Destroy.COMCTL32(?), ref: 00404C85
                                    • GlobalFree.KERNEL32 ref: 00404C95
                                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D05
                                    • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404DAE
                                    • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DBD
                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404DDD
                                    • ShowWindow.USER32(?,00000000), ref: 00404E2B
                                    • GetDlgItem.USER32 ref: 00404E36
                                    • ShowWindow.USER32(00000000), ref: 00404E3D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                    • String ID: $:OL$M$N
                                    • API String ID: 1638840714-1095018119
                                    • Opcode ID: 9d7127013aa6371c945dd951bd4b8b5fe2ec9ac9385b3123730207c7727c871c
                                    • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                    • Opcode Fuzzy Hash: 9d7127013aa6371c945dd951bd4b8b5fe2ec9ac9385b3123730207c7727c871c
                                    • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404356, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 266stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 78%
                                    			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc70; // 0x4afc8c
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t162);
					E00405DC8(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t162);
							if(E0040573A(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t162);
							_t145 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t162);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004056A0(0x41f468) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42367c; // 0x4c4f3a
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f458);
									} else {
										E004046F1(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403F3A(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x42048c == _t145) {
									E004042EB();
								}
								 *0x42048c = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t162;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t162, 0x41f870, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405659(_t162);
								_t124 =  *0x423eb0; // 0x4afae0
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver") {
									E00405B88(0x3fb, 0x4204a0, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x4204a0) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004056C6(_t162) != 0 && E004056ED(_t162) == 0) {
						E00405659(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t159);
					E00403F4D(_v12);
					_t138 = E00405E88(7);
					if(_t138 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}








































                                    0x0040435c
                                    0x00404363
                                    0x0040436f
                                    0x0040437d
                                    0x00404385
                                    0x00404389
                                    0x0040438f
                                    0x0040438f
                                    0x0040439b
                                    0x0040440f
                                    0x00404416
                                    0x004044eb
                                    0x004044f2
                                    0x00404501
                                    0x00404501
                                    0x00404505
                                    0x0040450b
                                    0x00404518
                                    0x0040451a
                                    0x0040451a
                                    0x00404528
                                    0x0040452d
                                    0x00404530
                                    0x00404537
                                    0x0040453a
                                    0x00404571
                                    0x00404573
                                    0x00404579
                                    0x00404580
                                    0x00404582
                                    0x00404582
                                    0x0040459e
                                    0x004045da
                                    0x00000000
                                    0x004045a0
                                    0x004045a3
                                    0x004045b7
                                    0x004045b9
                                    0x00000000
                                    0x004045b9
                                    0x0040453c
                                    0x00404540
                                    0x0040456f
                                    0x0040456f
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404542
                                    0x00404542
                                    0x0040454f
                                    0x00404554
                                    0x00000000
                                    0x00000000
                                    0x00404558
                                    0x0040455a
                                    0x0040455a
                                    0x00404565
                                    0x00404568
                                    0x0040456d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040456d
                                    0x004045c8
                                    0x004045cf
                                    0x004045d6
                                    0x004045dd
                                    0x004045dd
                                    0x004045e2
                                    0x004045e4
                                    0x004045ec
                                    0x004045f2
                                    0x004045f2
                                    0x004045f9
                                    0x00404602
                                    0x0040460c
                                    0x00404614
                                    0x0040462a
                                    0x00404616
                                    0x0040461a
                                    0x0040461a
                                    0x00404614
                                    0x0040462f
                                    0x00404634
                                    0x00404639
                                    0x00404642
                                    0x00404642
                                    0x0040464b
                                    0x0040464d
                                    0x0040464d
                                    0x00404659
                                    0x00404661
                                    0x0040466b
                                    0x0040466b
                                    0x00404670
                                    0x00000000
                                    0x00404670
                                    0x0040453a
                                    0x004044f4
                                    0x004044fb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004044fb
                                    0x0040441c
                                    0x00404422
                                    0x0040443c
                                    0x00404441
                                    0x0040444b
                                    0x00404452
                                    0x00404461
                                    0x00404464
                                    0x00404467
                                    0x0040446e
                                    0x00404476
                                    0x00404479
                                    0x0040447d
                                    0x00404484
                                    0x0040448c
                                    0x004044e4
                                    0x0040448e
                                    0x0040448f
                                    0x00404496
                                    0x0040449b
                                    0x004044a0
                                    0x004044a8
                                    0x004044b5
                                    0x004044c9
                                    0x004044cd
                                    0x004044cd
                                    0x004044c9
                                    0x004044d2
                                    0x004044dd
                                    0x004044dd
                                    0x0040448c
                                    0x00000000
                                    0x00404441
                                    0x0040442f
                                    0x00000000
                                    0x00000000
                                    0x00404435
                                    0x00000000
                                    0x0040439d
                                    0x0040439d
                                    0x004043a9
                                    0x004043b3
                                    0x004043c0
                                    0x004043c0
                                    0x004043c6
                                    0x004043cf
                                    0x004043d8
                                    0x004043db
                                    0x004043de
                                    0x004043e6
                                    0x004043e9
                                    0x004043ec
                                    0x004043f4
                                    0x004043fb
                                    0x00404402
                                    0x00404676
                                    0x00404688
                                    0x00404688
                                    0x0040440d
                                    0x00000000
                                    0x0040440d

                                    APIs
                                    • GetDlgItem.USER32 ref: 004043A2
                                    • SetWindowTextA.USER32(?,?), ref: 004043CF
                                    • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                    • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                    • lstrcmpiA.KERNEL32(Remove folder: ,004204A0,00000000,?,?), ref: 004044C1
                                    • lstrcatA.KERNEL32(?,Remove folder: ), ref: 004044CD
                                    • SetDlgItemTextA.USER32 ref: 004044DD
                                      • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                      • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                    • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                    • SetDlgItemTextA.USER32 ref: 0040462A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                    • String ID: :OL$A$C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$Remove folder:
                                    • API String ID: 2246997448-4033990394
                                    • Opcode ID: 3cdee0d3b15a5f473c4b90c9f3f5b15abf96d87614e60a3eade95cc215b2791d
                                    • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                    • Opcode Fuzzy Hash: 3cdee0d3b15a5f473c4b90c9f3f5b15abf96d87614e60a3eade95cc215b2791d
                                    • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0; // 0x4afae0
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "CL-Eye Driver Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423ea8; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                    0x0040100a
                                    0x00401039
                                    0x00401047
                                    0x0040104d
                                    0x00401051
                                    0x0040105b
                                    0x00401061
                                    0x00401064
                                    0x004010f3
                                    0x00401089
                                    0x0040108c
                                    0x004010a6
                                    0x004010bd
                                    0x004010cc
                                    0x004010cf
                                    0x004010d5
                                    0x004010d9
                                    0x004010e4
                                    0x004010ed
                                    0x004010ef
                                    0x004010ef
                                    0x00401100
                                    0x00401105
                                    0x0040110d
                                    0x00401110
                                    0x00401112
                                    0x00401118
                                    0x0040111f
                                    0x00401126
                                    0x00401130
                                    0x00401142
                                    0x00401156
                                    0x00401160
                                    0x00401165
                                    0x00401165
                                    0x00401110
                                    0x0040116e
                                    0x00000000
                                    0x00401178
                                    0x00401010
                                    0x00401013
                                    0x00401015
                                    0x00401019
                                    0x0040101f
                                    0x0040101f
                                    0x00000000

                                    APIs
                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                    • BeginPaint.USER32(?,?), ref: 00401047
                                    • GetClientRect.USER32 ref: 0040105B
                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                    • FillRect.USER32 ref: 004010E4
                                    • DeleteObject.GDI32(?), ref: 004010ED
                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                    • SetTextColor.GDI32(00000000,?), ref: 00401130
                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                    • DrawTextA.USER32(00000000,CL-Eye Driver Setup,000000FF,00000010,00000820), ref: 00401156
                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                    • DeleteObject.GDI32(?), ref: 00401165
                                    • EndPaint.USER32(?,?), ref: 0040116E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                    • String ID: CL-Eye Driver Setup$F
                                    • API String ID: 941294808-3089066853
                                    • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                    • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                    • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                    • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 93%
                                    			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t18 =  *0x423eb0; // 0x4afae0
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057B2(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057B2(_t26 + 0xa, 0x409350);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                    0x004058ba
                                    0x004058c1
                                    0x004058c5
                                    0x004058ce
                                    0x004058d2
                                    0x00405a11
                                    0x00405a11
                                    0x00000000
                                    0x00405a11
                                    0x004058d2
                                    0x004058de
                                    0x004058f4
                                    0x0040591c
                                    0x00405927
                                    0x0040592b
                                    0x0040594b
                                    0x0040594d
                                    0x00405952
                                    0x0040595c
                                    0x00405969
                                    0x0040596e
                                    0x00405973
                                    0x00405977
                                    0x00000000
                                    0x00000000
                                    0x00405986
                                    0x00405988
                                    0x00405995
                                    0x00405999
                                    0x00405a0a
                                    0x00405a0b
                                    0x00000000
                                    0x004059b5
                                    0x004059c2
                                    0x00405a27
                                    0x00405a2e
                                    0x004059d5
                                    0x004059d5
                                    0x004059d7
                                    0x004059e0
                                    0x004059eb
                                    0x004059fd
                                    0x00405a04
                                    0x00000000
                                    0x00405a04
                                    0x00405a30
                                    0x00405a31
                                    0x00405a36
                                    0x00405a38
                                    0x00405a45
                                    0x00405a45
                                    0x00405a49
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405a3a
                                    0x00405a3a
                                    0x00405a3d
                                    0x00405a40
                                    0x00405a41
                                    0x00000000
                                    0x00405a3a
                                    0x004059cd
                                    0x004059d2
                                    0x00000000
                                    0x004059d2
                                    0x00405999
                                    0x004058f6
                                    0x00405901
                                    0x0040590a
                                    0x0040590e
                                    0x00000000
                                    0x00000000
                                    0x0040590e
                                    0x00405a1b

                                    APIs
                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                      • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                    • GetShortPathNameA.KERNEL32(?,00422630,00000400), ref: 0040590A
                                    • GetShortPathNameA.KERNEL32(00000000,004220A8,00000400), ref: 00405927
                                    • wsprintfA.USER32 ref: 00405945
                                    • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                    • GlobalFree.KERNEL32 ref: 00405A04
                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                      • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                      • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                    • String ID: %s=%s$0&B$[Rename]
                                    • API String ID: 3772915668-951905037
                                    • Opcode ID: 05dc510c935a9252d183404297d509aa55311242524adffaf7837e6f51b89b1c
                                    • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                    • Opcode Fuzzy Hash: 05dc510c935a9252d183404297d509aa55311242524adffaf7837e6f51b89b1c
                                    • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405DC8, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                    0x00405dca
                                    0x00405dd2
                                    0x00405de6
                                    0x00405de6
                                    0x00405dec
                                    0x00405df9
                                    0x00405df9
                                    0x00405dfa
                                    0x00405dfc
                                    0x00405e00
                                    0x00405e02
                                    0x00405e0b
                                    0x00405e0d
                                    0x00405e27
                                    0x00405e2f
                                    0x00405e2f
                                    0x00405e34
                                    0x00405e36
                                    0x00405e38
                                    0x00405e3c
                                    0x00405e3d
                                    0x00405e40
                                    0x00405e48
                                    0x00405e4a
                                    0x00405e4e
                                    0x00000000
                                    0x00000000
                                    0x00405e54
                                    0x00405e59
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405e59
                                    0x00405e5e

                                    APIs
                                    • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                    • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                    • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                    • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                    Strings
                                    • "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install, xrefs: 00405DCE
                                    • *?|<>/":, xrefs: 00405E10
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DC9, 00405E04
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Char$Next$Prev
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                    • API String ID: 589700163-2259263818
                                    • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                    • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                    • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                    • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                    0x00403f91
                                    0x00404025
                                    0x00000000
                                    0x00404025
                                    0x00403fa2
                                    0x00403fa6
                                    0x00000000
                                    0x00000000
                                    0x00403fac
                                    0x00403fb5
                                    0x00403fb8
                                    0x00403fb8
                                    0x00403fbe
                                    0x00403fc4
                                    0x00403fc4
                                    0x00403fd0
                                    0x00403fd6
                                    0x00403fdd
                                    0x00403fe0
                                    0x00403fe3
                                    0x00403fe5
                                    0x00403fe5
                                    0x00403fed
                                    0x00403ff3
                                    0x00403ff3
                                    0x00403ffd
                                    0x00404002
                                    0x00404005
                                    0x0040400a
                                    0x0040400d
                                    0x0040400d
                                    0x0040401d
                                    0x0040401d
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                    • String ID:
                                    • API String ID: 2320649405-0
                                    • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                    • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                    • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                    • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8; // 0x0
					if(__eflags == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                    0x00402bdf
                                    0x00402be1
                                    0x00402be8
                                    0x00402beb
                                    0x00402beb
                                    0x00402bf1
                                    0x00000000
                                    0x00402bf1
                                    0x00402bf9
                                    0x00402bff
                                    0x00000000
                                    0x00402c02
                                    0x00402c09
                                    0x00402c0f
                                    0x00402c15
                                    0x00402c17
                                    0x00402c1d
                                    0x00402c5b
                                    0x00402c64
                                    0x00000000
                                    0x00402c69
                                    0x00402c1f
                                    0x00402c26
                                    0x00402c37
                                    0x00000000
                                    0x00402c45
                                    0x00402c26
                                    0x00402c71

                                    APIs
                                    • DestroyWindow.USER32(00000000,00000000), ref: 00402BEB
                                    • GetTickCount.KERNEL32 ref: 00402C09
                                    • wsprintfA.USER32 ref: 00402C37
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00402C4A,00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,00000000,00000000,00000000), ref: 00404F60
                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nst827B.tmp\), ref: 00404F72
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                    • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                    • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                      • Part of subcall function 00402BB7: MulDiv.KERNEL32(0002F569,00000064,0002FC52), ref: 00402BCC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                    • String ID: ... %d%%
                                    • API String ID: 722711167-2449383134
                                    • Opcode ID: 17bdaf27663d9d1b2b81c0b918eaf4f945a095ba4556a5c22c1c6286d7ec1668
                                    • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                    • Opcode Fuzzy Hash: 17bdaf27663d9d1b2b81c0b918eaf4f945a095ba4556a5c22c1c6286d7ec1668
                                    • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                    0x004047e1
                                    0x004047ee
                                    0x004047f4
                                    0x00404832
                                    0x00404832
                                    0x00404841
                                    0x00404848
                                    0x00000000
                                    0x0040484a
                                    0x004047f6
                                    0x00404805
                                    0x0040480d
                                    0x00404810
                                    0x00404822
                                    0x00404828
                                    0x0040482f
                                    0x00000000
                                    0x0040482f
                                    0x00000000

                                    APIs
                                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047EE
                                    • GetMessagePos.USER32 ref: 004047F6
                                    • ScreenToClient.USER32 ref: 00404810
                                    • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404822
                                    • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404848
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Message$Send$ClientScreen
                                    • String ID: f
                                    • API String ID: 41195575-1993550816
                                    • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                    • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                    • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                    • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                    0x00402b48
                                    0x00402b56
                                    0x00402b5c
                                    0x00402b5c
                                    0x00402b6a
                                    0x00402b6c
                                    0x00402b78
                                    0x00402b7d
                                    0x00402b7f
                                    0x00402b7f
                                    0x00402b8a
                                    0x00402b9a
                                    0x00402bac
                                    0x00402bac
                                    0x00402bb4

                                    APIs
                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                    • wsprintfA.USER32 ref: 00402B8A
                                    • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                    • SetDlgItemTextA.USER32 ref: 00402BAC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Text$ItemTimerWindowwsprintf
                                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                                    • API String ID: 1451636040-1158693248
                                    • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                    • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                    • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                    • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403978, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423eb0; // 0x4afae0
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, "CL-Eye Driver Setup", 0xfffffffe));
						_t11 =  *0x423ecc; // 0x3
						_t27 =  *0x423ec8; // 0x4afd4c
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x4afd64
								_t11 = E00405B88(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                    0x0040397c
                                    0x00403981
                                    0x00403987
                                    0x0040398c
                                    0x0040398c
                                    0x00403994
                                    0x00000000
                                    0x00000000
                                    0x00403996
                                    0x0040399c
                                    0x004039a4
                                    0x004039a6
                                    0x004039ac
                                    0x004039ac
                                    0x004039ae
                                    0x004039ba
                                    0x00000000
                                    0x00000000
                                    0x004039be
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004039c0
                                    0x004039c5
                                    0x004039ce
                                    0x004039d4
                                    0x004039d9
                                    0x004039ed
                                    0x004039f8
                                    0x00403a10
                                    0x00403a16
                                    0x00403a1b
                                    0x00403a23
                                    0x00403a44
                                    0x00403a44
                                    0x00403a44
                                    0x00403a25
                                    0x00403a27
                                    0x00403a27
                                    0x00403a2b
                                    0x00403a2e
                                    0x00403a32
                                    0x00403a32
                                    0x00403a37
                                    0x00403a3d
                                    0x00403a3d
                                    0x00000000
                                    0x00403a27
                                    0x004039db
                                    0x004039e0
                                    0x004039e9
                                    0x004039e2
                                    0x004039e2
                                    0x004039e2
                                    0x004039e0

                                    APIs
                                    • SetWindowTextA.USER32(00000000,CL-Eye Driver Setup), ref: 00403A10
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: TextWindow
                                    • String ID: 1033$:OL$C:\Users\user\AppData\Local\Temp\$CL-Eye Driver Setup
                                    • API String ID: 530164218-1416024508
                                    • Opcode ID: 3de9c273dcbb814963b36f795d2ecfd45048fc62fbd5e49154c857ec1ced3a84
                                    • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                    • Opcode Fuzzy Hash: 3de9c273dcbb814963b36f795d2ecfd45048fc62fbd5e49154c857ec1ced3a84
                                    • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401D1B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 67%
                                    			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, "MS Shell Dlg",  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                    0x00401d29
                                    0x00401d42
                                    0x00401d4c
                                    0x00401d51
                                    0x00401d5c
                                    0x00401d63
                                    0x00401d75
                                    0x00401d7b
                                    0x00401d80
                                    0x00401d8a
                                    0x004024b8
                                    0x00401561
                                    0x00402833
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • GetDC.USER32(?), ref: 00401D22
                                    • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                    • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                    • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CapsCreateDeviceFontIndirect
                                    • String ID: MS Shell Dlg
                                    • API String ID: 3272661963-76309092
                                    • Opcode ID: 65d6d6c3eade4a3ebb09d4d6b1d43c63415d6ff7796dc61260d2c7023a1fee7c
                                    • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                    • Opcode Fuzzy Hash: 65d6d6c3eade4a3ebb09d4d6b1d43c63415d6ff7796dc61260d2c7023a1fee7c
                                    • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 84%
                                    			E00402A36(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423f50; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A36(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						__eflags =  *0x423f50; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}










                                    0x00402a46
                                    0x00402a57
                                    0x00402a5f
                                    0x00402a87
                                    0x00402a6e
                                    0x00402a71
                                    0x00402ac1
                                    0x00402ac7
                                    0x00402ac9
                                    0x00000000
                                    0x00402ac9
                                    0x00402a7e
                                    0x00402a83
                                    0x00402a85
                                    0x00000000
                                    0x00000000
                                    0x00402a85
                                    0x00402a9c
                                    0x00402aa4
                                    0x00402aab
                                    0x00402ad1
                                    0x00402ad7
                                    0x00000000
                                    0x00000000
                                    0x00402adf
                                    0x00402ae5
                                    0x00402ae7
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00402ae7
                                    0x00000000
                                    0x00402aba
                                    0x00402ace

                                    APIs
                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A57
                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                    • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                    • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Close$DeleteEnumOpen
                                    • String ID:
                                    • API String ID: 1912718029-0
                                    • Opcode ID: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                    • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                    • Opcode Fuzzy Hash: 90165163457562f2d2db0d0e016cf4740f9c141c2854e05e69f214c53397e3bf
                                    • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 51%
                                    			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B88(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B88(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B88(_t34, 0, 0x4204a0, 0x4204a0, _a8);
				wsprintfA(_t26 + lstrlenA(0x4204a0), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                    0x004046f9
                                    0x004046fd
                                    0x00404705
                                    0x00404708
                                    0x00404709
                                    0x0040470b
                                    0x0040470d
                                    0x00404710
                                    0x00404710
                                    0x00404717
                                    0x0040471d
                                    0x0040471d
                                    0x00404724
                                    0x0040472f
                                    0x00404730
                                    0x00404733
                                    0x00404733
                                    0x00404740
                                    0x0040474b
                                    0x0040474e
                                    0x00404760
                                    0x00404767
                                    0x00404768
                                    0x00404777
                                    0x00404787
                                    0x004047a3

                                    APIs
                                    • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                    • wsprintfA.USER32 ref: 00404787
                                    • SetDlgItemTextA.USER32 ref: 0040479A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ItemTextlstrlenwsprintf
                                    • String ID: %u.%u%s%s
                                    • API String ID: 3540041739-3551169577
                                    • Opcode ID: c1bf9231fe92aebf28e2bf8449a75e77e369f05ec6904c2f29ee4e7a53275fee
                                    • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                    • Opcode Fuzzy Hash: c1bf9231fe92aebf28e2bf8449a75e77e369f05ec6904c2f29ee4e7a53275fee
                                    • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004053C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                    0x004053cf
                                    0x004053eb
                                    0x004053f3
                                    0x004053f8
                                    0x00000000
                                    0x004053fe
                                    0x00405402

                                    APIs
                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                    • CloseHandle.KERNEL32(?), ref: 004053F8
                                    Strings
                                    • Error launching installer, xrefs: 004053D9
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CloseCreateHandleProcess
                                    • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                    • API String ID: 3712363035-1785902839
                                    • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                    • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                    • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                    • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405659, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00405659(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                    0x0040565a
                                    0x00405671
                                    0x00405679
                                    0x00405679
                                    0x00405681

                                    APIs
                                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                    • lstrcatA.KERNEL32(?,00409010), ref: 00405679
                                    Strings
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharPrevlstrcatlstrlen
                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                    • API String ID: 2659869361-3081826266
                                    • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                    • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                    • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                    • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 85%
                                    			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                    0x00401ec7
                                    0x00401ecf
                                    0x00401ed4
                                    0x00401ed9
                                    0x00401edd
                                    0x00401ee0
                                    0x00401ee2
                                    0x00401ee9
                                    0x00401ef2
                                    0x00401efa
                                    0x00401efd
                                    0x00401f12
                                    0x00401f18
                                    0x00401f2b
                                    0x00401f34
                                    0x00401f40
                                    0x00401f45
                                    0x00401f45
                                    0x00401f2b
                                    0x00401f48
                                    0x00401b75
                                    0x00401b75
                                    0x00401efd
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                    • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                    • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                    • String ID:
                                    • API String ID: 1404258612-0
                                    • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                    • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                    • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                    • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004056ED, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004056ED(CHAR* _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t8 = _a4;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E00405684(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                                    0x004056f6
                                    0x004056fd
                                    0x00405700
                                    0x00405705
                                    0x00405718
                                    0x00405732
                                    0x00000000
                                    0x00405732
                                    0x0040571c
                                    0x0040571d
                                    0x00405720
                                    0x00405721
                                    0x00405729
                                    0x00000000
                                    0x00000000
                                    0x0040572b
                                    0x0040572e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040572e
                                    0x00000000
                                    0x0040570e
                                    0x00000000
                                    0x0040570f

                                    APIs
                                    • CharNextA.USER32(0040549F,?,C:\,00000000,00405751,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" -install,73BCF560), ref: 004056FB
                                    • CharNextA.USER32(00000000), ref: 00405700
                                    • CharNextA.USER32(00000000), ref: 0040570F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharNext
                                    • String ID: C:\
                                    • API String ID: 3213498283-3404278061
                                    • Opcode ID: 48d170df000bd52d6530e74bc6e21c30bbb8ee0efc11f7a91444a9d932de86af
                                    • Instruction ID: 78d2da9fff81111ace552b99da8146ab0c55ee08e32a6a48318d29482ea338b5
                                    • Opcode Fuzzy Hash: 48d170df000bd52d6530e74bc6e21c30bbb8ee0efc11f7a91444a9d932de86af
                                    • Instruction Fuzzy Hash: 5AF0A751945A219AEB3262AC4C44B7B5B9CDB95720F144437E100BB1D1C6BC4C82AFAA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                    0x00404e60
                                    0x00404e85
                                    0x00404ea5
                                    0x00404ea8
                                    0x00404eab
                                    0x00404ec2
                                    0x00404ec8
                                    0x00404ecf
                                    0x00404ed6
                                    0x00404edd
                                    0x00404ee2
                                    0x00404ee8
                                    0x00000000
                                    0x00404ef8
                                    0x00404e92
                                    0x00404ee5
                                    0x00404ee5
                                    0x00000000
                                    0x00404ee5
                                    0x00404e9e
                                    0x00404ea0
                                    0x00000000
                                    0x00404ea0
                                    0x00404e66
                                    0x00000000
                                    0x00000000
                                    0x00404e6d
                                    0x00000000

                                    APIs
                                    • IsWindowVisible.USER32(?), ref: 00404E8A
                                    • CallWindowProcA.USER32 ref: 00404EF8
                                      • Part of subcall function 00403F64: SendMessageA.USER32(00040494,00000000,00000000,00000000), ref: 00403F76
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Window$CallMessageProcSendVisible
                                    • String ID:
                                    • API String ID: 3748168415-3916222277
                                    • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                    • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                    • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                    • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t17 + 8, _t15), "C:\Users\jones\AppData\Local\Temp\nst827B.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                    0x004024be
                                    0x004024be
                                    0x004024c1
                                    0x004024dc
                                    0x004024c3
                                    0x004024c5
                                    0x004024ca
                                    0x004024d1
                                    0x004024e3
                                    0x0040265c
                                    0x0040265c
                                    0x004024e9
                                    0x004024fb
                                    0x004015a6
                                    0x004015a8
                                    0x00000000
                                    0x004015ae
                                    0x004015a8
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                    • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nst827B.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                    Strings
                                    • C:\Users\user\AppData\Local\Temp\nst827B.tmp\System.dll, xrefs: 004024CA, 004024EF
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileWritelstrlen
                                    • String ID: C:\Users\user\AppData\Local\Temp\nst827B.tmp\System.dll
                                    • API String ID: 427699356-3721341980
                                    • Opcode ID: aeb33319f1ae75ac5a293ebd3faabad394e91247697e6cefe37e7ee81cc22ed1
                                    • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                    • Opcode Fuzzy Hash: aeb33319f1ae75ac5a293ebd3faabad394e91247697e6cefe37e7ee81cc22ed1
                                    • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004056A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004056A0(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                    0x004056a1
                                    0x004056ab
                                    0x004056ad
                                    0x004056b4
                                    0x004056bc
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004056bc
                                    0x004056be
                                    0x004056c3

                                    APIs
                                    • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,80000000,00000003), ref: 004056A6
                                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,80000000,00000003), ref: 004056B4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharPrevlstrlen
                                    • String ID: C:\Users\user\Desktop
                                    • API String ID: 2709904686-224404859
                                    • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                    • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                    • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                    • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004057B2(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                    0x004057be
                                    0x004057c0
                                    0x004057e8
                                    0x004057cd
                                    0x004057d2
                                    0x004057dd
                                    0x00000000
                                    0x004057fa
                                    0x004057e6
                                    0x004057e6
                                    0x00000000

                                    APIs
                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                    • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057D2
                                    • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.737630908.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000000.00000002.737621614.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737643395.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737651202.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737684599.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737694370.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737716869.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000000.00000002.737734260.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: lstrlen$CharNextlstrcmpi
                                    • String ID:
                                    • API String ID: 190613189-0
                                    • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                    • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                    • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                    • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Analysis Process: CL-Eye-Driver-5.3.0.0341-Emuline.exe PID: 6852 Parent PID: 5996 CL-Eye-Driver-5.3.0.0341-Emuline.exeCOMMON

                                    Execution Graph

                                    Execution Coverage:28.9%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:0%
                                    Total number of Nodes:1277
                                    Total number of Limit Nodes:47

                                    Graph

                                    execution_graph 2926 401cc1 GetDlgItem GetClientRect 2931 4029f6 2926->2931 2929 40288b 2930 401d0f DeleteObject 2930->2929 2932 402a02 2931->2932 2937 405b88 2932->2937 2935 401cf1 LoadImageA SendMessageA 2935->2929 2935->2930 2950 405b95 2937->2950 2938 405daf 2939 402a23 2938->2939 2971 405b66 lstrcpynA 2938->2971 2939->2935 2955 405dc8 2939->2955 2941 405c2d GetVersion 2941->2950 2942 405d86 lstrlenA 2942->2950 2945 405b88 10 API calls 2945->2942 2946 405ca5 GetSystemDirectoryA 2946->2950 2948 405cb8 GetWindowsDirectoryA 2948->2950 2949 405dc8 5 API calls 2949->2950 2950->2938 2950->2941 2950->2942 2950->2945 2950->2946 2950->2948 2950->2949 2951 405cec SHGetSpecialFolderLocation 2950->2951 2952 405b88 10 API calls 2950->2952 2953 405d2f lstrcatA 2950->2953 2964 405a4d RegOpenKeyExA 2950->2964 2969 405ac4 wsprintfA 2950->2969 2970 405b66 lstrcpynA 2950->2970 2951->2950 2954 405d04 SHGetPathFromIDListA CoTaskMemFree 2951->2954 2952->2950 2953->2950 2954->2950 2961 405dd4 2955->2961 2956 405e3c 2957 405e40 CharPrevA 2956->2957 2959 405e5b 2956->2959 2957->2956 2958 405e31 CharNextA 2958->2956 2958->2961 2959->2935 2961->2956 2961->2958 2962 405e1f CharNextA 2961->2962 2963 405e2c CharNextA 2961->2963 2972 405684 2961->2972 2962->2961 2963->2958 2965 405a80 RegQueryValueExA 2964->2965 2966 405abe 2964->2966 2967 405aa1 RegCloseKey 2965->2967 2966->2950 2967->2966 2969->2950 2970->2950 2971->2939 2973 40568a 2972->2973 2974 40569d 2973->2974 2975 405690 CharNextA 2973->2975 2974->2961 2975->2973 3852 401dc1 3853 4029f6 18 API calls 3852->3853 3854 401dc7 3853->3854 3855 4029f6 18 API calls 3854->3855 3856 401dd0 3855->3856 3857 4029f6 18 API calls 3856->3857 3858 401dd9 3857->3858 3859 4029f6 18 API calls 3858->3859 3860 401de2 3859->3860 3861 401423 25 API calls 3860->3861 3862 401de9 ShellExecuteA 3861->3862 3863 401e16 3862->3863 2976 405042 2977 405063 GetDlgItem GetDlgItem GetDlgItem 2976->2977 2978 4051ee 2976->2978 3022 403f4d SendMessageA 2977->3022 2980 4051f7 GetDlgItem CreateThread FindCloseChangeNotification 2978->2980 2981 40521f 2978->2981 2980->2981 3056 404fd6 OleInitialize 2980->3056 2983 40524a 2981->2983 2984 405236 ShowWindow ShowWindow 2981->2984 2985 40526c 2981->2985 2982 4050d4 2987 4050db GetClientRect GetSystemMetrics SendMessageA SendMessageA 2982->2987 2986 4052a8 2983->2986 2989 405281 ShowWindow 2983->2989 2990 40525b 2983->2990 3038 403f4d SendMessageA 2984->3038 3042 403f7f 2985->3042 2986->2985 2996 4052b3 SendMessageA 2986->2996 2994 40514a 2987->2994 2995 40512e SendMessageA SendMessageA 2987->2995 2992 4052a1 2989->2992 2993 405293 2989->2993 3039 403ef1 2990->3039 2999 403ef1 SendMessageA 2992->2999 3026 404f04 2993->3026 3000 40515d 2994->3000 3001 40514f SendMessageA 2994->3001 2995->2994 3002 4052cc CreatePopupMenu 2996->3002 3003 40527a 2996->3003 2999->2986 3023 403f18 3000->3023 3001->3000 3004 405b88 18 API calls 3002->3004 3006 4052dc AppendMenuA 3004->3006 3008 405302 3006->3008 3009 4052ef GetWindowRect 3006->3009 3007 40516d 3010 405176 ShowWindow 3007->3010 3011 4051aa GetDlgItem SendMessageA 3007->3011 3013 40530b TrackPopupMenu 3008->3013 3009->3013 3014 405199 3010->3014 3015 40518c ShowWindow 3010->3015 3011->3003 3012 4051d1 SendMessageA SendMessageA 3011->3012 3012->3003 3013->3003 3016 405329 3013->3016 3037 403f4d SendMessageA 3014->3037 3015->3014 3017 405345 SendMessageA 3016->3017 3017->3017 3019 405362 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3017->3019 3020 405384 SendMessageA 3019->3020 3020->3020 3021 4053a5 GlobalUnlock SetClipboardData CloseClipboard 3020->3021 3021->3003 3022->2982 3024 405b88 18 API calls 3023->3024 3025 403f23 SetDlgItemTextA 3024->3025 3025->3007 3027 404fc2 3026->3027 3028 404f1f 3026->3028 3027->2992 3029 404f3c lstrlenA 3028->3029 3030 405b88 18 API calls 3028->3030 3031 404f65 3029->3031 3032 404f4a lstrlenA 3029->3032 3030->3029 3034 404f78 3031->3034 3035 404f6b SetWindowTextA 3031->3035 3032->3027 3033 404f5c lstrcatA 3032->3033 3033->3031 3034->3027 3036 404f7e SendMessageA SendMessageA SendMessageA 3034->3036 3035->3034 3036->3027 3037->3011 3038->2983 3040 403ef8 3039->3040 3041 403efe SendMessageA 3039->3041 3040->3041 3041->2985 3043 403f97 GetWindowLongA 3042->3043 3044 404020 3042->3044 3043->3044 3045 403fa8 3043->3045 3044->3003 3046 403fb7 GetSysColor 3045->3046 3047 403fba 3045->3047 3046->3047 3048 403fc0 SetTextColor 3047->3048 3049 403fca SetBkMode 3047->3049 3048->3049 3050 403fe2 GetSysColor 3049->3050 3051 403fe8 3049->3051 3050->3051 3052 403ff9 3051->3052 3053 403fef SetBkColor 3051->3053 3052->3044 3054 404013 CreateBrushIndirect 3052->3054 3055 40400c DeleteObject 3052->3055 3053->3052 3054->3044 3055->3054 3063 403f64 3056->3063 3058 405020 3059 403f64 SendMessageA 3058->3059 3060 405032 OleUninitialize 3059->3060 3061 404ff9 3061->3058 3066 401389 3061->3066 3064 403f7c 3063->3064 3065 403f6d SendMessageA 3063->3065 3064->3061 3065->3064 3068 401390 3066->3068 3067 4013fe 3067->3061 3068->3067 3069 4013cb MulDiv SendMessageA 3068->3069 3069->3068 3150 403a45 3151 403b98 3150->3151 3152 403a5d 3150->3152 3154 403be9 3151->3154 3155 403ba9 GetDlgItem GetDlgItem 3151->3155 3152->3151 3153 403a69 3152->3153 3157 403a74 SetWindowPos 3153->3157 3158 403a87 3153->3158 3156 403c43 3154->3156 3164 401389 2 API calls 3154->3164 3159 403f18 19 API calls 3155->3159 3160 403f64 SendMessageA 3156->3160 3209 403b93 3156->3209 3157->3158 3161 403aa4 3158->3161 3162 403a8c ShowWindow 3158->3162 3163 403bd3 KiUserCallbackDispatcher 3159->3163 3207 403c55 3160->3207 3165 403ac6 3161->3165 3166 403aac DestroyWindow 3161->3166 3162->3161 3218 40140b 3163->3218 3168 403c1b 3164->3168 3169 403acb SetWindowLongA 3165->3169 3170 403adc 3165->3170 3217 403ea1 3166->3217 3168->3156 3172 403c1f SendMessageA 3168->3172 3169->3209 3171 403ae8 GetDlgItem 3170->3171 3184 403b53 3170->3184 3175 403afb SendMessageA IsWindowEnabled 3171->3175 3178 403b18 3171->3178 3172->3209 3173 40140b 2 API calls 3173->3207 3174 403ea3 DestroyWindow KiUserCallbackDispatcher 3174->3217 3175->3178 3175->3209 3176 403f7f 8 API calls 3176->3209 3177 403ed2 ShowWindow 3177->3209 3180 403b25 3178->3180 3181 403b6c SendMessageA 3178->3181 3182 403b38 3178->3182 3190 403b1d 3178->3190 3179 405b88 18 API calls 3179->3207 3180->3181 3180->3190 3181->3184 3185 403b40 3182->3185 3186 403b55 3182->3186 3183 403ef1 SendMessageA 3183->3184 3184->3176 3189 40140b 2 API calls 3185->3189 3188 40140b 2 API calls 3186->3188 3187 403f18 19 API calls 3187->3207 3188->3190 3189->3190 3190->3183 3190->3184 3191 403f18 19 API calls 3192 403cd0 GetDlgItem 3191->3192 3193 403ce5 3192->3193 3194 403ced ShowWindow KiUserCallbackDispatcher 3192->3194 3193->3194 3221 403f3a KiUserCallbackDispatcher 3194->3221 3196 403d17 KiUserCallbackDispatcher 3199 403d2b 3196->3199 3197 403d30 GetSystemMenu EnableMenuItem SendMessageA 3198 403d60 SendMessageA 3197->3198 3197->3199 3198->3199 3199->3197 3222 403f4d SendMessageA 3199->3222 3223 405b66 lstrcpynA 3199->3223 3202 403d8e lstrlenA 3203 405b88 18 API calls 3202->3203 3204 403d9f SetWindowTextA 3203->3204 3205 401389 2 API calls 3204->3205 3205->3207 3206 403de3 DestroyWindow 3208 403dfd CreateDialogParamA 3206->3208 3206->3217 3207->3173 3207->3174 3207->3179 3207->3187 3207->3191 3207->3206 3207->3209 3210 403e30 3208->3210 3208->3217 3211 403f18 19 API calls 3210->3211 3212 403e3b GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3211->3212 3213 401389 2 API calls 3212->3213 3214 403e81 3213->3214 3214->3209 3215 403e89 ShowWindow 3214->3215 3216 403f64 SendMessageA 3215->3216 3216->3217 3217->3177 3217->3209 3219 401389 2 API calls 3218->3219 3220 401420 3219->3220 3220->3154 3221->3196 3222->3199 3223->3202 3864 401645 3865 4029f6 18 API calls 3864->3865 3866 40164c 3865->3866 3867 4029f6 18 API calls 3866->3867 3868 401655 3867->3868 3869 4029f6 18 API calls 3868->3869 3870 40165e MoveFileA 3869->3870 3871 401671 3870->3871 3872 40166a 3870->3872 3873 405e61 2 API calls 3871->3873 3876 402169 3871->3876 3874 401423 25 API calls 3872->3874 3875 401680 3873->3875 3874->3876 3875->3876 3877 4058b4 38 API calls 3875->3877 3877->3872 3878 401ec5 3879 4029f6 18 API calls 3878->3879 3880 401ecc GetFileVersionInfoSizeA 3879->3880 3881 401eef GlobalAlloc 3880->3881 3882 401f45 3880->3882 3881->3882 3883 401f03 GetFileVersionInfoA 3881->3883 3883->3882 3884 401f14 VerQueryValueA 3883->3884 3884->3882 3885 401f2d 3884->3885 3889 405ac4 wsprintfA 3885->3889 3887 401f39 3890 405ac4 wsprintfA 3887->3890 3889->3887 3890->3882 3251 4014ca 3252 404f04 25 API calls 3251->3252 3253 4014d1 3252->3253 3254 4025cc 3255 4025d3 3254->3255 3261 402838 3254->3261 3256 4029d9 18 API calls 3255->3256 3257 4025de 3256->3257 3258 4025e5 SetFilePointer 3257->3258 3259 4025f5 3258->3259 3258->3261 3262 405ac4 wsprintfA 3259->3262 3262->3261 3384 401f51 3385 401f63 3384->3385 3395 402012 3384->3395 3386 4029f6 18 API calls 3385->3386 3387 401f6a 3386->3387 3389 4029f6 18 API calls 3387->3389 3388 401423 25 API calls 3393 402169 3388->3393 3390 401f73 3389->3390 3391 401f88 LoadLibraryExA 3390->3391 3392 401f7b GetModuleHandleA 3390->3392 3394 401f98 GetProcAddress 3391->3394 3391->3395 3392->3391 3392->3394 3396 401fe5 3394->3396 3397 401fa8 3394->3397 3395->3388 3398 404f04 25 API calls 3396->3398 3399 401fb0 3397->3399 3400 401fc7 KiUserCallbackDispatcher 3397->3400 3401 401fb8 3398->3401 3404 401423 3399->3404 3400->3401 3401->3393 3403 402006 FreeLibrary 3401->3403 3403->3393 3405 404f04 25 API calls 3404->3405 3406 401431 3405->3406 3406->3401 3898 404853 GetDlgItem GetDlgItem 3899 4048a7 7 API calls 3898->3899 3906 404ac4 3898->3906 3900 404940 SendMessageA 3899->3900 3901 40494d DeleteObject 3899->3901 3900->3901 3902 404958 3901->3902 3904 40498f 3902->3904 3905 405b88 18 API calls 3902->3905 3903 404bae 3908 404c5d 3903->3908 3913 404ab7 3903->3913 3918 404c07 SendMessageA 3903->3918 3907 403f18 19 API calls 3904->3907 3909 404971 SendMessageA SendMessageA 3905->3909 3906->3903 3932 404b38 3906->3932 3951 4047d3 SendMessageA 3906->3951 3912 4049a3 3907->3912 3910 404c72 3908->3910 3911 404c66 SendMessageA 3908->3911 3909->3902 3920 404c84 ImageList_Destroy 3910->3920 3921 404c8b 3910->3921 3927 404c9b 3910->3927 3911->3910 3917 403f18 19 API calls 3912->3917 3914 403f7f 8 API calls 3913->3914 3919 404e4d 3914->3919 3915 404ba0 SendMessageA 3915->3903 3933 4049b1 3917->3933 3918->3913 3923 404c1c SendMessageA 3918->3923 3920->3921 3925 404c94 GlobalFree 3921->3925 3921->3927 3922 404e01 3922->3913 3928 404e13 ShowWindow GetDlgItem ShowWindow 3922->3928 3924 404c2f 3923->3924 3936 404c40 SendMessageA 3924->3936 3925->3927 3926 404a85 GetWindowLongA SetWindowLongA 3929 404a9e 3926->3929 3927->3922 3935 40140b 2 API calls 3927->3935 3942 404ccd 3927->3942 3928->3913 3930 404aa4 ShowWindow 3929->3930 3931 404abc 3929->3931 3949 403f4d SendMessageA 3930->3949 3950 403f4d SendMessageA 3931->3950 3932->3903 3932->3915 3933->3926 3934 404a00 SendMessageA 3933->3934 3937 404a7f 3933->3937 3940 404a3c SendMessageA 3933->3940 3941 404a4d SendMessageA 3933->3941 3934->3933 3935->3942 3936->3908 3937->3926 3937->3929 3940->3933 3941->3933 3944 404d11 3942->3944 3945 404cfb SendMessageA 3942->3945 3943 404dd7 InvalidateRect 3943->3922 3946 404ded 3943->3946 3944->3943 3948 404d85 SendMessageA SendMessageA 3944->3948 3945->3944 3956 4046f1 3946->3956 3948->3944 3949->3913 3950->3906 3952 404832 SendMessageA 3951->3952 3953 4047f6 GetMessagePos ScreenToClient SendMessageA 3951->3953 3954 40482a 3952->3954 3953->3954 3955 40482f 3953->3955 3954->3932 3955->3952 3957 40470b 3956->3957 3958 405b88 18 API calls 3957->3958 3959 404740 3958->3959 3960 405b88 18 API calls 3959->3960 3961 40474b 3960->3961 3962 405b88 18 API calls 3961->3962 3963 40477c lstrlenA wsprintfA SetDlgItemTextA 3962->3963 3963->3922 3964 404e54 3965 404e62 3964->3965 3966 404e79 3964->3966 3967 404e68 3965->3967 3982 404ee2 3965->3982 3968 404e87 IsWindowVisible 3966->3968 3974 404e9e 3966->3974 3969 403f64 SendMessageA 3967->3969 3971 404e94 3968->3971 3968->3982 3972 404e72 3969->3972 3970 404ee8 CallWindowProcA 3970->3972 3973 4047d3 5 API calls 3971->3973 3973->3974 3974->3970 3983 405b66 lstrcpynA 3974->3983 3976 404ecd 3984 405ac4 wsprintfA 3976->3984 3978 404ed4 3979 40140b 2 API calls 3978->3979 3980 404edb 3979->3980 3985 405b66 lstrcpynA 3980->3985 3982->3970 3983->3976 3984->3978 3985->3982 3422 4014d6 3423 4029d9 18 API calls 3422->3423 3424 4014dc Sleep 3423->3424 3426 40288b 3424->3426 3986 404356 3987 404394 3986->3987 3988 404387 3986->3988 3990 40439d GetDlgItem 3987->3990 3996 404400 3987->3996 4047 40540b GetDlgItemTextA 3988->4047 3992 4043b1 3990->3992 3991 40438e 3994 405dc8 5 API calls 3991->3994 3995 4043c5 SetWindowTextA 3992->3995 3999 4056ed 4 API calls 3992->3999 3993 4044e4 4044 404670 3993->4044 4049 40540b GetDlgItemTextA 3993->4049 3994->3987 4000 403f18 19 API calls 3995->4000 3996->3993 4001 405b88 18 API calls 3996->4001 3996->4044 3998 403f7f 8 API calls 4003 404684 3998->4003 4004 4043bb 3999->4004 4005 4043e3 4000->4005 4006 404476 SHBrowseForFolderA 4001->4006 4002 404510 4007 40573a 18 API calls 4002->4007 4004->3995 4013 405659 3 API calls 4004->4013 4008 403f18 19 API calls 4005->4008 4006->3993 4009 40448e CoTaskMemFree 4006->4009 4010 404516 4007->4010 4011 4043f1 4008->4011 4012 405659 3 API calls 4009->4012 4050 405b66 lstrcpynA 4010->4050 4048 403f4d SendMessageA 4011->4048 4015 40449b 4012->4015 4013->3995 4018 4044d2 SetDlgItemTextA 4015->4018 4022 405b88 18 API calls 4015->4022 4017 4043f9 4020 405e88 3 API calls 4017->4020 4018->3993 4019 40452d 4021 405e88 3 API calls 4019->4021 4020->3996 4029 404535 4021->4029 4023 4044ba lstrcmpiA 4022->4023 4023->4018 4026 4044cb lstrcatA 4023->4026 4024 40456f 4051 405b66 lstrcpynA 4024->4051 4026->4018 4027 404578 4028 4056ed 4 API calls 4027->4028 4030 40457e GetDiskFreeSpaceA 4028->4030 4029->4024 4033 4056a0 2 API calls 4029->4033 4034 4045c2 4029->4034 4032 4045a0 MulDiv 4030->4032 4030->4034 4032->4034 4033->4029 4035 4046f1 21 API calls 4034->4035 4045 40461f 4034->4045 4036 404611 4035->4036 4038 404621 SetDlgItemTextA 4036->4038 4039 404616 4036->4039 4037 40140b 2 API calls 4040 404642 4037->4040 4038->4045 4043 4046f1 21 API calls 4039->4043 4052 403f3a KiUserCallbackDispatcher 4040->4052 4042 40465e 4042->4044 4046 4042eb SendMessageA 4042->4046 4043->4045 4044->3998 4045->4037 4045->4040 4046->4044 4047->3991 4048->4017 4049->4002 4050->4019 4051->4027 4052->4042 4058 4018d8 4059 40190f 4058->4059 4060 4029f6 18 API calls 4059->4060 4061 401914 4060->4061 4062 40548b 68 API calls 4061->4062 4063 40191d 4062->4063 4064 4018db 4065 4029f6 18 API calls 4064->4065 4066 4018e2 4065->4066 4067 405427 MessageBoxIndirectA 4066->4067 4068 4018eb 4067->4068 3427 404060 3428 404076 3427->3428 3435 404183 3427->3435 3432 403f18 19 API calls 3428->3432 3429 4041f2 3430 4042c6 3429->3430 3431 4041fc GetDlgItem 3429->3431 3438 403f7f 8 API calls 3430->3438 3433 404212 3431->3433 3434 404284 3431->3434 3436 4040cc 3432->3436 3433->3434 3442 404238 6 API calls 3433->3442 3434->3430 3443 404296 3434->3443 3435->3429 3435->3430 3437 4041c7 GetDlgItem SendMessageA 3435->3437 3439 403f18 19 API calls 3436->3439 3458 403f3a KiUserCallbackDispatcher 3437->3458 3440 4042c1 3438->3440 3441 4040d9 CheckDlgButton 3439->3441 3456 403f3a KiUserCallbackDispatcher 3441->3456 3442->3434 3446 40429c SendMessageA 3443->3446 3447 4042ad 3443->3447 3446->3447 3447->3440 3450 4042b3 SendMessageA 3447->3450 3448 4041ed 3459 4042eb 3448->3459 3449 4040f7 GetDlgItem 3457 403f4d SendMessageA 3449->3457 3450->3440 3453 40410d SendMessageA 3454 404134 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3453->3454 3455 40412b GetSysColor 3453->3455 3454->3440 3455->3454 3456->3449 3457->3453 3458->3448 3460 4042f9 3459->3460 3461 4042fe SendMessageA 3459->3461 3460->3461 3461->3429 4069 401ae5 4070 4029f6 18 API calls 4069->4070 4071 401aec 4070->4071 4072 4029d9 18 API calls 4071->4072 4073 401af5 wsprintfA 4072->4073 4074 40288b 4073->4074 3500 402866 SendMessageA 3501 402880 InvalidateRect 3500->3501 3502 40288b 3500->3502 3501->3502 4082 4019e6 4083 4029f6 18 API calls 4082->4083 4084 4019ef ExpandEnvironmentStringsA 4083->4084 4085 401a03 4084->4085 4087 401a16 4084->4087 4086 401a08 lstrcmpA 4085->4086 4085->4087 4086->4087 4088 402267 4089 4029f6 18 API calls 4088->4089 4090 402275 4089->4090 4091 4029f6 18 API calls 4090->4091 4092 40227e 4091->4092 4093 4029f6 18 API calls 4092->4093 4094 402288 GetPrivateProfileStringA 4093->4094 4102 401c6d 4103 4029d9 18 API calls 4102->4103 4104 401c73 IsWindow 4103->4104 4105 4019d6 4104->4105 4106 40366d 4107 403678 4106->4107 4108 40367c 4107->4108 4109 40367f GlobalAlloc 4107->4109 4109->4108 4117 4014f0 SetForegroundWindow 4118 40288b 4117->4118 4119 402172 4120 4029f6 18 API calls 4119->4120 4121 402178 4120->4121 4122 4029f6 18 API calls 4121->4122 4123 402181 4122->4123 4124 4029f6 18 API calls 4123->4124 4125 40218a 4124->4125 4126 405e61 2 API calls 4125->4126 4127 402193 4126->4127 4128 4021a4 lstrlenA lstrlenA 4127->4128 4132 402197 4127->4132 4130 404f04 25 API calls 4128->4130 4129 404f04 25 API calls 4133 40219f 4129->4133 4131 4021e0 SHFileOperationA 4130->4131 4131->4132 4131->4133 4132->4129 4132->4133 4134 4021f4 4135 4021fb 4134->4135 4137 40220e 4134->4137 4136 405b88 18 API calls 4135->4136 4138 402208 4136->4138 4139 405427 MessageBoxIndirectA 4138->4139 4139->4137 4140 4016fa 4141 4029f6 18 API calls 4140->4141 4142 401701 SearchPathA 4141->4142 4143 40171c 4142->4143 4144 4025fb 4145 402602 4144->4145 4146 40288b 4144->4146 4147 402608 FindClose 4145->4147 4147->4146 3612 40267c 3613 4029f6 18 API calls 3612->3613 3615 40268a 3613->3615 3614 4026a0 3616 40581e 2 API calls 3614->3616 3615->3614 3617 4029f6 18 API calls 3615->3617 3618 4026a6 3616->3618 3617->3614 3638 40583d GetFileAttributesA CreateFileA 3618->3638 3620 4026b3 3621 40275c 3620->3621 3622 4026bf GlobalAlloc 3620->3622 3625 402764 DeleteFileA 3621->3625 3626 402777 3621->3626 3623 402753 CloseHandle 3622->3623 3624 4026d8 3622->3624 3623->3621 3639 4031f1 SetFilePointer 3624->3639 3625->3626 3628 4026de 3629 4031bf ReadFile 3628->3629 3630 4026e7 GlobalAlloc 3629->3630 3631 4026f7 3630->3631 3632 40272b WriteFile GlobalFree 3630->3632 3634 402f18 48 API calls 3631->3634 3633 402f18 48 API calls 3632->3633 3635 402750 3633->3635 3637 402704 3634->3637 3635->3623 3636 402722 GlobalFree 3636->3632 3637->3636 3638->3620 3639->3628 4148 40277d 4149 4029d9 18 API calls 4148->4149 4150 402783 4149->4150 4151 4027a7 4150->4151 4152 4027be 4150->4152 4161 40265c 4150->4161 4155 4027bb 4151->4155 4158 4027ac 4151->4158 4153 4027d4 4152->4153 4154 4027c8 4152->4154 4157 405b88 18 API calls 4153->4157 4156 4029d9 18 API calls 4154->4156 4163 405ac4 wsprintfA 4155->4163 4156->4161 4157->4161 4162 405b66 lstrcpynA 4158->4162 4162->4161 4163->4161 4164 40647d 4168 405fb5 4164->4168 4165 406920 4166 406036 GlobalFree 4167 40603f GlobalAlloc 4166->4167 4167->4165 4167->4168 4168->4165 4168->4166 4168->4167 4168->4168 4169 4060b6 GlobalAlloc 4168->4169 4170 4060ad GlobalFree 4168->4170 4169->4165 4169->4168 4170->4169 4171 4014fe 4172 401506 4171->4172 4174 401519 4171->4174 4173 4029d9 18 API calls 4172->4173 4173->4174 4175 401000 4176 401037 BeginPaint GetClientRect 4175->4176 4177 40100c DefWindowProcA 4175->4177 4179 4010f3 4176->4179 4182 401179 4177->4182 4180 401073 CreateBrushIndirect FillRect DeleteObject 4179->4180 4181 4010fc 4179->4181 4180->4179 4183 401102 CreateFontIndirectA 4181->4183 4184 401167 EndPaint 4181->4184 4183->4184 4185 401112 6 API calls 4183->4185 4184->4182 4185->4184 3070 402303 3071 402309 3070->3071 3072 4029f6 18 API calls 3071->3072 3073 40231b 3072->3073 3074 4029f6 18 API calls 3073->3074 3075 402325 RegCreateKeyExA 3074->3075 3076 40288b 3075->3076 3077 40234f 3075->3077 3078 402367 3077->3078 3079 4029f6 18 API calls 3077->3079 3080 402373 3078->3080 3087 4029d9 3078->3087 3081 402360 lstrlenA 3079->3081 3083 40238e RegSetValueExA 3080->3083 3090 402f18 3080->3090 3081->3078 3085 4023a4 RegCloseKey 3083->3085 3085->3076 3088 405b88 18 API calls 3087->3088 3089 4029ed 3088->3089 3089->3080 3091 402f45 3090->3091 3092 402f29 SetFilePointer 3090->3092 3105 403043 GetTickCount 3091->3105 3092->3091 3095 402f56 ReadFile 3096 402f76 3095->3096 3101 403002 3095->3101 3097 403043 43 API calls 3096->3097 3096->3101 3098 402f8d 3097->3098 3099 403008 ReadFile 3098->3099 3098->3101 3102 402f9d 3098->3102 3099->3101 3101->3083 3102->3101 3103 402fb8 ReadFile 3102->3103 3104 402fd1 WriteFile 3102->3104 3103->3101 3103->3102 3104->3101 3104->3102 3106 403072 3105->3106 3107 4031ad 3105->3107 3118 4031f1 SetFilePointer 3106->3118 3108 402bd3 33 API calls 3107->3108 3114 402f4e 3108->3114 3110 40307d SetFilePointer 3116 4030a2 3110->3116 3114->3095 3114->3101 3115 403137 WriteFile 3115->3114 3115->3116 3116->3114 3116->3115 3117 40318e SetFilePointer 3116->3117 3119 4031bf ReadFile 3116->3119 3121 405f82 3116->3121 3128 402bd3 3116->3128 3117->3107 3118->3110 3120 4031e0 3119->3120 3120->3116 3122 405fa7 3121->3122 3123 405faf 3121->3123 3122->3116 3123->3122 3124 406036 GlobalFree 3123->3124 3125 40603f GlobalAlloc 3123->3125 3126 4060b6 GlobalAlloc 3123->3126 3127 4060ad GlobalFree 3123->3127 3124->3125 3125->3122 3125->3123 3126->3122 3126->3123 3127->3126 3129 402be1 3128->3129 3130 402bf9 3128->3130 3133 402bea DestroyWindow 3129->3133 3136 402bf1 3129->3136 3131 402c01 3130->3131 3132 402c09 GetTickCount 3130->3132 3143 405ec1 3131->3143 3135 402c17 3132->3135 3132->3136 3133->3136 3137 402c4c CreateDialogParamA ShowWindow 3135->3137 3138 402c1f 3135->3138 3136->3116 3137->3136 3138->3136 3147 402bb7 3138->3147 3140 402c2d wsprintfA 3141 404f04 25 API calls 3140->3141 3142 402c4a 3141->3142 3142->3136 3144 405ede PeekMessageA 3143->3144 3145 405ed4 DispatchMessageA 3144->3145 3146 405eee 3144->3146 3145->3144 3146->3136 3148 402bc6 3147->3148 3149 402bc8 MulDiv 3147->3149 3148->3149 3149->3140 4186 402803 4187 4029d9 18 API calls 4186->4187 4188 402809 4187->4188 4189 40283a 4188->4189 4191 40265c 4188->4191 4192 402817 4188->4192 4190 405b88 18 API calls 4189->4190 4189->4191 4190->4191 4192->4191 4194 405ac4 wsprintfA 4192->4194 4194->4191 3224 401b06 3225 401b13 3224->3225 3226 401b57 3224->3226 3227 4021fb 3225->3227 3234 401b2a 3225->3234 3228 401b80 GlobalAlloc 3226->3228 3229 401b5b 3226->3229 3231 405b88 18 API calls 3227->3231 3230 405b88 18 API calls 3228->3230 3232 401b9b 3229->3232 3245 405b66 lstrcpynA 3229->3245 3230->3232 3233 402208 3231->3233 3246 405427 3233->3246 3243 405b66 lstrcpynA 3234->3243 3236 401b6d GlobalFree 3236->3232 3239 401b39 3244 405b66 lstrcpynA 3239->3244 3241 401b48 3250 405b66 lstrcpynA 3241->3250 3243->3239 3244->3241 3245->3236 3249 40543c 3246->3249 3247 405488 3247->3232 3248 405450 MessageBoxIndirectA 3248->3247 3249->3247 3249->3248 3250->3232 4195 402506 4196 4029d9 18 API calls 4195->4196 4199 402510 4196->4199 4197 402586 4198 402544 ReadFile 4198->4197 4198->4199 4199->4197 4199->4198 4200 402588 4199->4200 4201 402598 4199->4201 4204 405ac4 wsprintfA 4200->4204 4201->4197 4203 4025ae SetFilePointer 4201->4203 4203->4197 4204->4197 4205 401c8a 4206 4029d9 18 API calls 4205->4206 4207 401c91 4206->4207 4208 4029d9 18 API calls 4207->4208 4209 401c99 GetDlgItem 4208->4209 4210 4024b8 4209->4210 4211 40468b 4212 4046b7 4211->4212 4213 40469b 4211->4213 4215 4046ea 4212->4215 4216 4046bd SHGetPathFromIDListA 4212->4216 4222 40540b GetDlgItemTextA 4213->4222 4218 4046d4 SendMessageA 4216->4218 4219 4046cd 4216->4219 4217 4046a8 SendMessageA 4217->4212 4218->4215 4221 40140b 2 API calls 4219->4221 4221->4218 4222->4217 3263 40190d 3264 40190f 3263->3264 3265 4029f6 18 API calls 3264->3265 3266 401914 3265->3266 3269 40548b 3266->3269 3310 40573a 3269->3310 3272 4054a8 DeleteFileA 3274 40191d 3272->3274 3273 4054bf 3275 4055f4 3273->3275 3324 405b66 lstrcpynA 3273->3324 3275->3274 3329 405e61 FindFirstFileA 3275->3329 3277 4054e9 3278 4054fa 3277->3278 3279 4054ed lstrcatA 3277->3279 3335 4056a0 lstrlenA 3278->3335 3281 405500 3279->3281 3283 40550e lstrcatA 3281->3283 3285 405519 lstrlenA FindFirstFileA 3281->3285 3283->3285 3285->3275 3295 40553d 3285->3295 3287 405684 CharNextA 3287->3295 3289 40581e 2 API calls 3290 405629 RemoveDirectoryA 3289->3290 3291 405634 3290->3291 3292 40564b 3290->3292 3291->3274 3297 40563a 3291->3297 3293 404f04 25 API calls 3292->3293 3293->3274 3294 4055d3 FindNextFileA 3294->3295 3298 4055eb FindClose 3294->3298 3295->3287 3295->3294 3303 40548b 59 API calls 3295->3303 3306 404f04 25 API calls 3295->3306 3309 4055b1 3295->3309 3325 405b66 lstrcpynA 3295->3325 3326 40581e GetFileAttributesA 3295->3326 3299 404f04 25 API calls 3297->3299 3298->3275 3300 405642 3299->3300 3301 4058b4 38 API calls 3300->3301 3304 405649 3301->3304 3303->3295 3304->3274 3306->3294 3307 404f04 25 API calls 3307->3309 3309->3294 3309->3307 3339 4058b4 3309->3339 3365 405b66 lstrcpynA 3310->3365 3312 40574b 3366 4056ed CharNextA CharNextA 3312->3366 3315 40549f 3315->3272 3315->3273 3316 405dc8 5 API calls 3322 405761 3316->3322 3317 40578c lstrlenA 3318 405797 3317->3318 3317->3322 3320 405659 3 API calls 3318->3320 3319 405e61 2 API calls 3319->3322 3321 40579c GetFileAttributesA 3320->3321 3321->3315 3322->3315 3322->3317 3322->3319 3323 4056a0 2 API calls 3322->3323 3323->3317 3324->3277 3325->3295 3327 4055a0 DeleteFileA 3326->3327 3328 40582d SetFileAttributesA 3326->3328 3327->3295 3328->3327 3330 405619 3329->3330 3331 405e77 FindClose 3329->3331 3330->3274 3332 405659 lstrlenA CharPrevA 3330->3332 3331->3330 3333 405673 lstrcatA 3332->3333 3334 405623 3332->3334 3333->3334 3334->3289 3336 4056ad 3335->3336 3337 4056b2 CharPrevA 3336->3337 3338 4056be 3336->3338 3337->3336 3337->3338 3338->3281 3372 405e88 GetModuleHandleA 3339->3372 3342 40591c GetShortPathNameA 3343 405931 3342->3343 3347 405a11 3342->3347 3346 405939 wsprintfA 3343->3346 3343->3347 3345 405900 CloseHandle GetShortPathNameA 3345->3347 3348 405914 3345->3348 3349 405b88 18 API calls 3346->3349 3347->3309 3348->3342 3348->3347 3350 405961 3349->3350 3377 40583d GetFileAttributesA CreateFileA 3350->3377 3352 40596e 3352->3347 3353 40597d GetFileSize GlobalAlloc 3352->3353 3354 405a0a CloseHandle 3353->3354 3355 40599b ReadFile 3353->3355 3354->3347 3355->3354 3356 4059af 3355->3356 3356->3354 3378 4057b2 lstrlenA 3356->3378 3359 4059c4 3383 405b66 lstrcpynA 3359->3383 3360 405a1e 3362 4057b2 4 API calls 3360->3362 3363 4059d2 3362->3363 3364 4059e5 SetFilePointer WriteFile GlobalFree 3363->3364 3364->3354 3365->3312 3367 405707 3366->3367 3371 405713 3366->3371 3368 40570e CharNextA 3367->3368 3367->3371 3369 405730 3368->3369 3369->3315 3369->3316 3370 405684 CharNextA 3370->3371 3371->3369 3371->3370 3373 405ea4 LoadLibraryA 3372->3373 3374 405eaf GetProcAddress 3372->3374 3373->3374 3375 4058bf 3373->3375 3374->3375 3375->3342 3375->3347 3376 40583d GetFileAttributesA CreateFileA 3375->3376 3376->3345 3377->3352 3379 4057e8 lstrlenA 3378->3379 3380 4057f2 3379->3380 3381 4057c6 lstrcmpiA 3379->3381 3380->3359 3380->3360 3381->3380 3382 4057df CharNextA 3381->3382 3382->3379 3383->3363 4223 40430f 4224 404345 4223->4224 4225 40431f 4223->4225 4226 403f7f 8 API calls 4224->4226 4227 403f18 19 API calls 4225->4227 4228 404351 4226->4228 4229 40432c SetDlgItemTextA 4227->4229 4229->4224 4230 401490 4231 404f04 25 API calls 4230->4231 4232 401497 4231->4232 3407 402615 3408 402618 3407->3408 3409 402630 3407->3409 3410 402625 FindNextFileA 3408->3410 3410->3409 3411 40266f 3410->3411 3413 405b66 lstrcpynA 3411->3413 3413->3409 3414 401d95 3415 4029d9 18 API calls 3414->3415 3416 401d9b 3415->3416 3417 4029d9 18 API calls 3416->3417 3418 401da4 3417->3418 3419 401db6 EnableWindow 3418->3419 3420 401dab ShowWindow 3418->3420 3421 40288b 3419->3421 3420->3421 4240 401595 4241 4029f6 18 API calls 4240->4241 4242 40159c SetFileAttributesA 4241->4242 4243 4015ae 4242->4243 4244 401e95 4245 4029f6 18 API calls 4244->4245 4246 401e9c 4245->4246 4247 405e61 2 API calls 4246->4247 4248 401ea2 4247->4248 4250 401eb4 4248->4250 4251 405ac4 wsprintfA 4248->4251 4251->4250 4252 401696 4253 4029f6 18 API calls 4252->4253 4254 40169c GetFullPathNameA 4253->4254 4255 4016b3 4254->4255 4256 4016d4 4254->4256 4255->4256 4259 405e61 2 API calls 4255->4259 4257 4016e8 GetShortPathNameA 4256->4257 4258 40288b 4256->4258 4257->4258 4260 4016c4 4259->4260 4260->4256 4262 405b66 lstrcpynA 4260->4262 4262->4256 4263 401d1b GetDC GetDeviceCaps 4264 4029d9 18 API calls 4263->4264 4265 401d37 MulDiv 4264->4265 4266 4029d9 18 API calls 4265->4266 4267 401d4c 4266->4267 4268 405b88 18 API calls 4267->4268 4269 401d85 CreateFontIndirectA 4268->4269 4270 4024b8 4269->4270 4271 401e1b 4272 4029f6 18 API calls 4271->4272 4273 401e21 4272->4273 4274 404f04 25 API calls 4273->4274 4275 401e2b 4274->4275 4276 4053c6 2 API calls 4275->4276 4280 401e31 4276->4280 4277 401e87 CloseHandle 4279 40265c 4277->4279 4278 401e50 WaitForSingleObject 4278->4280 4281 401e5e GetExitCodeProcess 4278->4281 4280->4277 4280->4278 4280->4279 4284 405ec1 2 API calls 4280->4284 4282 401e70 4281->4282 4283 401e79 4281->4283 4286 405ac4 wsprintfA 4282->4286 4283->4277 4284->4278 4286->4283 4287 40249c 4288 4029f6 18 API calls 4287->4288 4289 4024a3 4288->4289 4292 40583d GetFileAttributesA CreateFileA 4289->4292 4291 4024af 4292->4291 3462 402020 3463 4029f6 18 API calls 3462->3463 3464 402027 3463->3464 3465 4029f6 18 API calls 3464->3465 3466 402031 3465->3466 3467 4029f6 18 API calls 3466->3467 3468 40203a 3467->3468 3469 4029f6 18 API calls 3468->3469 3470 402044 3469->3470 3471 4029f6 18 API calls 3470->3471 3473 40204e 3471->3473 3472 402062 CoCreateInstance 3475 402081 3472->3475 3476 402137 3472->3476 3473->3472 3474 4029f6 18 API calls 3473->3474 3474->3472 3475->3476 3479 402116 MultiByteToWideChar 3475->3479 3477 401423 25 API calls 3476->3477 3478 402169 3476->3478 3477->3478 3479->3476 3480 401721 3481 4029f6 18 API calls 3480->3481 3482 401728 3481->3482 3486 40586c 3482->3486 3484 40172f 3485 40586c 2 API calls 3484->3485 3485->3484 3487 405877 GetTickCount GetTempFileNameA 3486->3487 3488 4058a7 3487->3488 3489 4058a3 3487->3489 3488->3484 3489->3487 3489->3488 4293 401922 4294 4029f6 18 API calls 4293->4294 4295 401929 lstrlenA 4294->4295 4296 4024b8 4295->4296 3490 402223 3491 40222b 3490->3491 3493 402231 3490->3493 3492 4029f6 18 API calls 3491->3492 3492->3493 3494 4029f6 18 API calls 3493->3494 3497 402241 3493->3497 3494->3497 3495 4029f6 18 API calls 3498 40224f 3495->3498 3496 4029f6 18 API calls 3499 402258 WritePrivateProfileStringA 3496->3499 3497->3495 3497->3498 3498->3496 4304 401ca5 4305 4029d9 18 API calls 4304->4305 4306 401cb5 SetWindowLongA 4305->4306 4307 40288b 4306->4307 4308 401a26 4309 4029d9 18 API calls 4308->4309 4310 401a2c 4309->4310 4311 4029d9 18 API calls 4310->4311 4312 4019d6 4311->4312 3503 4022a7 3504 4022d7 3503->3504 3505 4022ac 3503->3505 3506 4029f6 18 API calls 3504->3506 3526 402b00 3505->3526 3508 4022de 3506->3508 3515 402a36 RegOpenKeyExA 3508->3515 3509 4022b3 3510 4022bd 3509->3510 3514 4022f4 3509->3514 3511 4029f6 18 API calls 3510->3511 3512 4022c4 RegDeleteValueA RegCloseKey 3511->3512 3512->3514 3516 402aca 3515->3516 3519 402a61 3515->3519 3516->3514 3517 402a87 RegEnumKeyA 3518 402a99 RegCloseKey 3517->3518 3517->3519 3521 405e88 3 API calls 3518->3521 3519->3517 3519->3518 3520 402abe RegCloseKey 3519->3520 3522 402a36 3 API calls 3519->3522 3524 402aad 3520->3524 3523 402aa9 3521->3523 3522->3519 3523->3524 3525 402ad9 RegDeleteKeyA 3523->3525 3524->3516 3525->3524 3527 4029f6 18 API calls 3526->3527 3528 402b19 3527->3528 3529 402b27 RegOpenKeyExA 3528->3529 3529->3509 4313 402427 4314 402b00 19 API calls 4313->4314 4315 402431 4314->4315 4316 4029d9 18 API calls 4315->4316 4317 40243a 4316->4317 4318 402451 RegEnumKeyA 4317->4318 4319 40245d RegEnumValueA 4317->4319 4321 40265c 4317->4321 4320 402476 RegCloseKey 4318->4320 4319->4320 4319->4321 4320->4321 4323 40402c lstrcpynA lstrlenA 3530 401bad 3531 4029d9 18 API calls 3530->3531 3532 401bb4 3531->3532 3533 4029d9 18 API calls 3532->3533 3534 401bbe 3533->3534 3535 401bce 3534->3535 3536 4029f6 18 API calls 3534->3536 3537 401bde 3535->3537 3538 4029f6 18 API calls 3535->3538 3536->3535 3539 401be9 3537->3539 3540 401c2d 3537->3540 3538->3537 3541 4029d9 18 API calls 3539->3541 3542 4029f6 18 API calls 3540->3542 3544 401bee 3541->3544 3543 401c32 3542->3543 3545 4029f6 18 API calls 3543->3545 3546 4029d9 18 API calls 3544->3546 3547 401c3b FindWindowExA 3545->3547 3548 401bf7 3546->3548 3551 401c59 3547->3551 3549 401c1d SendMessageA 3548->3549 3550 401bff SendMessageTimeoutA 3548->3550 3549->3551 3550->3551 4324 4023af 4325 402b00 19 API calls 4324->4325 4326 4023b9 4325->4326 4327 4029f6 18 API calls 4326->4327 4328 4023c2 4327->4328 4329 4023cc RegQueryValueExA 4328->4329 4332 40265c 4328->4332 4330 4023f2 RegCloseKey 4329->4330 4331 4023ec 4329->4331 4330->4332 4331->4330 4335 405ac4 wsprintfA 4331->4335 4335->4330 4336 406131 4337 405fb5 4336->4337 4338 406920 4337->4338 4339 406036 GlobalFree 4337->4339 4340 40603f GlobalAlloc 4337->4340 4341 4060b6 GlobalAlloc 4337->4341 4342 4060ad GlobalFree 4337->4342 4339->4340 4340->4337 4340->4338 4341->4337 4341->4338 4342->4341 3552 4015b3 3553 4029f6 18 API calls 3552->3553 3554 4015ba 3553->3554 3555 4056ed 4 API calls 3554->3555 3567 4015c2 3555->3567 3556 40160a 3557 40162d 3556->3557 3558 40160f 3556->3558 3564 401423 25 API calls 3557->3564 3560 401423 25 API calls 3558->3560 3559 405684 CharNextA 3561 4015d0 CreateDirectoryA 3559->3561 3562 401616 3560->3562 3563 4015e5 GetLastError 3561->3563 3561->3567 3570 405b66 lstrcpynA 3562->3570 3566 4015f2 GetFileAttributesA 3563->3566 3563->3567 3569 402169 3564->3569 3566->3567 3567->3556 3567->3559 3568 401621 SetCurrentDirectoryA 3568->3569 3570->3568 3571 401734 3572 4029f6 18 API calls 3571->3572 3573 40173b 3572->3573 3574 401761 3573->3574 3575 401759 3573->3575 3611 405b66 lstrcpynA 3574->3611 3610 405b66 lstrcpynA 3575->3610 3578 40176c 3580 405659 3 API calls 3578->3580 3579 40175f 3582 405dc8 5 API calls 3579->3582 3581 401772 lstrcatA 3580->3581 3581->3579 3588 40177e 3582->3588 3583 405e61 2 API calls 3583->3588 3585 40581e 2 API calls 3585->3588 3586 401795 CompareFileTime 3586->3588 3587 401859 3589 404f04 25 API calls 3587->3589 3588->3583 3588->3585 3588->3586 3588->3587 3591 405b66 lstrcpynA 3588->3591 3597 405b88 18 API calls 3588->3597 3606 405427 MessageBoxIndirectA 3588->3606 3608 401830 3588->3608 3609 40583d GetFileAttributesA CreateFileA 3588->3609 3592 401863 3589->3592 3590 404f04 25 API calls 3596 401845 3590->3596 3591->3588 3593 402f18 48 API calls 3592->3593 3594 401876 3593->3594 3595 40188a SetFileTime 3594->3595 3598 40189c FindCloseChangeNotification 3594->3598 3595->3598 3597->3588 3598->3596 3599 4018ad 3598->3599 3600 4018b2 3599->3600 3601 4018c5 3599->3601 3602 405b88 18 API calls 3600->3602 3603 405b88 18 API calls 3601->3603 3604 4018ba lstrcatA 3602->3604 3605 4018cd 3603->3605 3604->3605 3607 405427 MessageBoxIndirectA 3605->3607 3606->3588 3607->3596 3608->3590 3608->3596 3609->3588 3610->3579 3611->3578 4343 401634 4344 4029f6 18 API calls 4343->4344 4345 40163a 4344->4345 4346 405e61 2 API calls 4345->4346 4347 401640 4346->4347 4348 401934 4349 4029d9 18 API calls 4348->4349 4350 40193b 4349->4350 4351 4029d9 18 API calls 4350->4351 4352 401945 4351->4352 4353 4029f6 18 API calls 4352->4353 4354 40194e 4353->4354 4355 401961 lstrlenA 4354->4355 4356 40199c 4354->4356 4357 40196b 4355->4357 4357->4356 4361 405b66 lstrcpynA 4357->4361 4359 401985 4359->4356 4360 401992 lstrlenA 4359->4360 4360->4356 4361->4359 4362 4019b5 4363 4029f6 18 API calls 4362->4363 4364 4019bc 4363->4364 4365 4029f6 18 API calls 4364->4365 4366 4019c5 4365->4366 4367 4019cc lstrcmpiA 4366->4367 4368 4019de lstrcmpA 4366->4368 4369 4019d2 4367->4369 4368->4369 4370 4014b7 4371 4014bd 4370->4371 4372 401389 2 API calls 4371->4372 4373 4014c5 4372->4373 4381 402b3b 4382 402b63 4381->4382 4383 402b4a SetTimer 4381->4383 4384 402bb1 4382->4384 4385 402bb7 MulDiv 4382->4385 4383->4382 4386 402b71 wsprintfA SetWindowTextA SetDlgItemTextA 4385->4386 4386->4384 3640 40323c #17 SetErrorMode OleInitialize 3641 405e88 3 API calls 3640->3641 3642 40327f SHGetFileInfoA 3641->3642 3710 405b66 lstrcpynA 3642->3710 3644 4032aa GetCommandLineA 3711 405b66 lstrcpynA 3644->3711 3646 4032bc GetModuleHandleA 3647 4032d3 3646->3647 3648 405684 CharNextA 3647->3648 3649 4032e7 CharNextA 3648->3649 3660 4032f4 3649->3660 3650 40335d 3651 403370 GetTempPathA 3650->3651 3712 403208 3651->3712 3653 403386 3654 4033aa DeleteFileA 3653->3654 3655 40338a GetWindowsDirectoryA lstrcatA 3653->3655 3720 402c72 GetTickCount GetModuleFileNameA 3654->3720 3657 403208 11 API calls 3655->3657 3656 405684 CharNextA 3656->3660 3659 4033a6 3657->3659 3659->3654 3663 403428 ExitProcess OleUninitialize 3659->3663 3660->3650 3660->3656 3661 40335f 3660->3661 3804 405b66 lstrcpynA 3661->3804 3662 4033bb 3662->3663 3665 403414 3662->3665 3670 405684 CharNextA 3662->3670 3666 403522 3663->3666 3667 40343d 3663->3667 3750 4036af 3665->3750 3668 4035a5 ExitProcess 3666->3668 3672 405e88 3 API calls 3666->3672 3671 405427 MessageBoxIndirectA 3667->3671 3675 4033d2 3670->3675 3676 40344b ExitProcess 3671->3676 3677 403531 3672->3677 3673 403424 3673->3663 3680 403453 lstrcatA lstrcmpiA 3675->3680 3681 4033ef 3675->3681 3678 405e88 3 API calls 3677->3678 3679 40353a 3678->3679 3682 405e88 3 API calls 3679->3682 3680->3663 3683 40346f CreateDirectoryA SetCurrentDirectoryA 3680->3683 3684 40573a 18 API calls 3681->3684 3686 403543 3682->3686 3687 403491 3683->3687 3688 403486 3683->3688 3685 4033fa 3684->3685 3685->3663 3805 405b66 lstrcpynA 3685->3805 3691 403591 ExitWindowsEx 3686->3691 3696 403551 GetCurrentProcess 3686->3696 3808 405b66 lstrcpynA 3687->3808 3807 405b66 lstrcpynA 3688->3807 3691->3668 3693 40359e 3691->3693 3695 40140b 2 API calls 3693->3695 3694 403409 3806 405b66 lstrcpynA 3694->3806 3695->3668 3699 403561 3696->3699 3698 405b88 18 API calls 3700 4034c1 DeleteFileA 3698->3700 3699->3691 3701 4034ce CopyFileA 3700->3701 3707 40349f 3700->3707 3701->3707 3702 403516 3703 4058b4 38 API calls 3702->3703 3705 40351d 3703->3705 3704 4058b4 38 API calls 3704->3707 3705->3663 3706 405b88 18 API calls 3706->3707 3707->3698 3707->3702 3707->3704 3707->3706 3709 403502 CloseHandle 3707->3709 3809 4053c6 CreateProcessA 3707->3809 3709->3707 3710->3644 3711->3646 3713 405dc8 5 API calls 3712->3713 3714 403214 3713->3714 3715 40321e 3714->3715 3716 405659 3 API calls 3714->3716 3715->3653 3717 403226 CreateDirectoryA 3716->3717 3718 40586c 2 API calls 3717->3718 3719 40323a 3718->3719 3719->3653 3812 40583d GetFileAttributesA CreateFileA 3720->3812 3722 402cb5 3749 402cc2 3722->3749 3813 405b66 lstrcpynA 3722->3813 3724 402cd8 3725 4056a0 2 API calls 3724->3725 3726 402cde 3725->3726 3814 405b66 lstrcpynA 3726->3814 3728 402ce9 GetFileSize 3729 402dea 3728->3729 3739 402d00 3728->3739 3730 402bd3 33 API calls 3729->3730 3732 402df1 3730->3732 3731 4031bf ReadFile 3731->3739 3734 402e2d GlobalAlloc 3732->3734 3732->3749 3815 4031f1 SetFilePointer 3732->3815 3733 402e85 3737 402bd3 33 API calls 3733->3737 3736 402e44 3734->3736 3742 40586c 2 API calls 3736->3742 3737->3749 3738 402e0e 3740 4031bf ReadFile 3738->3740 3739->3729 3739->3731 3739->3733 3741 402bd3 33 API calls 3739->3741 3739->3749 3743 402e19 3740->3743 3741->3739 3744 402e55 CreateFileA 3742->3744 3743->3734 3743->3749 3745 402e8f 3744->3745 3744->3749 3816 4031f1 SetFilePointer 3745->3816 3747 402e9d 3748 402f18 48 API calls 3747->3748 3748->3749 3749->3662 3751 405e88 3 API calls 3750->3751 3752 4036c3 3751->3752 3753 4036c9 3752->3753 3754 4036db 3752->3754 3826 405ac4 wsprintfA 3753->3826 3755 405a4d 3 API calls 3754->3755 3756 4036fc 3755->3756 3757 40371a lstrcatA 3756->3757 3759 405a4d 3 API calls 3756->3759 3760 4036d9 3757->3760 3759->3757 3817 403978 3760->3817 3763 40573a 18 API calls 3764 40374c 3763->3764 3765 4037d5 3764->3765 3767 405a4d 3 API calls 3764->3767 3766 40573a 18 API calls 3765->3766 3768 4037db 3766->3768 3769 403778 3767->3769 3770 4037eb LoadImageA 3768->3770 3771 405b88 18 API calls 3768->3771 3769->3765 3776 403794 lstrlenA 3769->3776 3777 405684 CharNextA 3769->3777 3772 403816 RegisterClassA 3770->3772 3773 40389f 3770->3773 3771->3770 3774 403852 SystemParametersInfoA CreateWindowExA 3772->3774 3801 4038a9 3772->3801 3775 40140b 2 API calls 3773->3775 3774->3773 3780 4038a5 3775->3780 3778 4037a2 lstrcmpiA 3776->3778 3779 4037c8 3776->3779 3781 403792 3777->3781 3778->3779 3782 4037b2 GetFileAttributesA 3778->3782 3783 405659 3 API calls 3779->3783 3785 403978 19 API calls 3780->3785 3780->3801 3781->3776 3784 4037be 3782->3784 3786 4037ce 3783->3786 3784->3779 3787 4056a0 2 API calls 3784->3787 3788 4038b6 3785->3788 3827 405b66 lstrcpynA 3786->3827 3787->3779 3790 4038c2 ShowWindow LoadLibraryA 3788->3790 3791 403945 3788->3791 3793 4038e1 LoadLibraryA 3790->3793 3794 4038e8 GetClassInfoA 3790->3794 3792 404fd6 5 API calls 3791->3792 3795 40394b 3792->3795 3793->3794 3796 403912 DialogBoxParamA 3794->3796 3797 4038fc GetClassInfoA RegisterClassA 3794->3797 3799 403967 3795->3799 3800 40394f 3795->3800 3798 40140b 2 API calls 3796->3798 3797->3796 3798->3801 3802 40140b 2 API calls 3799->3802 3800->3801 3803 40140b 2 API calls 3800->3803 3801->3673 3802->3801 3803->3801 3804->3651 3805->3694 3806->3665 3807->3687 3808->3707 3810 405401 3809->3810 3811 4053f5 CloseHandle 3809->3811 3810->3707 3811->3810 3812->3722 3813->3724 3814->3728 3815->3738 3816->3747 3818 40398c 3817->3818 3828 405ac4 wsprintfA 3818->3828 3820 4039fd 3821 405b88 18 API calls 3820->3821 3822 403a09 SetWindowTextA 3821->3822 3823 40372a 3822->3823 3824 403a25 3822->3824 3823->3763 3824->3823 3825 405b88 18 API calls 3824->3825 3825->3824 3826->3760 3827->3765 3828->3820 3829 4035bd 3830 4035d8 3829->3830 3831 4035ce CloseHandle 3829->3831 3832 4035e2 CloseHandle 3830->3832 3833 4035ec 3830->3833 3831->3830 3832->3833 3838 40361a 3833->3838 3836 40548b 68 API calls 3837 4035fd 3836->3837 3839 403628 3838->3839 3840 4035f1 3839->3840 3841 40362d FreeLibrary GlobalFree 3839->3841 3840->3836 3841->3840 3841->3841 3842 40263e 3843 4029f6 18 API calls 3842->3843 3844 402645 FindFirstFileA 3843->3844 3845 402668 3844->3845 3846 402658 3844->3846 3848 40266f 3845->3848 3850 405ac4 wsprintfA 3845->3850 3851 405b66 lstrcpynA 3848->3851 3850->3848 3851->3846 4388 4024be 4389 4024c3 4388->4389 4390 4024d4 4388->4390 4391 4029d9 18 API calls 4389->4391 4392 4029f6 18 API calls 4390->4392 4394 4024ca 4391->4394 4393 4024db lstrlenA 4392->4393 4393->4394 4395 4024fa WriteFile 4394->4395 4396 40265c 4394->4396 4395->4396

                                    Executed Functions

                                    Function 0040323C, Relevance: 73.8, APIs: 24, Strings: 18, Instructions: 270filestringcomCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 40323c-4032d1 #17 SetErrorMode OleInitialize call 405e88 SHGetFileInfoA call 405b66 GetCommandLineA call 405b66 GetModuleHandleA 7 4032d3-4032d8 0->7 8 4032dd-4032f2 call 405684 CharNextA 0->8 7->8 11 403357-40335b 8->11 12 4032f4-4032f7 11->12 13 40335d 11->13 14 4032f9-4032fd 12->14 15 4032ff-403307 12->15 16 403370-403388 GetTempPathA call 403208 13->16 14->14 14->15 17 403309-40330a 15->17 18 40330f-403312 15->18 23 4033aa-4033c1 DeleteFileA call 402c72 16->23 24 40338a-4033a8 GetWindowsDirectoryA lstrcatA call 403208 16->24 17->18 20 403314-403318 18->20 21 403347-403354 call 405684 18->21 26 403328-40332e 20->26 27 40331a-403323 20->27 21->11 38 403356 21->38 39 403428-403437 ExitProcess OleUninitialize 23->39 40 4033c3-4033c9 23->40 24->23 24->39 30 403330-403339 26->30 31 40333e-403345 26->31 27->26 28 403325 27->28 28->26 30->31 35 40333b 30->35 31->21 36 40335f-40336b call 405b66 31->36 35->31 36->16 38->11 44 403522-403528 39->44 45 40343d-40344d call 405427 ExitProcess 39->45 42 403418-40341f call 4036af 40->42 43 4033cb-4033d4 call 405684 40->43 52 403424 42->52 58 4033df-4033e1 43->58 46 4035a5-4035ad 44->46 47 40352a-403547 call 405e88 * 3 44->47 53 4035b3-4035b7 ExitProcess 46->53 54 4035af 46->54 76 403591-40359c ExitWindowsEx 47->76 77 403549-40354b 47->77 52->39 54->53 60 4033e3-4033ed 58->60 61 4033d6-4033dc 58->61 64 403453-40346d lstrcatA lstrcmpiA 60->64 65 4033ef-4033fc call 40573a 60->65 61->60 63 4033de 61->63 63->58 64->39 67 40346f-403484 CreateDirectoryA SetCurrentDirectoryA 64->67 65->39 74 4033fe-403414 call 405b66 * 2 65->74 71 403491-4034ab call 405b66 67->71 72 403486-40348c call 405b66 67->72 83 4034b0-4034cc call 405b88 DeleteFileA 71->83 72->71 74->42 76->46 80 40359e-4035a0 call 40140b 76->80 77->76 81 40354d-40354f 77->81 80->46 81->76 85 403551-403563 GetCurrentProcess 81->85 92 40350d-403514 83->92 93 4034ce-4034de CopyFileA 83->93 85->76 91 403565-403587 85->91 91->76 92->83 94 403516-40351d call 4058b4 92->94 93->92 95 4034e0-403500 call 4058b4 call 405b88 call 4053c6 93->95 94->39 95->92 105 403502-403509 CloseHandle 95->105 105->92
                                    C-Code - Quality: 81%
                                    			_entry_() {
				struct _SHFILEINFOA _v360;
				struct _SECURITY_ATTRIBUTES* _v376;
				char _v380;
				CHAR* _v384;
				char _v392;
				int _v396;
				int _v400;
				signed int _v404;
				CHAR* _v408;
				int _v412;
				struct _SECURITY_ATTRIBUTES* _v416;
				struct _SECURITY_ATTRIBUTES* _v424;
				void* _v432;
				int _t34;
				CHAR* _t39;
				char* _t42;
				signed int _t44;
				void* _t48;
				int _t50;
				signed int _t51;
				signed int _t54;
				int _t55;
				signed int _t59;
				intOrPtr _t70;
				intOrPtr _t76;
				void* _t78;
				void* _t88;
				void* _t90;
				char* _t95;
				signed int _t96;
				void* _t97;
				signed int _t98;
				signed int _t99;
				signed int _t102;
				CHAR* _t104;
				signed int _t105;
				intOrPtr _t112;
				char _t119;

				_v376 = 0;
				_v384 = "Error writing temporary file. Make sure your temp folder is valid.";
				_t98 = 0;
				_v380 = 0x20;
				__imp__#17();
				_t34 = SetErrorMode(0x8001); // executed
				__imp__OleInitialize(0); // executed
				 *0x423f58 = _t34;
				 *0x423ea4 = E00405E88(8);
				SHGetFileInfoA(0x41f458, 0,  &_v360, 0x160, 0); // executed
				E00405B66("CL-Eye Driver Setup", "NSIS Error");
				_t39 = GetCommandLineA();
				_t95 = "\"C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe\" /install";
				E00405B66(_t95, _t39);
				 *0x423ea0 = GetModuleHandleA(0);
				_t42 = _t95;
				if("\"C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe\" /install" == 0x22) {
					_v404 = 0x22;
					_t42 =  &M00429001;
				}
				_t44 = CharNextA(E00405684(_t42, _v404));
				_v404 = _t44;
				while(1) {
					_t90 =  *_t44;
					_t108 = _t90;
					if(_t90 == 0) {
						break;
					}
					__eflags = _t90 - 0x20;
					if(_t90 != 0x20) {
						L5:
						__eflags =  *_t44 - 0x22;
						_v404 = 0x20;
						if( *_t44 == 0x22) {
							_t44 = _t44 + 1;
							__eflags = _t44;
							_v404 = 0x22;
						}
						__eflags =  *_t44 - 0x2f;
						if( *_t44 != 0x2f) {
							L15:
							_t44 = E00405684(_t44, _v404);
							__eflags =  *_t44 - 0x22;
							if(__eflags == 0) {
								_t44 = _t44 + 1;
								__eflags = _t44;
							}
							continue;
						} else {
							_t44 = _t44 + 1;
							__eflags =  *_t44 - 0x53;
							if( *_t44 == 0x53) {
								__eflags = ( *(_t44 + 1) | 0x00000020) - 0x20;
								if(( *(_t44 + 1) | 0x00000020) == 0x20) {
									_t98 = _t98 | 0x00000002;
									__eflags = _t98;
								}
							}
							__eflags =  *_t44 - 0x4352434e;
							if( *_t44 == 0x4352434e) {
								__eflags = ( *(_t44 + 4) | 0x00000020) - 0x20;
								if(( *(_t44 + 4) | 0x00000020) == 0x20) {
									_t98 = _t98 | 0x00000004;
									__eflags = _t98;
								}
							}
							__eflags =  *((intOrPtr*)(_t44 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t44 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t44 - 2)) = 0;
								_t45 = _t44 + 2;
								__eflags = _t44 + 2;
								E00405B66("C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver", _t45);
								L20:
								_t104 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t104);
								_t48 = E00403208(_t108);
								_t109 = _t48;
								if(_t48 != 0) {
									L22:
									DeleteFileA("1033"); // executed
									_t50 = E00402C72(_t110, _t98); // executed
									_v412 = _t50;
									if(_t50 != 0) {
										L32:
										ExitProcess(); // executed
										__imp__OleUninitialize(); // executed
										if(_v404 == 0) {
											__eflags =  *0x423f34; // 0x0
											if(__eflags != 0) {
												_t105 = E00405E88(3);
												_t99 = E00405E88(4);
												_t54 = E00405E88(5);
												__eflags = _t105;
												_t96 = _t54;
												if(_t105 != 0) {
													__eflags = _t99;
													if(_t99 != 0) {
														__eflags = _t96;
														if(_t96 != 0) {
															_t59 =  *_t105(GetCurrentProcess(), 0x28,  &_v392);
															__eflags = _t59;
															if(_t59 != 0) {
																 *_t99(0, "SeShutdownPrivilege",  &_v396);
																_v412 = 1;
																_v400 = 2;
																 *_t96(_v416, 0,  &_v412, 0, 0, 0);
															}
														}
													}
												}
												_t55 = ExitWindowsEx(2, 0);
												__eflags = _t55;
												if(_t55 == 0) {
													E0040140B(9);
												}
											}
											_t51 =  *0x423f4c; // 0xffffffff
											__eflags = _t51 - 0xffffffff;
											if(_t51 != 0xffffffff) {
												_v396 = _t51;
											}
											ExitProcess(_v396);
										}
										E00405427(_v404, 0x200010);
										ExitProcess(2);
									}
									_t112 =  *0x423ebc; // 0x0
									if(_t112 == 0) {
										L31:
										 *0x423f4c =  *0x423f4c | 0xffffffff;
										_v400 = E004036AF();
										goto L32;
									}
									_t102 = E00405684(_t95, 0);
									while(_t102 >= _t95) {
										__eflags =  *_t102 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t102 = _t102 - 1;
										__eflags = _t102;
									}
									_t114 = _t102 - _t95;
									_v408 = "Error launching installer";
									if(_t102 < _t95) {
										lstrcatA(_t104, "~nsu.tmp");
										_t100 = "C:\\Users\\jones\\Desktop";
										if(lstrcmpiA(_t104, "C:\\Users\\jones\\Desktop") == 0) {
											goto L32;
										}
										CreateDirectoryA(_t104, 0);
										SetCurrentDirectoryA(_t104);
										_t119 = "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver"; // 0x43
										if(_t119 == 0) {
											E00405B66("C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver", _t100);
										}
										E00405B66(0x424000, _v396);
										 *0x424400 = 0x41;
										_t97 = 0x1a;
										do {
											_t70 =  *0x423eb0; // 0x676fd0
											E00405B88(0, _t97, 0x41f058, 0x41f058,  *((intOrPtr*)(_t70 + 0x120)));
											DeleteFileA(0x41f058);
											if(_v416 != 0 && CopyFileA("C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe", 0x41f058, 1) != 0) {
												_push(0);
												_push(0x41f058);
												E004058B4();
												_t76 =  *0x423eb0; // 0x676fd0
												E00405B88(0, _t97, 0x41f058, 0x41f058,  *((intOrPtr*)(_t76 + 0x124)));
												_t78 = E004053C6(0x41f058);
												if(_t78 != 0) {
													CloseHandle(_t78);
													_v416 = 0;
												}
											}
											 *0x424400 =  *0x424400 + 1;
											_t97 = _t97 - 1;
										} while (_t97 != 0);
										_push(0);
										_push(_t104);
										E004058B4();
										goto L32;
									}
									 *_t102 = 0;
									_t103 = _t102 + 4;
									if(E0040573A(_t114, _t102 + 4) == 0) {
										goto L32;
									}
									E00405B66("C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver", _t103);
									E00405B66("C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver", _t103);
									_v424 = 0;
									goto L31;
								}
								GetWindowsDirectoryA(_t104, 0x3fb);
								lstrcatA(_t104, "\\Temp");
								_t88 = E00403208(_t109);
								_t110 = _t88;
								if(_t88 == 0) {
									goto L32;
								}
								goto L22;
							}
							goto L15;
						}
					} else {
						goto L4;
					}
					do {
						L4:
						_t44 = _t44 + 1;
						__eflags =  *_t44 - 0x20;
					} while ( *_t44 == 0x20);
					goto L5;
				}
				goto L20;
			}









































                                    0x00403248
                                    0x0040324c
                                    0x00403254
                                    0x00403256
                                    0x0040325b
                                    0x00403266
                                    0x0040326d
                                    0x00403275
                                    0x0040327f
                                    0x00403295
                                    0x004032a5
                                    0x004032aa
                                    0x004032b0
                                    0x004032b7
                                    0x004032ca
                                    0x004032cf
                                    0x004032d1
                                    0x004032d3
                                    0x004032d8
                                    0x004032d8
                                    0x004032e8
                                    0x004032ee
                                    0x00403357
                                    0x00403357
                                    0x00403359
                                    0x0040335b
                                    0x00000000
                                    0x00000000
                                    0x004032f4
                                    0x004032f7
                                    0x004032ff
                                    0x004032ff
                                    0x00403302
                                    0x00403307
                                    0x00403309
                                    0x00403309
                                    0x0040330a
                                    0x0040330a
                                    0x0040330f
                                    0x00403312
                                    0x00403347
                                    0x0040334c
                                    0x00403351
                                    0x00403354
                                    0x00403356
                                    0x00403356
                                    0x00403356
                                    0x00000000
                                    0x00403314
                                    0x00403314
                                    0x00403315
                                    0x00403318
                                    0x00403320
                                    0x00403323
                                    0x00403325
                                    0x00403325
                                    0x00403325
                                    0x00403323
                                    0x00403328
                                    0x0040332e
                                    0x00403336
                                    0x00403339
                                    0x0040333b
                                    0x0040333b
                                    0x0040333b
                                    0x00403339
                                    0x0040333e
                                    0x00403345
                                    0x0040335f
                                    0x00403362
                                    0x00403362
                                    0x0040336b
                                    0x00403370
                                    0x00403370
                                    0x0040337b
                                    0x00403381
                                    0x00403386
                                    0x00403388
                                    0x004033aa
                                    0x004033af
                                    0x004033b6
                                    0x004033bd
                                    0x004033c1
                                    0x00403428
                                    0x00403428
                                    0x0040342d
                                    0x00403437
                                    0x00403522
                                    0x00403528
                                    0x00403533
                                    0x0040353c
                                    0x0040353e
                                    0x00403543
                                    0x00403545
                                    0x00403547
                                    0x00403549
                                    0x0040354b
                                    0x0040354d
                                    0x0040354f
                                    0x0040355f
                                    0x00403561
                                    0x00403563
                                    0x00403570
                                    0x0040357f
                                    0x00403587
                                    0x0040358f
                                    0x0040358f
                                    0x00403563
                                    0x0040354f
                                    0x0040354b
                                    0x00403594
                                    0x0040359a
                                    0x0040359c
                                    0x004035a0
                                    0x004035a0
                                    0x0040359c
                                    0x004035a5
                                    0x004035aa
                                    0x004035ad
                                    0x004035af
                                    0x004035af
                                    0x004035b7
                                    0x004035b7
                                    0x00403446
                                    0x0040344d
                                    0x0040344d
                                    0x004033c3
                                    0x004033c9
                                    0x00403418
                                    0x00403418
                                    0x00403424
                                    0x00000000
                                    0x00403424
                                    0x004033d2
                                    0x004033df
                                    0x004033d6
                                    0x004033dc
                                    0x00000000
                                    0x00000000
                                    0x004033de
                                    0x004033de
                                    0x004033de
                                    0x004033e3
                                    0x004033e5
                                    0x004033ed
                                    0x00403459
                                    0x0040345e
                                    0x0040346d
                                    0x00000000
                                    0x00000000
                                    0x00403471
                                    0x00403478
                                    0x0040347e
                                    0x00403484
                                    0x0040348c
                                    0x0040348c
                                    0x0040349a
                                    0x004034a1
                                    0x004034aa
                                    0x004034b0
                                    0x004034b0
                                    0x004034bc
                                    0x004034c2
                                    0x004034cc
                                    0x004034e0
                                    0x004034e1
                                    0x004034e2
                                    0x004034e7
                                    0x004034f3
                                    0x004034f9
                                    0x00403500
                                    0x00403503
                                    0x00403509
                                    0x00403509
                                    0x00403500
                                    0x0040350d
                                    0x00403513
                                    0x00403513
                                    0x00403516
                                    0x00403517
                                    0x00403518
                                    0x00000000
                                    0x00403518
                                    0x004033ef
                                    0x004033f1
                                    0x004033fc
                                    0x00000000
                                    0x00000000
                                    0x00403404
                                    0x0040340f
                                    0x00403414
                                    0x00000000
                                    0x00403414
                                    0x00403390
                                    0x0040339c
                                    0x004033a1
                                    0x004033a6
                                    0x004033a8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004033a8
                                    0x00000000
                                    0x00403345
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004032f9
                                    0x004032f9
                                    0x004032f9
                                    0x004032fa
                                    0x004032fa
                                    0x00000000
                                    0x004032f9
                                    0x00000000

                                    APIs
                                    • #17.COMCTL32 ref: 0040325B
                                    • SetErrorMode.KERNELBASE(00008001), ref: 00403266
                                    • OleInitialize.OLE32(00000000), ref: 0040326D
                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                      • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                    • SHGetFileInfoA.SHELL32(0041F458,00000000,?,00000160,00000000,00000008), ref: 00403295
                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,CL-Eye Driver Setup,NSIS Error), ref: 00405B73
                                    • GetCommandLineA.KERNEL32(CL-Eye Driver Setup,NSIS Error), ref: 004032AA
                                    • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,00000000), ref: 004032BD
                                    • CharNextA.USER32(00000000,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,00000020), ref: 004032E8
                                    • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 0040337B
                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403390
                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040339C
                                    • DeleteFileA.KERNELBASE(1033), ref: 004033AF
                                    • ExitProcess.KERNEL32(00000000), ref: 00403428
                                    • OleUninitialize.OLE32(00000000), ref: 0040342D
                                    • ExitProcess.KERNEL32 ref: 0040344D
                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,00000000,00000000), ref: 00403459
                                    • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,00000000,00000000), ref: 00403465
                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403471
                                    • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403478
                                    • DeleteFileA.KERNEL32(0041F058,0041F058,?,00424000,?), ref: 004034C2
                                    • CopyFileA.KERNEL32 ref: 004034D6
                                    • CloseHandle.KERNEL32(00000000,0041F058,0041F058,?,0041F058,00000000), ref: 00403503
                                    • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403558
                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403594
                                    • ExitProcess.KERNEL32 ref: 004035B7
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ExitFileProcess$DirectoryHandle$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                    • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install$1033$C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe$CL-Eye Driver Setup$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                    • API String ID: 553446912-2237181507
                                    • Opcode ID: 95b2644de8016f8df3482d777034fb250a64d332808757e83748c09c41b177fd
                                    • Instruction ID: d9df3101e86bd055252ea398e1a167ecdf9755d8b7b18b8fa076e16bcd865dbe
                                    • Opcode Fuzzy Hash: 95b2644de8016f8df3482d777034fb250a64d332808757e83748c09c41b177fd
                                    • Instruction Fuzzy Hash: E191D231A087417EE7216F609D49B2B7EACEB01306F44457BF941B61E2C77CAE058B6E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040548B, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 504 40548b-4054a6 call 40573a 507 4054a8-4054ba DeleteFileA 504->507 508 4054bf-4054c9 504->508 509 405653-405656 507->509 510 4054cb-4054cd 508->510 511 4054dd-4054eb call 405b66 508->511 512 4054d3-4054d7 510->512 513 4055fe-405604 510->513 519 4054fa-4054fb call 4056a0 511->519 520 4054ed-4054f8 lstrcatA 511->520 512->511 512->513 513->509 515 405606-405609 513->515 517 405613-40561b call 405e61 515->517 518 40560b-405611 515->518 517->509 528 40561d-405632 call 405659 call 40581e RemoveDirectoryA 517->528 518->509 522 405500-405503 519->522 520->522 524 405505-40550c 522->524 525 40550e-405514 lstrcatA 522->525 524->525 527 405519-405537 lstrlenA FindFirstFileA 524->527 525->527 529 4055f4-4055f8 527->529 530 40553d-405554 call 405684 527->530 543 405634-405638 528->543 544 40564b-40564e call 404f04 528->544 529->513 532 4055fa 529->532 537 405556-40555a 530->537 538 40555f-405562 530->538 532->513 537->538 540 40555c 537->540 541 405564-405569 538->541 542 405575-405583 call 405b66 538->542 540->538 546 4055d3-4055e5 FindNextFileA 541->546 547 40556b-40556d 541->547 555 405585-40558d 542->555 556 40559a-4055a9 call 40581e DeleteFileA 542->556 543->518 549 40563a-405649 call 404f04 call 4058b4 543->549 544->509 546->530 550 4055eb-4055ee FindClose 546->550 547->542 552 40556f-405573 547->552 549->509 550->529 552->542 552->546 555->546 557 40558f-405598 call 40548b 555->557 564 4055cb-4055ce call 404f04 556->564 565 4055ab-4055af 556->565 557->546 564->546 566 4055b1-4055c1 call 404f04 call 4058b4 565->566 567 4055c3-4055c9 565->567 566->546 567->546
                                    C-Code - Quality: 94%
                                    			E0040548B(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040573A(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423f28 =  *0x423f28 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B66(0x4214a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056A0(_t72);
					} else {
						lstrcatA(0x4214a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]); // executed
						_t37 = FindFirstFileA(0x4214a8,  &_v332); // executed
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E00405684( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B66(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040581E(_t72);
									_t52 = DeleteFileA(_t72); // executed
									__eflags = _t52;
									if(_t52 != 0) {
										E00404F04(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423f28 =  *0x423f28 + 1;
										} else {
											E00404F04(0xfffffff1, _t72);
											_push(0);
											_push(_t72);
											E004058B4();
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E0040548B(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x4214a8 - 0x5c;
					if( *0x4214a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E61(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E00405659(_t72);
							E0040581E(_t72);
							_t37 = RemoveDirectoryA(_t72); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404F04(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404F04(0xfffffff1, _t72);
							_push(0);
							_push(_t72);
							return E004058B4();
						}
						L33:
						 *0x423f28 =  *0x423f28 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                    0x00405496
                                    0x0040549a
                                    0x004054a3
                                    0x004054a6
                                    0x004054a9
                                    0x004054b1
                                    0x004054b3
                                    0x004054b4
                                    0x00000000
                                    0x004054b4
                                    0x004054c3
                                    0x004054c3
                                    0x004054c6
                                    0x004054c9
                                    0x004054dd
                                    0x004054e4
                                    0x004054e9
                                    0x004054eb
                                    0x004054fb
                                    0x004054ed
                                    0x004054f3
                                    0x004054f3
                                    0x00405500
                                    0x00405503
                                    0x0040550e
                                    0x00405514
                                    0x00405519
                                    0x00405529
                                    0x0040552b
                                    0x00405531
                                    0x00405534
                                    0x00405537
                                    0x004055f4
                                    0x004055f4
                                    0x004055f8
                                    0x004055fa
                                    0x004055fa
                                    0x004055fa
                                    0x004055fa
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040553d
                                    0x0040553d
                                    0x00405546
                                    0x0040554c
                                    0x00405551
                                    0x00405554
                                    0x00405556
                                    0x0040555a
                                    0x0040555c
                                    0x0040555c
                                    0x0040555a
                                    0x0040555f
                                    0x00405562
                                    0x00405575
                                    0x00405577
                                    0x0040557c
                                    0x00405583
                                    0x0040559b
                                    0x004055a1
                                    0x004055a7
                                    0x004055a9
                                    0x004055ce
                                    0x004055ab
                                    0x004055ab
                                    0x004055af
                                    0x004055c3
                                    0x004055b1
                                    0x004055b4
                                    0x004055b9
                                    0x004055bb
                                    0x004055bc
                                    0x004055bc
                                    0x004055af
                                    0x00405585
                                    0x0040558b
                                    0x0040558d
                                    0x00405593
                                    0x00405593
                                    0x0040558d
                                    0x00000000
                                    0x00405583
                                    0x00405564
                                    0x00405567
                                    0x00405569
                                    0x00000000
                                    0x00000000
                                    0x0040556b
                                    0x0040556d
                                    0x00000000
                                    0x00000000
                                    0x0040556f
                                    0x00405573
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004055d3
                                    0x004055dd
                                    0x004055e3
                                    0x004055e3
                                    0x004055ee
                                    0x00000000
                                    0x004055ee
                                    0x00405505
                                    0x0040550c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004054cb
                                    0x004054cb
                                    0x004054cd
                                    0x004055fe
                                    0x00405601
                                    0x00405604
                                    0x00405656
                                    0x00405656
                                    0x00405656
                                    0x00405606
                                    0x00405609
                                    0x00405614
                                    0x00405619
                                    0x0040561b
                                    0x00000000
                                    0x00000000
                                    0x0040561e
                                    0x00405624
                                    0x0040562a
                                    0x00405630
                                    0x00405632
                                    0x00000000
                                    0x0040564e
                                    0x00405634
                                    0x00405638
                                    0x00000000
                                    0x00000000
                                    0x0040563d
                                    0x00405642
                                    0x00405643
                                    0x00000000
                                    0x00405644
                                    0x0040560b
                                    0x0040560b
                                    0x00000000
                                    0x0040560b
                                    0x004054d3
                                    0x004054d7
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004054d7

                                    APIs
                                    • DeleteFileA.KERNELBASE(?,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,73BCF560), ref: 004054A9
                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,73BCF560), ref: 004054F3
                                    • lstrcatA.KERNEL32(?,00409010,?,C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,73BCF560), ref: 00405514
                                    • lstrlenA.KERNEL32(?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,73BCF560), ref: 0040551A
                                    • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\*.*,?,?,?,00409010,?,C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,73BCF560), ref: 0040552B
                                    • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 004055DD
                                    • FindClose.KERNEL32(?), ref: 004055EE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\*.*$\*.*
                                    • API String ID: 2035342205-3739442810
                                    • Opcode ID: 0d5e4c23c8571cffb424adfe634a104f8b559ce694cc149621e7f7b2c072b745
                                    • Instruction ID: bc429f5d1e1b14784ce7e3564347ec6ed469848bfd5577fff983359c073685a4
                                    • Opcode Fuzzy Hash: 0d5e4c23c8571cffb424adfe634a104f8b559ce694cc149621e7f7b2c072b745
                                    • Instruction Fuzzy Hash: 0351F331904A447ADB216B218C45BBF3B79CF42728F54847BF905711E2CB3C5A82DE6E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406131, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00406131() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                    0x00000000
                                    0x00406131
                                    0x00406131
                                    0x00406136
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x0040679d
                                    0x0040679d
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x004067ee
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x00000000
                                    0x004069a1
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00000000
                                    0x00406810
                                    0x00406138
                                    0x00406138
                                    0x0040613c
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063c6
                                    0x004063c9
                                    0x0040636c
                                    0x00406372
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004063cb
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x00000000
                                    0x00406369
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x00406275
                                    0x00406278
                                    0x004061ef
                                    0x004061ef
                                    0x004061f5
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x00406302
                                    0x00406305
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a5
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x004064dc
                                    0x004064dc
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040627e
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x00000000
                                    0x004061ec
                                    0x00406278
                                    0x00406181
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x00000000
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x00406509
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x00000000
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x00000000
                                    0x0040679a
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00000000
                                    0x0040690d
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x00000000
                                    0x00406762
                                    0x00406760
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4

                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                    • Instruction ID: 7fe690cacb8e5da35aefc448adc87e2f65dc6f56ff44dc44b78e187fa59068bd
                                    • Opcode Fuzzy Hash: d33a5f9df5361017a2c2cd63e74982cac3414c6cd2676332625b738f25334a08
                                    • Instruction Fuzzy Hash: 70F16871D00229CBDF28CFA8C8946ADBBB1FF44305F25816ED856BB281D7785A96CF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405E61, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00405E61(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x4224f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2); // executed
				return 0x4224f0;
			}




                                    0x00405e6c
                                    0x00405e75
                                    0x00000000
                                    0x00405e82
                                    0x00405e78
                                    0x00000000

                                    APIs
                                    • FindFirstFileA.KERNELBASE(?,004224F0,C:\,0040577D,C:\,C:\,00000000,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,73BCF560), ref: 00405E6C
                                    • FindClose.KERNELBASE(00000000), ref: 00405E78
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Find$CloseFileFirst
                                    • String ID: C:\
                                    • API String ID: 2295610775-3404278061
                                    • Opcode ID: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                    • Instruction ID: f2fe444ddfa45285d6a9eb51d657c4c39712a0d2250b7f8498e11f87d01b5aa3
                                    • Opcode Fuzzy Hash: a0d9290738f1f02d4b3743de2211279f78b4a64d0718c2c828088997ee3199ab
                                    • Instruction Fuzzy Hash: 26D012359495206FC7001738AD0C85B7A58EF553347508B32F969F62E0C7B4AD51DAED
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040263E, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 0040264D
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileFindFirst
                                    • String ID:
                                    • API String ID: 1974802433-0
                                    • Opcode ID: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                    • Instruction ID: b3d2387cb92b068db8966d6a1439c3c253679041c8135bb289436d91baf53d0e
                                    • Opcode Fuzzy Hash: fec3e59c21f88b2afe0d858e3cd58f666a30441cfee8bf2827fa80150cba7d73
                                    • Instruction Fuzzy Hash: 42F0A072A04201DBD700EBB49A89AEEB7789B51328F60067BE111F20C1C6B85A459B2E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405042, Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 278windowclipboardmemoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 106 405042-40505d 107 405063-40512c GetDlgItem * 3 call 403f4d call 4047a6 GetClientRect GetSystemMetrics SendMessageA * 2 106->107 108 4051ee-4051f5 106->108 128 40514a-40514d 107->128 129 40512e-405148 SendMessageA * 2 107->129 110 4051f7-405219 GetDlgItem CreateThread FindCloseChangeNotification 108->110 111 40521f-40522c 108->111 110->111 113 40524a-405251 111->113 114 40522e-405234 111->114 118 405253-405259 113->118 119 4052a8-4052ac 113->119 116 405236-405245 ShowWindow * 2 call 403f4d 114->116 117 40526c-405275 call 403f7f 114->117 116->113 132 40527a-40527e 117->132 123 405281-405291 ShowWindow 118->123 124 40525b-405267 call 403ef1 118->124 119->117 121 4052ae-4052b1 119->121 121->117 130 4052b3-4052c6 SendMessageA 121->130 126 4052a1-4052a3 call 403ef1 123->126 127 405293-40529c call 404f04 123->127 124->117 126->119 127->126 135 40515d-405174 call 403f18 128->135 136 40514f-40515b SendMessageA 128->136 129->128 137 4052cc-4052ed CreatePopupMenu call 405b88 AppendMenuA 130->137 138 4053bf-4053c1 130->138 145 405176-40518a ShowWindow 135->145 146 4051aa-4051cb GetDlgItem SendMessageA 135->146 136->135 143 405302-405308 137->143 144 4052ef-405300 GetWindowRect 137->144 138->132 148 40530b-405323 TrackPopupMenu 143->148 144->148 149 405199 145->149 150 40518c-405197 ShowWindow 145->150 146->138 147 4051d1-4051e9 SendMessageA * 2 146->147 147->138 148->138 151 405329-405340 148->151 152 40519f-4051a5 call 403f4d 149->152 150->152 153 405345-405360 SendMessageA 151->153 152->146 153->153 155 405362-405382 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 153->155 156 405384-4053a3 SendMessageA 155->156 156->156 157 4053a5-4053b9 GlobalUnlock SetClipboardData CloseClipboard 156->157 157->138
                                    C-Code - Quality: 96%
                                    			E00405042(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t112;
				void* _t120;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423684; // 0x5036a
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						_t120 = CreateThread(0, 0, E00404FD6, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t120); // executed
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405B88(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x4204a0;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42366c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423ea8, 8);
							__eflags =  *0x423f2c - _t149; // 0x0
							if(__eflags == 0) {
								_t112 =  *0x41fc70; // 0x67717c
								E00404F04( *((intOrPtr*)(_t112 + 0x34)), _t149); // executed
							}
							E00403EF1(1);
							goto L25;
						}
						 *0x41f868 = 2;
						E00403EF1(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403F7F(_a8, _a12, _a16);
						}
						ShowWindow( *0x423670, _t149);
						ShowWindow(_t154, 8);
						E00403F4D(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423eb0; // 0x676fd0
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423670 = GetDlgItem(_a4, 0x403);
				 *0x423668 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423684 = _t127;
				_v8 = _t127;
				E00403F4D( *0x423670);
				 *0x423674 = E004047A6(4);
				 *0x42368c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403F18(_a4);
				if(( *0x423eb8 & 0x00000003) != 0) {
					ShowWindow( *0x423670, _t149); // executed
					if(( *0x423eb8 & 0x00000002) != 0) {
						 *0x423670 = _t149;
					} else {
						ShowWindow(_v8, 8); // executed
					}
					E00403F4D( *0x423668);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423eb8 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}




































                                    0x0040504b
                                    0x00405051
                                    0x0040505a
                                    0x0040505d
                                    0x004051ee
                                    0x004051f5
                                    0x00405212
                                    0x00405219
                                    0x00405219
                                    0x0040521f
                                    0x0040522c
                                    0x0040524a
                                    0x0040524a
                                    0x00405251
                                    0x004052a8
                                    0x004052a8
                                    0x004052ac
                                    0x00000000
                                    0x00000000
                                    0x004052ae
                                    0x004052b1
                                    0x00000000
                                    0x00000000
                                    0x004052bb
                                    0x004052c1
                                    0x004052c3
                                    0x004052c6
                                    0x004053bf
                                    0x00000000
                                    0x004053bf
                                    0x004052d5
                                    0x004052e1
                                    0x004052e7
                                    0x004052ea
                                    0x004052ed
                                    0x00405302
                                    0x00405305
                                    0x00405305
                                    0x00405308
                                    0x004052ef
                                    0x004052f4
                                    0x004052fa
                                    0x004052fd
                                    0x004052fd
                                    0x00405318
                                    0x00405320
                                    0x00405321
                                    0x00405323
                                    0x0040532c
                                    0x0040532f
                                    0x00405336
                                    0x0040533d
                                    0x00405345
                                    0x00405345
                                    0x00405353
                                    0x00405359
                                    0x0040535c
                                    0x0040535c
                                    0x00405363
                                    0x00405369
                                    0x00405372
                                    0x00405379
                                    0x00405382
                                    0x00405384
                                    0x00405387
                                    0x00405396
                                    0x00405398
                                    0x0040539e
                                    0x0040539f
                                    0x004053a0
                                    0x004053a0
                                    0x004053a8
                                    0x004053b3
                                    0x004053b9
                                    0x004053b9
                                    0x00000000
                                    0x00405323
                                    0x00405253
                                    0x00405259
                                    0x00405289
                                    0x0040528b
                                    0x00405291
                                    0x00405293
                                    0x0040529c
                                    0x0040529c
                                    0x004052a3
                                    0x00000000
                                    0x004052a3
                                    0x0040525d
                                    0x00405267
                                    0x00000000
                                    0x0040522e
                                    0x0040522e
                                    0x00405234
                                    0x0040526c
                                    0x00000000
                                    0x00405275
                                    0x0040523d
                                    0x00405242
                                    0x00405245
                                    0x00000000
                                    0x00405245
                                    0x0040522c
                                    0x00405063
                                    0x00405067
                                    0x00405070
                                    0x00405077
                                    0x0040507a
                                    0x0040507d
                                    0x00405080
                                    0x00405081
                                    0x00405082
                                    0x0040509b
                                    0x0040509e
                                    0x004050a8
                                    0x004050b7
                                    0x004050bf
                                    0x004050c7
                                    0x004050cc
                                    0x004050cf
                                    0x004050db
                                    0x004050e4
                                    0x004050ed
                                    0x00405110
                                    0x00405116
                                    0x00405127
                                    0x0040512c
                                    0x0040513a
                                    0x00405148
                                    0x00405148
                                    0x0040514d
                                    0x0040515b
                                    0x0040515b
                                    0x00405160
                                    0x00405163
                                    0x00405168
                                    0x00405174
                                    0x0040517d
                                    0x0040518a
                                    0x00405199
                                    0x0040518c
                                    0x00405191
                                    0x00405191
                                    0x004051a5
                                    0x004051a5
                                    0x004051b9
                                    0x004051c2
                                    0x004051cb
                                    0x004051db
                                    0x004051e7
                                    0x004051e7
                                    0x00000000

                                    APIs
                                    • GetDlgItem.USER32 ref: 004050A1
                                    • GetDlgItem.USER32 ref: 004050B0
                                    • GetClientRect.USER32 ref: 004050ED
                                    • GetSystemMetrics.USER32 ref: 004050F5
                                    • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405116
                                    • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405127
                                    • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 0040513A
                                    • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405148
                                    • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040515B
                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040517D
                                    • ShowWindow.USER32(?,00000008), ref: 00405191
                                    • GetDlgItem.USER32 ref: 004051B2
                                    • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051C2
                                    • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051DB
                                    • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 004051E7
                                    • GetDlgItem.USER32 ref: 004050BF
                                      • Part of subcall function 00403F4D: SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                    • GetDlgItem.USER32 ref: 00405204
                                    • CreateThread.KERNELBASE(00000000,00000000,Function_00004FD6,00000000), ref: 00405212
                                    • FindCloseChangeNotification.KERNELBASE(00000000), ref: 00405219
                                    • ShowWindow.USER32(00000000), ref: 0040523D
                                    • ShowWindow.USER32(0005036A,00000008), ref: 00405242
                                    • ShowWindow.USER32(00000008), ref: 00405289
                                    • SendMessageA.USER32(0005036A,00001004,00000000,00000000), ref: 004052BB
                                    • CreatePopupMenu.USER32 ref: 004052CC
                                    • AppendMenuA.USER32 ref: 004052E1
                                    • GetWindowRect.USER32 ref: 004052F4
                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405318
                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405353
                                    • OpenClipboard.USER32(00000000), ref: 00405363
                                    • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405369
                                    • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405372
                                    • GlobalLock.KERNEL32 ref: 0040537C
                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405390
                                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004053A8
                                    • SetClipboardData.USER32(00000001,00000000), ref: 004053B3
                                    • CloseClipboard.USER32(?,?,00000000,?,00000000), ref: 004053B9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                    • String ID: {$|qg
                                    • API String ID: 4154960007-3748213714
                                    • Opcode ID: 9f7d9b876b202325161314a9acb1789d5168722e9282c21d8966e97d135edffc
                                    • Instruction ID: b28aa7ce0402c6385ba5b6cd868a6258f1d07b471923b7bae974b2a68da01879
                                    • Opcode Fuzzy Hash: 9f7d9b876b202325161314a9acb1789d5168722e9282c21d8966e97d135edffc
                                    • Instruction Fuzzy Hash: 34A14870904208FFDB219F60DD89AAE7F79FB08355F00417AFA05BA2A0C7795A41DF69
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403A45, Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345windowstringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 158 403a45-403a57 159 403b98-403ba7 158->159 160 403a5d-403a63 158->160 162 403bf6-403c0b 159->162 163 403ba9-403be4 GetDlgItem * 2 call 403f18 KiUserCallbackDispatcher call 40140b 159->163 160->159 161 403a69-403a72 160->161 166 403a74-403a81 SetWindowPos 161->166 167 403a87-403a8a 161->167 164 403c4b-403c50 call 403f64 162->164 165 403c0d-403c10 162->165 186 403be9-403bf1 163->186 177 403c55-403c70 164->177 169 403c12-403c1d call 401389 165->169 170 403c43-403c45 165->170 166->167 172 403aa4-403aaa 167->172 173 403a8c-403a9e ShowWindow 167->173 169->170 191 403c1f-403c3e SendMessageA 169->191 170->164 176 403ee5 170->176 178 403ac6-403ac9 172->178 179 403aac-403ac1 DestroyWindow 172->179 173->172 184 403ee7-403eee 176->184 182 403c72-403c74 call 40140b 177->182 183 403c79-403c7f 177->183 187 403acb-403ad7 SetWindowLongA 178->187 188 403adc-403ae2 178->188 185 403ec2-403ec8 179->185 182->183 194 403ea3-403ebc DestroyWindow KiUserCallbackDispatcher 183->194 195 403c85-403c90 183->195 185->176 192 403eca-403ed0 185->192 186->162 187->184 189 403b85-403b93 call 403f7f 188->189 190 403ae8-403af9 GetDlgItem 188->190 189->184 196 403b18-403b1b 190->196 197 403afb-403b12 SendMessageA IsWindowEnabled 190->197 191->184 192->176 199 403ed2-403edb ShowWindow 192->199 194->185 195->194 200 403c96-403ce3 call 405b88 call 403f18 * 3 GetDlgItem 195->200 201 403b20-403b23 196->201 202 403b1d-403b1e 196->202 197->176 197->196 199->176 228 403ce5-403cea 200->228 229 403ced-403d29 ShowWindow KiUserCallbackDispatcher call 403f3a KiUserCallbackDispatcher 200->229 206 403b31-403b36 201->206 207 403b25-403b2b 201->207 205 403b4e-403b53 call 403ef1 202->205 205->189 210 403b6c-403b7f SendMessageA 206->210 212 403b38-403b3e 206->212 207->210 211 403b2d-403b2f 207->211 210->189 211->205 216 403b40-403b46 call 40140b 212->216 217 403b55-403b5e call 40140b 212->217 226 403b4c 216->226 217->189 225 403b60-403b6a 217->225 225->226 226->205 228->229 232 403d2b-403d2c 229->232 233 403d2e 229->233 234 403d30-403d5e GetSystemMenu EnableMenuItem SendMessageA 232->234 233->234 235 403d60-403d71 SendMessageA 234->235 236 403d73 234->236 237 403d79-403db2 call 403f4d call 405b66 lstrlenA call 405b88 SetWindowTextA call 401389 235->237 236->237 237->177 246 403db8-403dba 237->246 246->177 247 403dc0-403dc4 246->247 248 403de3-403df7 DestroyWindow 247->248 249 403dc6-403dcc 247->249 248->185 251 403dfd-403e2a CreateDialogParamA 248->251 249->176 250 403dd2-403dd8 249->250 250->177 252 403dde 250->252 251->185 253 403e30-403e87 call 403f18 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 251->253 252->176 253->176 258 403e89-403e9c ShowWindow call 403f64 253->258 260 403ea1 258->260 260->185
                                    C-Code - Quality: 84%
                                    			E00403A45(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t141;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x420484 = _t35;
					if(_t115 == 0x110) {
						 *0x423ea8 = _t125;
						 *0x420498 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f460 = _t91;
						E00403F18(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423688); // executed
						 *0x42366c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x420484 = 1;
					}
					_t122 =  *0x4091c4; // 0x5
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423ec0;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403F64(0x40b);
						while(1) {
							_t37 =  *0x420484;
							 *0x4091c4 =  *0x4091c4 + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091c4; // 0x5
							__eflags = _t39 -  *0x423ec4; // 0x5
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42366c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423ec4; // 0x5
							__eflags =  *0x4091c4 - _t44; // 0x5
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405B88(_t116, _t125, _t130, 0x42b800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403F18(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403F18(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423f2c - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008); // executed
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100); // executed
							E00403F3A(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f460, _t117); // executed
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423f2c - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420498);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f460);
							}
							E00403F4D();
							E00405B66(0x4204a0, "CL-Eye Driver Setup");
							E00405B88(0x4204a0, _t125, _t130,  &(0x4204a0[lstrlenA(0x4204a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x4204a0); // executed
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423678); // executed
									 *0x41fc70 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423ea0,  *_t130 +  *0x423680 & 0x0000ffff, _t125,  *(0x4091c8 +  *(_t130 + 4) * 4), _t130); // executed
									__eflags = _t73 - _t133;
									 *0x423678 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403F18(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423678, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42366c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423678, 8); // executed
									E00403F64(0x405);
									goto L58;
								}
								__eflags =  *0x423f2c - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423f20 - _t133; // 0x1
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423678); // executed
						 *0x423ea8 = _t133;
						EndDialog(_t125,  *0x41f868);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423678, 0x40f, 0, 1);
						__eflags =  *0x42366c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420478, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420478,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403F7F(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423678, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423f2c - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f868 = 1;
											L21:
											_push(0x78);
											L22:
											E00403EF1();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f868 = _t127;
										goto L21;
									}
									__eflags =  *0x4091c4 - _t133; // 0x5
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423678); // executed
						 *0x423678 = _a12;
						L58:
						_t141 =  *0x4214a0 - _t133; // 0x1
						if(_t141 == 0) {
							_t142 =  *0x423678 - _t133; // 0xb040e
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa); // executed
								 *0x4214a0 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}

































                                    0x00403a4e
                                    0x00403a57
                                    0x00403b98
                                    0x00403b9c
                                    0x00403ba0
                                    0x00403ba2
                                    0x00403ba7
                                    0x00403bb2
                                    0x00403bbd
                                    0x00403bc2
                                    0x00403bc4
                                    0x00403bc6
                                    0x00403bc9
                                    0x00403bce
                                    0x00403bdc
                                    0x00403be9
                                    0x00403bf0
                                    0x00403bf0
                                    0x00403bf1
                                    0x00403bf1
                                    0x00403bf6
                                    0x00403bfc
                                    0x00403c03
                                    0x00403c09
                                    0x00403c0b
                                    0x00403c4b
                                    0x00403c50
                                    0x00403c55
                                    0x00403c55
                                    0x00403c5a
                                    0x00403c63
                                    0x00403c65
                                    0x00403c6a
                                    0x00403c70
                                    0x00403c74
                                    0x00403c74
                                    0x00403c79
                                    0x00403c7f
                                    0x00000000
                                    0x00000000
                                    0x00403c85
                                    0x00403c8a
                                    0x00403c90
                                    0x00000000
                                    0x00000000
                                    0x00403c99
                                    0x00403ca1
                                    0x00403ca6
                                    0x00403ca9
                                    0x00403caf
                                    0x00403cb4
                                    0x00403cb7
                                    0x00403cbd
                                    0x00403cc2
                                    0x00403cc5
                                    0x00403ccb
                                    0x00403cd3
                                    0x00403cd9
                                    0x00403cdf
                                    0x00403ce3
                                    0x00403cea
                                    0x00403cea
                                    0x00403cea
                                    0x00403cf4
                                    0x00403d06
                                    0x00403d12
                                    0x00403d17
                                    0x00403d21
                                    0x00403d27
                                    0x00403d29
                                    0x00403d2e
                                    0x00403d2b
                                    0x00403d2b
                                    0x00403d2b
                                    0x00403d3e
                                    0x00403d56
                                    0x00403d58
                                    0x00403d5e
                                    0x00403d73
                                    0x00403d60
                                    0x00403d69
                                    0x00403d6b
                                    0x00403d6b
                                    0x00403d79
                                    0x00403d89
                                    0x00403d9a
                                    0x00403da1
                                    0x00403da7
                                    0x00403dab
                                    0x00403db0
                                    0x00403db2
                                    0x00000000
                                    0x00403db8
                                    0x00403db8
                                    0x00403dba
                                    0x00000000
                                    0x00000000
                                    0x00403dc0
                                    0x00403dc4
                                    0x00403de9
                                    0x00403def
                                    0x00403df5
                                    0x00403df7
                                    0x00000000
                                    0x00000000
                                    0x00403e1d
                                    0x00403e23
                                    0x00403e25
                                    0x00403e2a
                                    0x00000000
                                    0x00000000
                                    0x00403e30
                                    0x00403e33
                                    0x00403e36
                                    0x00403e4d
                                    0x00403e59
                                    0x00403e72
                                    0x00403e78
                                    0x00403e7c
                                    0x00403e81
                                    0x00403e87
                                    0x00000000
                                    0x00000000
                                    0x00403e91
                                    0x00403e9c
                                    0x00000000
                                    0x00403e9c
                                    0x00403dc6
                                    0x00403dcc
                                    0x00000000
                                    0x00000000
                                    0x00403dd2
                                    0x00403dd8
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403dde
                                    0x00403db2
                                    0x00403ea9
                                    0x00403eb5
                                    0x00403ebc
                                    0x00000000
                                    0x00403c0d
                                    0x00403c0d
                                    0x00403c10
                                    0x00403c43
                                    0x00403c43
                                    0x00403c45
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403c45
                                    0x00403c12
                                    0x00403c16
                                    0x00403c1b
                                    0x00403c1d
                                    0x00000000
                                    0x00000000
                                    0x00403c2d
                                    0x00403c35
                                    0x00000000
                                    0x00403c3b
                                    0x00403a69
                                    0x00403a69
                                    0x00403a6d
                                    0x00403a72
                                    0x00403a81
                                    0x00403a81
                                    0x00403a8a
                                    0x00403a93
                                    0x00403a9e
                                    0x00403a9e
                                    0x00403aaa
                                    0x00403ac6
                                    0x00403ac9
                                    0x00403adc
                                    0x00403ae2
                                    0x00403b85
                                    0x00000000
                                    0x00403b8e
                                    0x00403ae8
                                    0x00403af5
                                    0x00403af7
                                    0x00403af9
                                    0x00403b18
                                    0x00403b18
                                    0x00403b1b
                                    0x00403b20
                                    0x00403b23
                                    0x00403b33
                                    0x00403b34
                                    0x00403b36
                                    0x00403b6c
                                    0x00403b7f
                                    0x00000000
                                    0x00403b7f
                                    0x00403b38
                                    0x00403b3e
                                    0x00403b57
                                    0x00403b5c
                                    0x00403b5e
                                    0x00000000
                                    0x00000000
                                    0x00403b60
                                    0x00403b4c
                                    0x00403b4c
                                    0x00403b4e
                                    0x00403b4e
                                    0x00000000
                                    0x00403b4e
                                    0x00403b41
                                    0x00403b46
                                    0x00000000
                                    0x00403b46
                                    0x00403b25
                                    0x00403b2b
                                    0x00000000
                                    0x00000000
                                    0x00403b2d
                                    0x00000000
                                    0x00403b2d
                                    0x00403b1d
                                    0x00000000
                                    0x00403b1d
                                    0x00403b03
                                    0x00403b0a
                                    0x00403b10
                                    0x00403b12
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403b12
                                    0x00403ace
                                    0x00000000
                                    0x00403aac
                                    0x00403ab2
                                    0x00403abc
                                    0x00403ec2
                                    0x00403ec2
                                    0x00403ec8
                                    0x00403eca
                                    0x00403ed0
                                    0x00403ed5
                                    0x00403edb
                                    0x00403edb
                                    0x00403ed0
                                    0x00403ee5
                                    0x00000000
                                    0x00403ee5
                                    0x00403aaa

                                    APIs
                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A81
                                    • ShowWindow.USER32(?), ref: 00403A9E
                                    • DestroyWindow.USER32 ref: 00403AB2
                                    • SetWindowLongA.USER32 ref: 00403ACE
                                    • GetDlgItem.USER32 ref: 00403AEF
                                    • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403B03
                                    • IsWindowEnabled.USER32(00000000), ref: 00403B0A
                                    • GetDlgItem.USER32 ref: 00403BB8
                                    • GetDlgItem.USER32 ref: 00403BC2
                                    • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403BDC
                                    • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C2D
                                    • GetDlgItem.USER32 ref: 00403CD3
                                    • ShowWindow.USER32(00000000,?), ref: 00403CF4
                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D06
                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403D21
                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D37
                                    • EnableMenuItem.USER32 ref: 00403D3E
                                    • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D56
                                    • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D69
                                    • lstrlenA.KERNEL32(004204A0,?,004204A0,CL-Eye Driver Setup), ref: 00403D92
                                    • SetWindowTextA.USER32(?,004204A0), ref: 00403DA1
                                    • ShowWindow.USER32(?,0000000A), ref: 00403ED5
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Window$Item$MessageSend$CallbackDispatcherShowUser$Menu$DestroyEnableEnabledLongSystemTextlstrlen
                                    • String ID: CL-Eye Driver Setup$|qg
                                    • API String ID: 2523155381-1329418712
                                    • Opcode ID: 5a851e1acd7e9b2c041f37148ddca57ebdb4acb3e701dc7f2e55be9cac4cc860
                                    • Instruction ID: 1b558320748e03173a152966608fa9e4bba3452d5179f8dde3fdb5243a6fbb8a
                                    • Opcode Fuzzy Hash: 5a851e1acd7e9b2c041f37148ddca57ebdb4acb3e701dc7f2e55be9cac4cc860
                                    • Instruction Fuzzy Hash: 21C18071A04204BBDB216F21ED45E2B3E7DEB4970AF40053EF541B12E1C739AA42DB6E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004036AF, Relevance: 52.7, APIs: 15, Strings: 15, Instructions: 216stringregistrylibraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 261 4036af-4036c7 call 405e88 264 4036c9-4036d9 call 405ac4 261->264 265 4036db-403702 call 405a4d 261->265 273 403725-40374e call 403978 call 40573a 264->273 269 403704-403715 call 405a4d 265->269 270 40371a-403720 lstrcatA 265->270 269->270 270->273 279 403754-403759 273->279 280 4037d5-4037dd call 40573a 273->280 279->280 281 40375b-403773 call 405a4d 279->281 286 4037eb-403810 LoadImageA 280->286 287 4037df-4037e6 call 405b88 280->287 285 403778-40377f 281->285 285->280 291 403781-403783 285->291 289 403816-40384c RegisterClassA 286->289 290 40389f-4038a7 call 40140b 286->290 287->286 292 403852-40389a SystemParametersInfoA CreateWindowExA 289->292 293 40396e 289->293 304 4038b1-4038bc call 403978 290->304 305 4038a9-4038ac 290->305 295 403794-4037a0 lstrlenA 291->295 296 403785-403792 call 405684 291->296 292->290 301 403970-403977 293->301 298 4037a2-4037b0 lstrcmpiA 295->298 299 4037c8-4037d0 call 405659 call 405b66 295->299 296->295 298->299 303 4037b2-4037bc GetFileAttributesA 298->303 299->280 307 4037c2-4037c3 call 4056a0 303->307 308 4037be-4037c0 303->308 314 4038c2-4038df ShowWindow LoadLibraryA 304->314 315 403945-403946 call 404fd6 304->315 305->301 307->299 308->299 308->307 317 4038e1-4038e6 LoadLibraryA 314->317 318 4038e8-4038fa GetClassInfoA 314->318 319 40394b-40394d 315->319 317->318 320 403912-403935 DialogBoxParamA call 40140b 318->320 321 4038fc-40390c GetClassInfoA RegisterClassA 318->321 323 403967-403969 call 40140b 319->323 324 40394f-403955 319->324 325 40393a-403943 call 4035ff 320->325 321->320 323->293 324->305 326 40395b-403962 call 40140b 324->326 325->301 326->305
                                    C-Code - Quality: 96%
                                    			E004036AF() {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				struct HINSTANCE__* _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t86;

				_t81 =  *0x423eb0; // 0x676fd0
				_t20 = E00405E88(6);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x4204a0;
					"1033" = 0x7830;
					E00405A4D(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x4204a0, 0);
					__eflags =  *0x4204a0;
					if(__eflags == 0) {
						E00405A4D(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407302, 0x4204a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AC4("1033",  *_t20() & 0x0000ffff);
				}
				E00403978(_t76, _t88);
				_t24 =  *0x423eb8; // 0x81
				_t85 = "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver";
				 *0x423f20 = _t24 & 0x00000020;
				 *0x423f3c = 0x10000;
				if(E0040573A(_t88, "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver") != 0) {
					L16:
					if(E0040573A(_t96, _t85) == 0) {
						E00405B88(0, _t79, _t81, _t85,  *((intOrPtr*)(_t81 + 0x118))); // executed
					}
					_t28 = LoadImageA( *0x423ea0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x423688 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E00403978(_t76, __eflags);
							__eflags =  *0x423f40; // 0x0
							if(__eflags != 0) {
								_t31 = E00404FD6(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42366c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420478, 5); // executed
							_t37 = LoadLibraryA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								LoadLibraryA("RichEd32");
							}
							_t86 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t86, 0x423640);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x423640);
								 *0x423664 = _t86;
								RegisterClassA(0x423640);
							}
							_t39 =  *0x423680; // 0x0
							_t42 = DialogBoxParamA( *0x423ea0, _t39 + 0x00000069 & 0x0000ffff, 0, E00403A45, 0); // executed
							E004035FF(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423ea0; // 0x400000
						 *0x423654 = _t28;
						_v20 = 0x624e5f;
						 *0x423644 = E00401000;
						 *0x423650 = _t76;
						 *0x423664 =  &_v20;
						if(RegisterClassA(0x423640) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420478 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423ea0, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423ed8; // 0x67e228
					_t79 = 0x422e40;
					E00405A4D( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422e40, 0);
					_t62 =  *0x422e40; // 0x52
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422e41;
						 *((char*)(E00405684(0x422e41, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B66(_t85, E00405659(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056A0(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                    0x004036b5
                                    0x004036be
                                    0x004036c5
                                    0x004036c7
                                    0x004036db
                                    0x004036ed
                                    0x004036f7
                                    0x004036fc
                                    0x00403702
                                    0x00403715
                                    0x00403715
                                    0x00403720
                                    0x004036c9
                                    0x004036d4
                                    0x004036d4
                                    0x00403725
                                    0x0040372a
                                    0x0040372f
                                    0x00403738
                                    0x0040373d
                                    0x0040374e
                                    0x004037d5
                                    0x004037dd
                                    0x004037e6
                                    0x004037e6
                                    0x004037fc
                                    0x00403802
                                    0x00403810
                                    0x0040389f
                                    0x004038a7
                                    0x004038b1
                                    0x004038b6
                                    0x004038bc
                                    0x00403946
                                    0x0040394b
                                    0x0040394d
                                    0x00403969
                                    0x00000000
                                    0x00403969
                                    0x0040394f
                                    0x00403955
                                    0x0040395d
                                    0x0040395d
                                    0x00000000
                                    0x00403955
                                    0x004038ca
                                    0x004038db
                                    0x004038dd
                                    0x004038df
                                    0x004038e6
                                    0x004038e6
                                    0x004038ee
                                    0x004038f6
                                    0x004038f8
                                    0x004038fa
                                    0x00403903
                                    0x00403906
                                    0x0040390c
                                    0x0040390c
                                    0x00403912
                                    0x0040392b
                                    0x0040393c
                                    0x00000000
                                    0x00403941
                                    0x004038a9
                                    0x004038ab
                                    0x00000000
                                    0x00403816
                                    0x00403816
                                    0x0040381c
                                    0x00403826
                                    0x0040382e
                                    0x00403838
                                    0x0040383e
                                    0x0040384c
                                    0x0040396e
                                    0x0040396e
                                    0x00000000
                                    0x0040396e
                                    0x00403852
                                    0x0040385b
                                    0x0040389a
                                    0x00000000
                                    0x0040389a
                                    0x00403754
                                    0x00403754
                                    0x00403759
                                    0x00000000
                                    0x00000000
                                    0x0040375e
                                    0x00403763
                                    0x00403773
                                    0x00403778
                                    0x0040377f
                                    0x00000000
                                    0x00000000
                                    0x00403783
                                    0x00403785
                                    0x00403792
                                    0x00403792
                                    0x0040379a
                                    0x004037a0
                                    0x004037c8
                                    0x004037d0
                                    0x00000000
                                    0x004037b2
                                    0x004037b3
                                    0x004037bc
                                    0x004037c2
                                    0x004037c3
                                    0x00000000
                                    0x004037c3
                                    0x004037be
                                    0x004037c0
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004037c0
                                    0x004037a0

                                    APIs
                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                      • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                    • lstrcatA.KERNEL32(1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403720
                                    • lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Code Laboratories\CL-Eye Driver,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000,00000006,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install), ref: 00403795
                                    • lstrcmpiA.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Code Laboratories\CL-Eye Driver,1033,004204A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004204A0,00000000), ref: 004037A8
                                    • GetFileAttributesA.KERNEL32(Remove folder: ), ref: 004037B3
                                    • LoadImageA.USER32 ref: 004037FC
                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                    • RegisterClassA.USER32 ref: 00403843
                                    • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 0040385B
                                    • CreateWindowExA.USER32 ref: 00403894
                                    • ShowWindow.USER32(00000005,00000000), ref: 004038CA
                                    • LoadLibraryA.KERNELBASE(RichEd20), ref: 004038DB
                                    • LoadLibraryA.KERNEL32(RichEd32), ref: 004038E6
                                    • GetClassInfoA.USER32 ref: 004038F6
                                    • GetClassInfoA.USER32 ref: 00403903
                                    • RegisterClassA.USER32 ref: 0040390C
                                    • DialogBoxParamA.USER32 ref: 0040392B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install$(g$.DEFAULT\Control Panel\International$.exe$1033$@6B$C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                    • API String ID: 914957316-2530801914
                                    • Opcode ID: dc3df647b14f5edb08e6c188d40f6c0d49eeeb874b61cd36a31c0d602ee76b1b
                                    • Instruction ID: 5edcd83abe1923a5ef33726047749e404321c8c293ca1ea02831498dc8d0bb6f
                                    • Opcode Fuzzy Hash: dc3df647b14f5edb08e6c188d40f6c0d49eeeb874b61cd36a31c0d602ee76b1b
                                    • Instruction Fuzzy Hash: A961A3B16442007FD720AF659D45E2B3AADEB4475AF40457FF940B22E1D77CAD01CA2E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404060, Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 204windowstringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 332 404060-404070 333 404183-404196 332->333 334 404076-40407e 332->334 335 4041f2-4041f6 333->335 336 404198-4041a1 333->336 337 404080-40408f 334->337 338 404091-404129 call 403f18 * 2 CheckDlgButton call 403f3a GetDlgItem call 403f4d SendMessageA 334->338 339 4042c6-4042cd 335->339 340 4041fc-404210 GetDlgItem 335->340 341 4042d5 336->341 342 4041a7-4041af 336->342 337->338 370 404134-40417e SendMessageA * 2 lstrlenA SendMessageA * 2 338->370 371 40412b-40412e GetSysColor 338->371 339->341 347 4042cf 339->347 344 404212-404219 340->344 345 404284-40428b 340->345 348 4042d8-4042df call 403f7f 341->348 342->341 346 4041b5-4041c1 342->346 344->345 350 40421b-404236 344->350 345->348 351 40428d-404294 345->351 346->341 352 4041c7-4041ed GetDlgItem SendMessageA call 403f3a call 4042eb 346->352 347->341 355 4042e4-4042e8 348->355 350->345 357 404238-404281 SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 350->357 351->348 358 404296-40429a 351->358 352->335 357->345 361 40429c-4042ab SendMessageA 358->361 362 4042ad-4042b1 358->362 361->362 365 4042c1-4042c4 362->365 366 4042b3-4042bf SendMessageA 362->366 365->355 366->365 370->355 371->370
                                    C-Code - Quality: 93%
                                    			E00404060(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t103;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420480 =  *0x420480 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403F7F(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422e40;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422e40
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423ea8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423ea8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420480 != 0) {
						goto L25;
					} else {
						_t103 =  *0x41fc70; // 0x67717c
						_t25 = _t103 + 0x14; // 0x677190
						_t112 = _t25;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403F3A(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E004042EB();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42367c; // 0x68c42a
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423ed8; // 0x67e228
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E0040402C;
				E00403F18(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403F18(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403F3A( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403F4D(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423eb0; // 0x676fd0
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f464 =  *0x41f464 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16); // executed
				 *0x420480 =  *0x420480 & 0x00000000;
				return 0;
			}





















                                    0x00404070
                                    0x00404196
                                    0x004041f2
                                    0x004041f6
                                    0x004042cd
                                    0x004042cf
                                    0x004042cf
                                    0x004042d5
                                    0x004042d5
                                    0x004042d8
                                    0x00000000
                                    0x004042df
                                    0x00404204
                                    0x00404206
                                    0x00404210
                                    0x0040421b
                                    0x0040421e
                                    0x00404221
                                    0x0040422c
                                    0x0040422f
                                    0x00404236
                                    0x00404244
                                    0x0040425c
                                    0x00404264
                                    0x0040426f
                                    0x0040427f
                                    0x00404281
                                    0x00404281
                                    0x00404236
                                    0x0040428b
                                    0x00000000
                                    0x00404296
                                    0x0040429a
                                    0x004042ab
                                    0x004042ab
                                    0x004042b1
                                    0x004042bf
                                    0x004042bf
                                    0x00000000
                                    0x004042c3
                                    0x0040428b
                                    0x004041a1
                                    0x00000000
                                    0x004041b5
                                    0x004041b5
                                    0x004041bb
                                    0x004041bb
                                    0x004041c1
                                    0x00000000
                                    0x00000000
                                    0x004041e6
                                    0x004041e8
                                    0x004041ed
                                    0x00000000
                                    0x004041ed
                                    0x004041a1
                                    0x00404076
                                    0x00404079
                                    0x0040407e
                                    0x00404080
                                    0x0040408f
                                    0x0040408f
                                    0x00404091
                                    0x00404096
                                    0x00404099
                                    0x0040409b
                                    0x004040a0
                                    0x004040a9
                                    0x004040af
                                    0x004040bb
                                    0x004040be
                                    0x004040c7
                                    0x004040cc
                                    0x004040cf
                                    0x004040d4
                                    0x004040eb
                                    0x004040f2
                                    0x00404105
                                    0x00404108
                                    0x0040411d
                                    0x0040411f
                                    0x00404124
                                    0x00404129
                                    0x0040412e
                                    0x0040412e
                                    0x0040413d
                                    0x0040414c
                                    0x0040414e
                                    0x00404164
                                    0x00404173
                                    0x00404175
                                    0x00000000

                                    APIs
                                    • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040EB
                                    • GetDlgItem.USER32 ref: 004040FF
                                    • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040411D
                                    • GetSysColor.USER32(?), ref: 0040412E
                                    • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040413D
                                    • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040414C
                                    • lstrlenA.KERNEL32(?), ref: 00404156
                                    • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404164
                                    • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404173
                                    • GetDlgItem.USER32 ref: 004041D6
                                    • SendMessageA.USER32(00000000), ref: 004041D9
                                    • GetDlgItem.USER32 ref: 00404204
                                    • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404244
                                    • LoadCursorA.USER32 ref: 00404253
                                    • SetCursor.USER32(00000000), ref: 0040425C
                                    • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040426F
                                    • LoadCursorA.USER32 ref: 0040427C
                                    • SetCursor.USER32(00000000), ref: 0040427F
                                    • SendMessageA.USER32(00000111,00000001,00000000), ref: 004042AB
                                    • SendMessageA.USER32(00000010,00000000,00000000), ref: 004042BF
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                    • String ID: (g$@.B$N$open$|qg
                                    • API String ID: 3615053054-4148372479
                                    • Opcode ID: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                    • Instruction ID: 7761d7a6ce13443680711406d70bf9c6d022160e69bfd2fffc9b265f6460a43d
                                    • Opcode Fuzzy Hash: e8b988e3949f0b6d91b1b58256fef292242953983a672fd1ea6cb44b2e1e2ed0
                                    • Instruction Fuzzy Hash: 4661B2B1A40209BFEB109F60DC45F6A3B69FB44755F10817AFB04BA2D1C7B8A951CF98
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402C72, Relevance: 31.7, APIs: 5, Strings: 13, Instructions: 203memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 372 402c72-402cc0 GetTickCount GetModuleFileNameA call 40583d 375 402cc2-402cc7 372->375 376 402ccc-402cfa call 405b66 call 4056a0 call 405b66 GetFileSize 372->376 377 402f11-402f15 375->377 384 402d00-402d17 376->384 385 402dea-402df8 call 402bd3 376->385 386 402d19 384->386 387 402d1b-402d21 call 4031bf 384->387 392 402ec9-402ece 385->392 393 402dfe-402e01 385->393 386->387 391 402d26-402d28 387->391 394 402e85-402e8d call 402bd3 391->394 395 402d2e-402d34 391->395 392->377 396 402e03-402e14 call 4031f1 call 4031bf 393->396 397 402e2d-402e79 GlobalAlloc call 405f62 call 40586c CreateFileA 393->397 394->392 399 402db4-402db8 395->399 400 402d36-402d4e call 4057fe 395->400 415 402e19-402e1b 396->415 423 402e7b-402e80 397->423 424 402e8f-402ebf call 4031f1 call 402f18 397->424 404 402dc1-402dc7 399->404 405 402dba-402dc0 call 402bd3 399->405 400->404 418 402d50-402d57 400->418 411 402dc9-402dd7 call 405ef4 404->411 412 402dda-402de4 404->412 405->404 411->412 412->384 412->385 415->392 420 402e21-402e27 415->420 418->404 422 402d59-402d60 418->422 420->392 420->397 422->404 425 402d62-402d69 422->425 423->377 431 402ec4-402ec7 424->431 425->404 428 402d6b-402d72 425->428 428->404 430 402d74-402d94 428->430 430->392 432 402d9a-402d9e 430->432 431->392 433 402ed0-402ee1 431->433 434 402da0-402da4 432->434 435 402da6-402dae 432->435 437 402ee3 433->437 438 402ee9-402eee 433->438 434->385 434->435 435->404 436 402db0-402db2 435->436 436->404 437->438 439 402eef-402ef5 438->439 439->439 440 402ef7-402f0f call 4057fe 439->440 440->377
                                    C-Code - Quality: 96%
                                    			E00402C72(void* __eflags, signed int _a4) {
				long _v8;
				long _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				char _v300;
				signed int _t54;
				void* _t57;
				void* _t62;
				signed int _t63;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				signed int _t101;
				signed int _t103;
				void* _t105;
				signed int _t106;
				signed int _t109;
				void* _t110;

				_v8 = 0;
				_v12 = 0;
				 *0x423eac = GetTickCount() + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe", 0x400);
				_t105 = E0040583D("C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe", 0x80000000, 3);
				 *0x409014 = _t105;
				if(_t105 == 0xffffffff) {
					return "Error launching installer";
				}
				E00405B66("C:\\Users\\jones\\Desktop", "C:\\Users\\jones\\Desktop\\CL-Eye-Driver-5.3.0.0341-Emuline.exe");
				E00405B66("CL-Eye-Driver-5.3.0.0341-Emuline.exe", E004056A0("C:\\Users\\jones\\Desktop"));
				_t54 = GetFileSize(_t105, 0);
				__eflags = _t54;
				 *0x41f050 = _t54;
				_t109 = _t54;
				if(_t54 <= 0) {
					L22:
					E00402BD3(1);
					__eflags =  *0x423eb4; // 0xea00
					if(__eflags == 0) {
						goto L30;
					}
					__eflags = _v12;
					if(_v12 == 0) {
						L26:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t110 = _t57;
						E00405F62(0x40afb8);
						E0040586C( &_v300, "C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileA( &_v300, 0xc0000000, 0, 0, 2, 0x4000100, 0); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x409018 = _t62;
						if(_t62 != 0xffffffff) {
							_t63 =  *0x423eb4; // 0xea00
							_t65 = E004031F1(_t63 + 0x1c);
							 *0x41f054 = _t65;
							 *0x417048 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00402F18(_v16, 0xffffffff, 0, _t110, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x423eb0 = _t110;
								 *0x423eb8 =  *_t110;
								if((_v40 & 0x00000001) != 0) {
									 *0x423ebc =  *0x423ebc + 1;
									__eflags =  *0x423ebc;
								}
								_t45 = _t110 + 0x44; // 0x44
								_t70 = _t45;
								_t101 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t110;
									_t101 = _t101 - 1;
									__eflags = _t101;
								} while (_t101 != 0);
								_t71 =  *0x417044; // 0x653b35
								 *((intOrPtr*)(_t110 + 0x3c)) = _t71;
								E004057FE(0x423ec0, _t110 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L30;
						}
						return "Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004031F1( *0x417040);
					_t77 = E004031BF( &_a4, 4); // executed
					__eflags = _t77;
					if(_t77 == 0) {
						goto L30;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L30;
					}
					goto L26;
				} else {
					do {
						_t79 =  *0x423eb4; // 0xea00
						_t106 = _t109;
						asm("sbb eax, eax");
						_t82 = ( ~_t79 & 0x00007e00) + 0x200;
						__eflags = _t109 - _t82;
						if(_t109 >= _t82) {
							_t106 = _t82;
						}
						_t83 = E004031BF(0x417050, _t106); // executed
						__eflags = _t83;
						if(_t83 == 0) {
							E00402BD3(1);
							L30:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423eb4; // 0xea00
						if(__eflags != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BD3(0);
							}
							goto L19;
						}
						E004057FE( &_v40, 0x417050, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L19;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L19;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L19;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L19;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L19;
						}
						_a4 = _a4 | _t89;
						_t103 =  *0x417040; // 0x2f569
						 *0x423f40 =  *0x423f40 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t109;
						 *0x423eb4 = _t103;
						if(_t92 > _t109) {
							goto L30;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L15:
							_v12 = _v12 + 1;
							_t109 = _t92 - 4;
							__eflags = _t106 - _t109;
							if(_t106 > _t109) {
								_t106 = _t109;
							}
							goto L19;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							goto L22;
						}
						goto L15;
						L19:
						__eflags = _t109 -  *0x41f050; // 0x2fc52
						if(__eflags < 0) {
							_v8 = E00405EF4(_v8, 0x417050, _t106);
						}
						 *0x417040 =  *0x417040 + _t106;
						_t109 = _t109 - _t106;
						__eflags = _t109;
					} while (_t109 > 0);
					goto L22;
				}
			}

































                                    0x00402c80
                                    0x00402c83
                                    0x00402c9d
                                    0x00402ca2
                                    0x00402cb5
                                    0x00402cba
                                    0x00402cc0
                                    0x00000000
                                    0x00402cc2
                                    0x00402cd3
                                    0x00402ce4
                                    0x00402ceb
                                    0x00402cf1
                                    0x00402cf3
                                    0x00402cf8
                                    0x00402cfa
                                    0x00402dea
                                    0x00402dec
                                    0x00402df1
                                    0x00402df8
                                    0x00000000
                                    0x00000000
                                    0x00402dfe
                                    0x00402e01
                                    0x00402e2d
                                    0x00402e32
                                    0x00402e3d
                                    0x00402e3f
                                    0x00402e50
                                    0x00402e6b
                                    0x00402e71
                                    0x00402e74
                                    0x00402e79
                                    0x00402e8f
                                    0x00402e98
                                    0x00402ea8
                                    0x00402eba
                                    0x00402ebf
                                    0x00402ec4
                                    0x00402ec7
                                    0x00402ed0
                                    0x00402ed4
                                    0x00402edc
                                    0x00402ee1
                                    0x00402ee3
                                    0x00402ee3
                                    0x00402ee3
                                    0x00402eeb
                                    0x00402eeb
                                    0x00402eee
                                    0x00402eef
                                    0x00402eef
                                    0x00402ef2
                                    0x00402ef4
                                    0x00402ef4
                                    0x00402ef4
                                    0x00402ef7
                                    0x00402efe
                                    0x00402f0a
                                    0x00402f0f
                                    0x00000000
                                    0x00402f0f
                                    0x00000000
                                    0x00402ec7
                                    0x00000000
                                    0x00402e7b
                                    0x00402e09
                                    0x00402e14
                                    0x00402e19
                                    0x00402e1b
                                    0x00000000
                                    0x00000000
                                    0x00402e24
                                    0x00402e27
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00402d00
                                    0x00402d00
                                    0x00402d00
                                    0x00402d05
                                    0x00402d09
                                    0x00402d10
                                    0x00402d15
                                    0x00402d17
                                    0x00402d19
                                    0x00402d19
                                    0x00402d21
                                    0x00402d26
                                    0x00402d28
                                    0x00402e87
                                    0x00402ec9
                                    0x00000000
                                    0x00402ec9
                                    0x00402d2e
                                    0x00402d34
                                    0x00402db4
                                    0x00402db8
                                    0x00402dbb
                                    0x00402dc0
                                    0x00000000
                                    0x00402db8
                                    0x00402d41
                                    0x00402d46
                                    0x00402d49
                                    0x00402d4e
                                    0x00000000
                                    0x00000000
                                    0x00402d50
                                    0x00402d57
                                    0x00000000
                                    0x00000000
                                    0x00402d59
                                    0x00402d60
                                    0x00000000
                                    0x00000000
                                    0x00402d62
                                    0x00402d69
                                    0x00000000
                                    0x00000000
                                    0x00402d6b
                                    0x00402d72
                                    0x00000000
                                    0x00000000
                                    0x00402d74
                                    0x00402d7a
                                    0x00402d83
                                    0x00402d89
                                    0x00402d8c
                                    0x00402d8e
                                    0x00402d94
                                    0x00000000
                                    0x00000000
                                    0x00402d9a
                                    0x00402d9e
                                    0x00402da6
                                    0x00402da6
                                    0x00402da9
                                    0x00402dac
                                    0x00402dae
                                    0x00402db0
                                    0x00402db0
                                    0x00000000
                                    0x00402dae
                                    0x00402da0
                                    0x00402da4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00402dc1
                                    0x00402dc1
                                    0x00402dc7
                                    0x00402dd7
                                    0x00402dd7
                                    0x00402dda
                                    0x00402de0
                                    0x00402de2
                                    0x00402de2
                                    0x00000000
                                    0x00402d00

                                    APIs
                                    • GetTickCount.KERNEL32 ref: 00402C86
                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,00000400), ref: 00402CA2
                                      • Part of subcall function 0040583D: GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,80000000,00000003), ref: 00405841
                                      • Part of subcall function 0040583D: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                    • GetFileSize.KERNEL32(00000000,00000000,CL-Eye-Driver-5.3.0.0341-Emuline.exe,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,80000000,00000003), ref: 00402CEB
                                    • GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E32
                                    Strings
                                    • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E7B
                                    • C:\Users\user\Desktop, xrefs: 00402CCD, 00402CD2, 00402CD8
                                    • Null, xrefs: 00402D6B
                                    • 5;e, xrefs: 00402EF7
                                    • "qR, xrefs: 00402EBA
                                    • soft, xrefs: 00402D62
                                    • C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe, xrefs: 00402C8C, 00402C9B, 00402CAF, 00402CCC
                                    • Inst, xrefs: 00402D59
                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EC9
                                    • "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install, xrefs: 00402C7F
                                    • Error launching installer, xrefs: 00402CC2
                                    • CL-Eye-Driver-5.3.0.0341-Emuline.exe, xrefs: 00402CDF
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C72, 00402E4A
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install$"qR$5;e$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe$CL-Eye-Driver-5.3.0.0341-Emuline.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                    • API String ID: 2803837635-4001693342
                                    • Opcode ID: a9f02fa87dcfd966b73a569bd813c187ceb7b56ac983ed574234296b30cca538
                                    • Instruction ID: 0b72a330c31c6d4d52753dad6a5c3012229d4666e6dae103a7747cbc92612fb8
                                    • Opcode Fuzzy Hash: a9f02fa87dcfd966b73a569bd813c187ceb7b56ac983ed574234296b30cca538
                                    • Instruction Fuzzy Hash: B761E231A40215ABDB20DF64DE49B9E7BB4EB04315F20407BF904B62D2D7BC9E458B9C
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405B88, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 197stringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 443 405b88-405b93 444 405b95-405ba4 443->444 445 405ba6-405bc3 443->445 444->445 446 405da5-405da9 445->446 447 405bc9-405bd0 445->447 448 405bd5-405bdf 446->448 449 405daf-405db9 446->449 447->446 448->449 452 405be5-405bec 448->452 450 405dc4-405dc5 449->450 451 405dbb-405dbf call 405b66 449->451 451->450 453 405bf2-405c27 452->453 454 405d98 452->454 456 405d42-405d45 453->456 457 405c2d-405c38 GetVersion 453->457 458 405da2-405da4 454->458 459 405d9a-405da0 454->459 462 405d75-405d78 456->462 463 405d47-405d4a 456->463 460 405c52 457->460 461 405c3a-405c3e 457->461 458->446 459->446 467 405c59-405c60 460->467 461->460 464 405c40-405c44 461->464 468 405d86-405d96 lstrlenA 462->468 469 405d7a-405d81 call 405b88 462->469 465 405d5a-405d66 call 405b66 463->465 466 405d4c-405d58 call 405ac4 463->466 464->460 470 405c46-405c4a 464->470 480 405d6b-405d71 465->480 466->480 472 405c62-405c64 467->472 473 405c65-405c67 467->473 468->446 469->468 470->460 476 405c4c-405c50 470->476 472->473 478 405ca0-405ca3 473->478 479 405c69-405c84 call 405a4d 473->479 476->467 481 405cb3-405cb6 478->481 482 405ca5-405cb1 GetSystemDirectoryA 478->482 488 405c89-405c8c 479->488 480->468 484 405d73 480->484 486 405d20-405d22 481->486 487 405cb8-405cc6 GetWindowsDirectoryA 481->487 485 405d24-405d27 482->485 489 405d3a-405d40 call 405dc8 484->489 485->489 493 405d29-405d2d 485->493 486->485 491 405cc8-405cd2 486->491 487->486 492 405c92-405c9b call 405b88 488->492 488->493 489->468 495 405cd4-405cd7 491->495 496 405cec-405d02 SHGetSpecialFolderLocation 491->496 492->485 493->489 498 405d2f-405d35 lstrcatA 493->498 495->496 499 405cd9-405ce0 495->499 500 405d04-405d1b SHGetPathFromIDListA CoTaskMemFree 496->500 501 405d1d 496->501 498->489 503 405ce8-405cea 499->503 500->485 500->501 501->486 503->485 503->496
                                    C-Code - Quality: 74%
                                    			E00405B88(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42367c; // 0x68c42a
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423ed8; // 0x67e228
				_t74 = _t73 + _t36;
				_t37 = 0x422e40;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422e40;
				if(_a4 - 0x422e40 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405B88(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422e40;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x424000;
							E00405B66(_t86, (_t95 << 0xa) + 0x424000);
						} else {
							E00405AC4(_t86,  *0x423ea8);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DC8(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423f24;
						if( *0x423f24 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423ea4; // 0x73951340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423ea8,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86); // executed
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423ed8;
							E00405A4D(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423ed8, _t86, _t69 & 0x00000040); // executed
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405B88(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B66(_a4, _t37);
			}






























                                    0x00405b88
                                    0x00405b88
                                    0x00405b88
                                    0x00405b8e
                                    0x00405b93
                                    0x00405b95
                                    0x00405ba4
                                    0x00405ba4
                                    0x00405ba6
                                    0x00405baf
                                    0x00405bb1
                                    0x00405bb6
                                    0x00405bb9
                                    0x00405bba
                                    0x00405bc1
                                    0x00405bc3
                                    0x00405bc9
                                    0x00405bcc
                                    0x00405bcc
                                    0x00405da5
                                    0x00405da5
                                    0x00405da9
                                    0x00000000
                                    0x00000000
                                    0x00405bd9
                                    0x00405bdf
                                    0x00000000
                                    0x00000000
                                    0x00405be5
                                    0x00405be6
                                    0x00405be9
                                    0x00405bec
                                    0x00405d98
                                    0x00405da2
                                    0x00405da4
                                    0x00405da4
                                    0x00405d9a
                                    0x00405d9c
                                    0x00405d9e
                                    0x00405d9f
                                    0x00405d9f
                                    0x00000000
                                    0x00405d98
                                    0x00405bf2
                                    0x00405bf6
                                    0x00405c06
                                    0x00405c0a
                                    0x00405c11
                                    0x00405c14
                                    0x00405c18
                                    0x00405c1e
                                    0x00405c21
                                    0x00405c24
                                    0x00405c27
                                    0x00405d42
                                    0x00405d45
                                    0x00405d75
                                    0x00405d78
                                    0x00405d7d
                                    0x00405d81
                                    0x00405d81
                                    0x00405d86
                                    0x00405d87
                                    0x00405d8c
                                    0x00405d8f
                                    0x00405d91
                                    0x00000000
                                    0x00405d91
                                    0x00405d47
                                    0x00405d4a
                                    0x00405d5f
                                    0x00405d66
                                    0x00405d4c
                                    0x00405d53
                                    0x00405d53
                                    0x00405d6e
                                    0x00405d71
                                    0x00405d3a
                                    0x00405d3b
                                    0x00405d3b
                                    0x00000000
                                    0x00405d71
                                    0x00405c2f
                                    0x00405c30
                                    0x00405c36
                                    0x00405c38
                                    0x00405c52
                                    0x00405c52
                                    0x00405c59
                                    0x00405c59
                                    0x00405c60
                                    0x00405c64
                                    0x00405c64
                                    0x00405c65
                                    0x00405c67
                                    0x00405ca0
                                    0x00405ca3
                                    0x00405cb3
                                    0x00405cb6
                                    0x00405cbe
                                    0x00405cc4
                                    0x00405cc4
                                    0x00405d20
                                    0x00405d20
                                    0x00405d22
                                    0x00000000
                                    0x00000000
                                    0x00405cc8
                                    0x00405ccf
                                    0x00405cd0
                                    0x00405cd2
                                    0x00405cec
                                    0x00405cfa
                                    0x00405d00
                                    0x00405d02
                                    0x00405d1d
                                    0x00405d1d
                                    0x00405d1d
                                    0x00000000
                                    0x00405d1d
                                    0x00405d08
                                    0x00405d13
                                    0x00405d19
                                    0x00405d1b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405d1b
                                    0x00405cd4
                                    0x00405cd7
                                    0x00000000
                                    0x00000000
                                    0x00405ce6
                                    0x00405ce8
                                    0x00405cea
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405cea
                                    0x00000000
                                    0x00405d20
                                    0x00405cab
                                    0x00000000
                                    0x00405c69
                                    0x00405c6e
                                    0x00405c84
                                    0x00405c89
                                    0x00405c8c
                                    0x00405d29
                                    0x00405d29
                                    0x00405d2d
                                    0x00405d35
                                    0x00405d35
                                    0x00000000
                                    0x00405d2d
                                    0x00405c96
                                    0x00405d24
                                    0x00405d24
                                    0x00405d27
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405d27
                                    0x00405c67
                                    0x00405c3a
                                    0x00405c3e
                                    0x00000000
                                    0x00000000
                                    0x00405c40
                                    0x00405c44
                                    0x00000000
                                    0x00000000
                                    0x00405c46
                                    0x00405c4a
                                    0x00000000
                                    0x00405c4c
                                    0x00405c4c
                                    0x00000000
                                    0x00405c4c
                                    0x00405c4a
                                    0x00405daf
                                    0x00405db9
                                    0x00405dc5
                                    0x00405dc5
                                    0x00000000

                                    APIs
                                    • GetVersion.KERNEL32(00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00404F3C,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000), ref: 00405C30
                                    • GetSystemDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405CAB
                                    • GetWindowsDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405CBE
                                    • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405CFA
                                    • SHGetPathFromIDListA.SHELL32(00000000,Remove folder: ), ref: 00405D08
                                    • CoTaskMemFree.OLE32(00000000), ref: 00405D13
                                    • lstrcatA.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D35
                                    • lstrlenA.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00404F3C,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000), ref: 00405D87
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                    • String ID: (g$Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                    • API String ID: 900638850-3126495154
                                    • Opcode ID: 9f661340fe254e8532a48fa09532479d6b1db0db37beb981e71fc3962c80c576
                                    • Instruction ID: 2bb53c71d9fe9ef1e56bc14ab20fd8486271744d1d3ead2cb2ad614034e11287
                                    • Opcode Fuzzy Hash: 9f661340fe254e8532a48fa09532479d6b1db0db37beb981e71fc3962c80c576
                                    • Instruction Fuzzy Hash: D7510131A04A04AAEF205F64DC88B7B3BA4DF55324F14823BE911B62D0D33C59829E4E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401734, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 573 401734-401757 call 4029f6 call 4056c6 578 401761-401773 call 405b66 call 405659 lstrcatA 573->578 579 401759-40175f call 405b66 573->579 585 401778-40177e call 405dc8 578->585 579->585 589 401783-401787 585->589 590 401789-401793 call 405e61 589->590 591 4017ba-4017bd 589->591 599 4017a5-4017b7 590->599 600 401795-4017a3 CompareFileTime 590->600 593 4017c5-4017e1 call 40583d 591->593 594 4017bf-4017c0 call 40581e 591->594 601 4017e3-4017e6 593->601 602 401859-401882 call 404f04 call 402f18 593->602 594->593 599->591 600->599 603 4017e8-40182a call 405b66 * 2 call 405b88 call 405b66 call 405427 601->603 604 40183b-401845 call 404f04 601->604 616 401884-401888 602->616 617 40188a-401896 SetFileTime 602->617 603->589 637 401830-401831 603->637 614 40184e-401854 604->614 618 402894 614->618 616->617 620 40189c-4018a7 FindCloseChangeNotification 616->620 617->620 621 402896-40289a 618->621 623 40288b-40288e 620->623 624 4018ad-4018b0 620->624 623->618 625 4018b2-4018c3 call 405b88 lstrcatA 624->625 626 4018c5-4018c8 call 405b88 624->626 632 4018cd-402213 call 405427 625->632 626->632 632->621 640 40265c-402663 632->640 637->614 638 401833-401834 637->638 638->604 640->623
                                    C-Code - Quality: 75%
                                    			E00401734(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E004029F6(0x31);
				 *(_t85 - 8) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x24) & 0x00000007;
				_t33 = E004056C6(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E00405659(E00405B66(0x409b70, "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver")), ??);
				} else {
					_push(0x409b70);
					E00405B66();
				}
				E00405DC8(0x409b70);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E61(0x409b70);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x18);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040581E(0x409b70);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040583D(0x409b70, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 0x34) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404F04(0xffffffe2,  *(_t85 - 8));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423f28;
						goto L32;
					} else {
						E00405B66(0x40a370, 0x424000);
						E00405B66(0x424000, 0x409b70);
						E00405B88(_t75, 0x40a370, 0x409b70, "C:\Users\jones\AppData\Local\Temp\nsz8F4D.tmp\System.dll",  *((intOrPtr*)(_t85 - 0x10)));
						E00405B66(0x424000, 0x40a370);
						_t62 = E00405427("C:\Users\jones\AppData\Local\Temp\nsz8F4D.tmp\System.dll",  *(_t85 - 0x24) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423f28 =  &( *0x423f28->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409b70);
								_push(0xfffffffa);
								E00404F04();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404F04(0xffffffea,  *(_t85 - 8));
				 *0x423f54 =  *0x423f54 + 1;
				_t43 = E00402F18(_t77,  *((intOrPtr*)(_t85 - 0x1c)),  *(_t85 - 0x34), _t75, _t75); // executed
				 *0x423f54 =  *0x423f54 - 1;
				__eflags =  *(_t85 - 0x18) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x18) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 0x34), _t85 - 0x18, _t75, _t85 - 0x18); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x14)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x14)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 0x34)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffee);
					} else {
						E00405B88(_t75, _t80, 0x409b70, 0x409b70, 0xffffffe9);
						lstrcatA(0x409b70,  *(_t85 - 8));
					}
					_push(0x200010);
					_push(0x409b70);
					E00405427();
					goto L29;
				}
				goto L33;
			}
















                                    0x00401734
                                    0x0040173b
                                    0x00401744
                                    0x00401747
                                    0x0040174a
                                    0x0040174f
                                    0x00401757
                                    0x00401773
                                    0x00401759
                                    0x00401759
                                    0x0040175a
                                    0x0040175a
                                    0x00401779
                                    0x00401783
                                    0x00401783
                                    0x00401787
                                    0x0040178a
                                    0x0040178f
                                    0x00401791
                                    0x00401793
                                    0x00401798
                                    0x00401798
                                    0x004017a3
                                    0x004017a3
                                    0x004017b4
                                    0x004017b6
                                    0x004017b6
                                    0x004017b7
                                    0x004017b7
                                    0x004017ba
                                    0x004017bd
                                    0x004017c0
                                    0x004017c0
                                    0x004017c7
                                    0x004017d6
                                    0x004017db
                                    0x004017de
                                    0x004017e1
                                    0x00000000
                                    0x00000000
                                    0x004017e3
                                    0x004017e6
                                    0x00401840
                                    0x00401845
                                    0x004015a8
                                    0x0040265c
                                    0x0040265c
                                    0x0040288b
                                    0x0040288e
                                    0x0040288e
                                    0x00000000
                                    0x004017e8
                                    0x004017ee
                                    0x004017f9
                                    0x00401806
                                    0x00401811
                                    0x00401827
                                    0x00401827
                                    0x0040182a
                                    0x00000000
                                    0x00401830
                                    0x00401830
                                    0x00401831
                                    0x0040184e
                                    0x00402894
                                    0x00402894
                                    0x00402894
                                    0x00401833
                                    0x00401833
                                    0x00401834
                                    0x00401492
                                    0x0040220e
                                    0x0040220e
                                    0x0040220e
                                    0x00401831
                                    0x0040182a
                                    0x00402896
                                    0x0040289a
                                    0x0040289a
                                    0x0040185e
                                    0x00401863
                                    0x00401871
                                    0x00401876
                                    0x0040187c
                                    0x00401880
                                    0x00401882
                                    0x0040188a
                                    0x00401896
                                    0x00401884
                                    0x00401884
                                    0x00401888
                                    0x00000000
                                    0x00000000
                                    0x00401888
                                    0x0040189f
                                    0x004018a5
                                    0x004018a7
                                    0x00000000
                                    0x004018ad
                                    0x004018ad
                                    0x004018b0
                                    0x004018c8
                                    0x004018b2
                                    0x004018b5
                                    0x004018be
                                    0x004018be
                                    0x004018cd
                                    0x004018d2
                                    0x00402209
                                    0x00000000
                                    0x00402209
                                    0x00000000

                                    APIs
                                    • lstrcatA.KERNEL32(00000000,00000000,Call,C:\Program Files (x86)\Code Laboratories\CL-Eye Driver,00000000,00000000,00000031), ref: 00401773
                                    • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Program Files (x86)\Code Laboratories\CL-Eye Driver,00000000,00000000,00000031), ref: 0040179D
                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,CL-Eye Driver Setup,NSIS Error), ref: 00405B73
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00402C4A,00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000), ref: 00404F60
                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\), ref: 00404F72
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                    • String ID: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp$C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\System.dll$Call
                                    • API String ID: 1941528284-3461172290
                                    • Opcode ID: f8a6a444128ea722c5b0654b800be12f190068aadf11e0c26a2a13909132d046
                                    • Instruction ID: ca24b6133afb507e547736dc5ab02d451b7f1a2d30e0a517c5ad6537af4b780a
                                    • Opcode Fuzzy Hash: f8a6a444128ea722c5b0654b800be12f190068aadf11e0c26a2a13909132d046
                                    • Instruction Fuzzy Hash: 8441C131900515BBCB10BFB5DD46EAF3A79EF01369B24433BF511B11E1D63C9A418AAD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404F04, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 641 404f04-404f19 642 404fcf-404fd3 641->642 643 404f1f-404f31 641->643 644 404f33-404f37 call 405b88 643->644 645 404f3c-404f48 lstrlenA 643->645 644->645 647 404f65-404f69 645->647 648 404f4a-404f5a lstrlenA 645->648 650 404f78-404f7c 647->650 651 404f6b-404f72 SetWindowTextA 647->651 648->642 649 404f5c-404f60 lstrcatA 648->649 649->647 652 404fc2-404fc4 650->652 653 404f7e-404fc0 SendMessageA * 3 650->653 651->650 652->642 654 404fc6-404fc9 652->654 653->652 654->642
                                    C-Code - Quality: 100%
                                    			E00404F04(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423684; // 0x5036a
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423f54; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405B88(0, _t39, 0x41fc78, 0x41fc78, _a4);
					}
					_t26 = lstrlenA(0x41fc78);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423668, 0x41fc78); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fc78;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52); // executed
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fc78)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fc78, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                    0x00404f0a
                                    0x00404f16
                                    0x00404f19
                                    0x00404f1f
                                    0x00404f2b
                                    0x00404f2e
                                    0x00404f31
                                    0x00404f37
                                    0x00404f37
                                    0x00404f3d
                                    0x00404f45
                                    0x00404f48
                                    0x00404f65
                                    0x00404f69
                                    0x00404f72
                                    0x00404f72
                                    0x00404f7c
                                    0x00404f85
                                    0x00404f91
                                    0x00404f98
                                    0x00404f9c
                                    0x00404f9f
                                    0x00404fb2
                                    0x00404fc0
                                    0x00404fc0
                                    0x00404fc4
                                    0x00404fc6
                                    0x00404fc9
                                    0x00000000
                                    0x00404fc9
                                    0x00404f4a
                                    0x00404f52
                                    0x00404f5a
                                    0x00404f60
                                    0x00000000
                                    0x00404f60
                                    0x00404f5a
                                    0x00404f48
                                    0x00404fd3

                                    APIs
                                    • lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                    • lstrlenA.KERNEL32(00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                    • lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00402C4A,00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000), ref: 00404F60
                                    • SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\), ref: 00404F72
                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                    • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                    • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                    • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\
                                    • API String ID: 2531174081-412040596
                                    • Opcode ID: 6f5438f81cf7a4cf278200178885afddebba4b3e10535ae1fdd8142835d36988
                                    • Instruction ID: 33d69ec58002f5e3cec48cf4aa7ac502a1da6879986bf9ca4026f821734cd723
                                    • Opcode Fuzzy Hash: 6f5438f81cf7a4cf278200178885afddebba4b3e10535ae1fdd8142835d36988
                                    • Instruction Fuzzy Hash: C4219D71A00108BBDF119FA5CD849DEBFB9EB49354F14807AFA04B6290C3389E45CBA8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402F18, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 109fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 655 402f18-402f27 656 402f45-402f50 call 403043 655->656 657 402f29-402f3f SetFilePointer 655->657 660 402f56-402f70 ReadFile 656->660 661 40303c-403040 656->661 657->656 662 402f76-402f79 660->662 663 403039 660->663 662->663 665 402f7f-402f92 call 403043 662->665 664 40303b 663->664 664->661 665->661 668 402f98-402f9b 665->668 669 403008-40300e 668->669 670 402f9d-402fa0 668->670 673 403010 669->673 674 403013-403026 ReadFile 669->674 671 403034-403037 670->671 672 402fa6 670->672 671->661 675 402fab-402fb3 672->675 673->674 674->663 676 403028-403031 674->676 677 402fb5 675->677 678 402fb8-402fca ReadFile 675->678 676->671 677->678 678->663 679 402fcc-402fcf 678->679 679->663 680 402fd1-402fe6 WriteFile 679->680 681 403004-403006 680->681 682 402fe8-402feb 680->682 681->664 682->681 683 402fed-403000 682->683 683->675 684 403002 683->684 684->671
                                    C-Code - Quality: 93%
                                    			E00402F18(void* __ecx, void _a4, void* _a8, void* _a12, long _a16) {
				long _v8;
				intOrPtr _v12;
				void _t31;
				intOrPtr _t32;
				int _t35;
				long _t36;
				int _t37;
				long _t38;
				int _t40;
				int _t42;
				long _t43;
				long _t44;
				intOrPtr _t51;
				long _t55;
				long _t57;

				_t31 = _a4;
				if(_t31 >= 0) {
					_t51 =  *0x423ef8; // 0x155aa
					_t44 = _t31 + _t51;
					 *0x417044 = _t44;
					SetFilePointer( *0x409018, _t44, 0, 0); // executed
				}
				_t57 = 4;
				_t32 = E00403043(_t57);
				if(_t32 >= 0) {
					_t35 = ReadFile( *0x409018,  &_a4, _t57,  &_v8, 0); // executed
					if(_t35 == 0 || _v8 != _t57) {
						L23:
						_push(0xfffffffd);
						goto L24;
					} else {
						 *0x417044 =  *0x417044 + _t57;
						_t32 = E00403043(_a4);
						_v12 = _t32;
						if(_t32 >= 0) {
							if(_a12 != 0) {
								_t36 = _a4;
								if(_t36 >= _a16) {
									_t36 = _a16;
								}
								_t37 = ReadFile( *0x409018, _a12, _t36,  &_v8, 0); // executed
								if(_t37 == 0) {
									goto L23;
								} else {
									_t38 = _v8;
									 *0x417044 =  *0x417044 + _t38;
									_v12 = _t38;
									goto L22;
								}
							} else {
								if(_a4 <= 0) {
									L22:
									_t32 = _v12;
								} else {
									while(1) {
										_t55 = 0x4000;
										if(_a4 < 0x4000) {
											_t55 = _a4;
										}
										_t40 = ReadFile( *0x409018, 0x413040, _t55,  &_v8, 0); // executed
										if(_t40 == 0 || _t55 != _v8) {
											goto L23;
										}
										_t42 = WriteFile(_a8, 0x413040, _v8,  &_a16, 0); // executed
										if(_t42 == 0 || _a16 != _t55) {
											_push(0xfffffffe);
											L24:
											_pop(_t32);
										} else {
											_t43 = _v8;
											_v12 = _v12 + _t43;
											_a4 = _a4 - _t43;
											 *0x417044 =  *0x417044 + _t43;
											if(_a4 > 0) {
												continue;
											} else {
												goto L22;
											}
										}
										goto L25;
									}
									goto L23;
								}
							}
						}
					}
				}
				L25:
				return _t32;
			}


















                                    0x00402f1d
                                    0x00402f27
                                    0x00402f29
                                    0x00402f30
                                    0x00402f34
                                    0x00402f3f
                                    0x00402f3f
                                    0x00402f47
                                    0x00402f49
                                    0x00402f50
                                    0x00402f6c
                                    0x00402f70
                                    0x00403039
                                    0x00403039
                                    0x00000000
                                    0x00402f7f
                                    0x00402f82
                                    0x00402f88
                                    0x00402f8f
                                    0x00402f92
                                    0x00402f9b
                                    0x00403008
                                    0x0040300e
                                    0x00403010
                                    0x00403010
                                    0x00403022
                                    0x00403026
                                    0x00000000
                                    0x00403028
                                    0x00403028
                                    0x0040302b
                                    0x00403031
                                    0x00000000
                                    0x00403031
                                    0x00402f9d
                                    0x00402fa0
                                    0x00403034
                                    0x00403034
                                    0x00402fa6
                                    0x00402fab
                                    0x00402fab
                                    0x00402fb3
                                    0x00402fb5
                                    0x00402fb5
                                    0x00402fc6
                                    0x00402fca
                                    0x00000000
                                    0x00000000
                                    0x00402fde
                                    0x00402fe6
                                    0x00403004
                                    0x0040303b
                                    0x0040303b
                                    0x00402fed
                                    0x00402fed
                                    0x00402ff0
                                    0x00402ff3
                                    0x00402ff6
                                    0x00403000
                                    0x00000000
                                    0x00403002
                                    0x00000000
                                    0x00403002
                                    0x00403000
                                    0x00000000
                                    0x00402fe6
                                    0x00000000
                                    0x00402fab
                                    0x00402fa0
                                    0x00402f9b
                                    0x00402f92
                                    0x00402f70
                                    0x0040303c
                                    0x00403040

                                    APIs
                                    • SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130,0000E9E4), ref: 00402F3F
                                    • ReadFile.KERNELBASE(00409130,00000004,0000E9E4,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000,00000000,00409130), ref: 00402F6C
                                    • ReadFile.KERNELBASE(00413040,00004000,0000E9E4,00000000,00409130,?,00402EC4,000000FF,00000000,00000000,00409130,0000E9E4), ref: 00402FC6
                                    • WriteFile.KERNELBASE(00000000,00413040,0000E9E4,000000FF,00000000,?,00402EC4,000000FF,00000000,00000000,00409130,0000E9E4), ref: 00402FDE
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: File$Read$PointerWrite
                                    • String ID: 5;e$@0A
                                    • API String ID: 2113905535-3641682052
                                    • Opcode ID: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                    • Instruction ID: f0f891dec1baa82fcb152a6e3a42d02399587e043c2e4755ce28507b82245ee9
                                    • Opcode Fuzzy Hash: 3fc20a6f8204afd4db5be5275d6ec1a2b538eb21de19a3adc5be7867336c551b
                                    • Instruction Fuzzy Hash: 3F315731501249EBDB21CF55DD40A9E7FBCEB843A5F20407AFA05A6190D3789F81DBA9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403043, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 108fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 685 403043-40306c GetTickCount 686 403072-40309d call 4031f1 SetFilePointer 685->686 687 4031ad-4031b5 call 402bd3 685->687 693 4030a2-4030b4 686->693 692 4031b7-4031bc 687->692 694 4030b6 693->694 695 4030b8-4030c6 call 4031bf 693->695 694->695 698 4030cc-4030d8 695->698 699 40319f-4031a2 695->699 700 4030de-4030e4 698->700 699->692 701 4030e6-4030ec 700->701 702 40310f-40312b call 405f82 700->702 701->702 704 4030ee-40310e call 402bd3 701->704 708 4031a8 702->708 709 40312d-403135 702->709 704->702 710 4031aa-4031ab 708->710 711 403137-40314d WriteFile 709->711 712 403169-40316f 709->712 710->692 713 4031a4-4031a6 711->713 714 40314f-403153 711->714 712->708 715 403171-403173 712->715 713->710 714->713 716 403155-403161 714->716 715->708 717 403175-403188 715->717 716->700 718 403167 716->718 717->693 719 40318e-40319d SetFilePointer 717->719 718->717 719->687
                                    C-Code - Quality: 94%
                                    			E00403043(intOrPtr _a4) {
				long _v4;
				void* __ecx;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t16;
				void* _t17;
				long _t18;
				int _t21;
				intOrPtr _t22;
				intOrPtr _t34;
				long _t35;
				intOrPtr _t37;
				void* _t39;
				long _t40;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t53;

				_t35 =  *0x417044; // 0x653b35
				_t37 = _t35 -  *0x40afb0 + _a4;
				 *0x423eac = GetTickCount() + 0x1f4;
				if(_t37 <= 0) {
					L23:
					E00402BD3(1);
					return 0;
				}
				E004031F1( *0x41f054);
				SetFilePointer( *0x409018,  *0x40afb0, 0, 0); // executed
				 *0x41f050 = _t37;
				 *0x417040 = 0;
				while(1) {
					L2:
					_t12 =  *0x417048; // 0x527122
					_t34 = 0x4000;
					_t13 = _t12 -  *0x41f054;
					if(_t13 <= 0x4000) {
						_t34 = _t13;
					}
					_t14 = E004031BF(0x413040, _t34); // executed
					if(_t14 == 0) {
						break;
					}
					 *0x41f054 =  *0x41f054 + _t34;
					 *0x40afd0 = 0x413040;
					 *0x40afd4 = _t34;
					while(1) {
						_t46 =  *0x423eb0; // 0x676fd0
						if(_t46 != 0) {
							_t47 =  *0x423f40; // 0x0
							if(_t47 == 0) {
								_t22 =  *0x41f050; // 0x2fc52
								 *0x417040 = _t22 -  *0x417044 - _a4 +  *0x40afb0;
								E00402BD3(0);
							}
						}
						 *0x40afd8 = 0x40b040;
						 *0x40afdc = 0x8000; // executed
						_t16 = E00405F82(0x40afb8); // executed
						if(_t16 < 0) {
							break;
						}
						_t39 =  *0x40afd8; // 0x40b729
						_t40 = _t39 - 0x40b040;
						if(_t40 == 0) {
							__eflags =  *0x40afd4; // 0x0
							if(__eflags != 0) {
								break;
							}
							__eflags = _t34;
							if(_t34 == 0) {
								break;
							}
							L17:
							_t18 =  *0x417044; // 0x653b35
							if(_t18 -  *0x40afb0 + _a4 > 0) {
								goto L2;
							}
							SetFilePointer( *0x409018, _t18, 0, 0); // executed
							goto L23;
						}
						_t21 = WriteFile( *0x409018, 0x40b040, _t40,  &_v4, 0); // executed
						if(_t21 == 0 || _t40 != _v4) {
							_push(0xfffffffe);
							L22:
							_pop(_t17);
							return _t17;
						} else {
							 *0x40afb0 =  *0x40afb0 + _t40;
							_t53 =  *0x40afd4; // 0x0
							if(_t53 != 0) {
								continue;
							}
							goto L17;
						}
					}
					_push(0xfffffffd);
					goto L22;
				}
				return _t14 | 0xffffffff;
			}





















                                    0x00403047
                                    0x00403054
                                    0x00403067
                                    0x0040306c
                                    0x004031ad
                                    0x004031af
                                    0x00000000
                                    0x004031b5
                                    0x00403078
                                    0x0040308b
                                    0x00403091
                                    0x00403097
                                    0x004030a2
                                    0x004030a2
                                    0x004030a2
                                    0x004030a7
                                    0x004030ac
                                    0x004030b4
                                    0x004030b6
                                    0x004030b6
                                    0x004030bf
                                    0x004030c6
                                    0x00000000
                                    0x00000000
                                    0x004030cc
                                    0x004030d2
                                    0x004030d8
                                    0x004030de
                                    0x004030de
                                    0x004030e4
                                    0x004030e6
                                    0x004030ec
                                    0x004030ee
                                    0x00403104
                                    0x00403109
                                    0x0040310e
                                    0x004030ec
                                    0x00403114
                                    0x0040311a
                                    0x00403124
                                    0x0040312b
                                    0x00000000
                                    0x00000000
                                    0x0040312d
                                    0x00403133
                                    0x00403135
                                    0x00403169
                                    0x0040316f
                                    0x00000000
                                    0x00000000
                                    0x00403171
                                    0x00403173
                                    0x00000000
                                    0x00000000
                                    0x00403175
                                    0x00403175
                                    0x00403188
                                    0x00000000
                                    0x00000000
                                    0x00403197
                                    0x00000000
                                    0x00403197
                                    0x00403145
                                    0x0040314d
                                    0x004031a4
                                    0x004031aa
                                    0x004031aa
                                    0x00000000
                                    0x00403155
                                    0x00403155
                                    0x0040315b
                                    0x00403161
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00403167
                                    0x0040314d
                                    0x004031a8
                                    0x00000000
                                    0x004031a8
                                    0x00000000

                                    APIs
                                    • GetTickCount.KERNEL32 ref: 00403058
                                      • Part of subcall function 004031F1: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,0000E9E4), ref: 004031FF
                                    • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?,?,00402EC4,000000FF,00000000), ref: 0040308B
                                    • WriteFile.KERNELBASE(0040B040,0040B729,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403145
                                    • SetFilePointer.KERNELBASE(00653B35,00000000,00000000,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000,00000000,?,?), ref: 00403197
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: File$Pointer$CountTickWrite
                                    • String ID: "qR$5;e$@0A
                                    • API String ID: 2146148272-3372686330
                                    • Opcode ID: 2d56d82600b3f5df3c78828dba8606990429b5df5c6eae6ec82e8be78dfd61ee
                                    • Instruction ID: c862c83604f3b109b9ae356e59bf9e99270c6d64ee518f880403d0392c1b0dc8
                                    • Opcode Fuzzy Hash: 2d56d82600b3f5df3c78828dba8606990429b5df5c6eae6ec82e8be78dfd61ee
                                    • Instruction Fuzzy Hash: 4B41ABB25042029FD710CF29EE4096A7FBDF748356705423BE501BA2E1CB3C6E099B9E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040267C, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    C-Code - Quality: 93%
                                    			E0040267C(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				void* _t33;
				void* _t37;
				long _t41;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *(_t58 - 8) = 0xfffffd66;
				_t52 = E004029F6(0xfffffff0);
				 *(_t58 - 0x44) = _t24;
				if(E004056C6(_t52) == 0) {
					E004029F6(0xffffffed);
				}
				E0040581E(_t52);
				_t27 = E0040583D(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423eb4; // 0xea00
					 *(_t58 - 0x2c) = _t32;
					_t33 = GlobalAlloc(0x40, _t32); // executed
					_t51 = _t33;
					if(_t51 != _t47) {
						E004031F1(_t47);
						E004031BF(_t51,  *(_t58 - 0x2c)); // executed
						_t37 = GlobalAlloc(0x40,  *(_t58 - 0x1c)); // executed
						_t56 = _t37;
						 *(_t58 - 0x30) = _t56;
						if(_t56 != _t47) {
							E00402F18(_t49,  *((intOrPtr*)(_t58 - 0x20)), _t47, _t56,  *(_t58 - 0x1c)); // executed
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x38) =  *_t56;
								E004057FE( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x38);
							}
							GlobalFree( *(_t58 - 0x30));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x2c), _t58 - 8, _t47); // executed
						GlobalFree(_t51); // executed
						_t41 = E00402F18(_t49, 0xffffffff,  *(_t58 + 8), _t47, _t47); // executed
						 *(_t58 - 8) = _t41;
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *(_t58 - 8) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x44));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}














                                    0x0040267c
                                    0x0040267e
                                    0x0040268a
                                    0x0040268d
                                    0x00402697
                                    0x0040269b
                                    0x0040269b
                                    0x004026a1
                                    0x004026ae
                                    0x004026b6
                                    0x004026b9
                                    0x004026bf
                                    0x004026cd
                                    0x004026d0
                                    0x004026d2
                                    0x004026d6
                                    0x004026d9
                                    0x004026e2
                                    0x004026ec
                                    0x004026ee
                                    0x004026f2
                                    0x004026f5
                                    0x004026ff
                                    0x0040271e
                                    0x00402706
                                    0x0040270b
                                    0x00402713
                                    0x00402716
                                    0x0040271b
                                    0x0040271b
                                    0x00402725
                                    0x00402725
                                    0x00402737
                                    0x0040273e
                                    0x0040274b
                                    0x00402750
                                    0x00402750
                                    0x00402756
                                    0x00402756
                                    0x00402761
                                    0x00402762
                                    0x00402766
                                    0x0040276a
                                    0x00402770
                                    0x00402770
                                    0x00402777
                                    0x00402164
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • GlobalAlloc.KERNELBASE(00000040,0000EA00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                    • GlobalAlloc.KERNELBASE(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                    • GlobalFree.KERNEL32 ref: 00402725
                                    • WriteFile.KERNELBASE(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                    • GlobalFree.KERNEL32 ref: 0040273E
                                    • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                    • String ID:
                                    • API String ID: 3294113728-0
                                    • Opcode ID: a3b63d379b6164846a5749b4daa30d91fd7fc09e5761b43eced119004dd52135
                                    • Instruction ID: 719c612f4f238206e278f6e296a81204df483451b361404a9b6a09c3536a307a
                                    • Opcode Fuzzy Hash: a3b63d379b6164846a5749b4daa30d91fd7fc09e5761b43eced119004dd52135
                                    • Instruction Fuzzy Hash: F831AD71C00128BBDF216FA4CD89DAE7E79EF08364F10423AF920772E0C6795D419BA8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401F51, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73libraryloaderCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 753 401f51-401f5d 754 401f63-401f79 call 4029f6 * 2 753->754 755 402019-40201b 753->755 765 401f88-401f96 LoadLibraryExA 754->765 766 401f7b-401f86 GetModuleHandleA 754->766 757 402164-402169 call 401423 755->757 763 40288b-40289a 757->763 768 401f98-401fa6 GetProcAddress 765->768 769 402012-402014 765->769 766->765 766->768 770 401fe5-401fea call 404f04 768->770 771 401fa8-401fae 768->771 769->757 775 401fef-401ff2 770->775 773 401fb0-401fbc call 401423 771->773 774 401fc7-401fe3 KiUserCallbackDispatcher 771->774 773->775 782 401fbe-401fc5 773->782 774->775 775->763 777 401ff8-402000 call 40364f 775->777 777->763 783 402006-40200d FreeLibrary 777->783 782->775 783->763
                                    C-Code - Quality: 60%
                                    			E00401F51(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423f58");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423f28 =  *0x423f28 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E004029F6(0xfffffff0);
				 *(_t34 + 8) = E004029F6(1);
				if( *((intOrPtr*)(_t34 - 0x14)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404F04(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x1c)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 0x34)), 0x400, 0x424000, 0x40af70, " ?B"); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x1c)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x18)) == _t27 && E0040364F(_t30) != 0) {
						FreeLibrary(_t30); // executed
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                    0x00401f51
                                    0x00401f51
                                    0x00401f56
                                    0x00401f5d
                                    0x00402019
                                    0x00402164
                                    0x00402164
                                    0x0040288b
                                    0x0040288e
                                    0x0040289a
                                    0x0040289a
                                    0x00401f6c
                                    0x00401f76
                                    0x00401f79
                                    0x00401f88
                                    0x00401f8c
                                    0x00401f92
                                    0x00401f96
                                    0x00402012
                                    0x00000000
                                    0x00402012
                                    0x00401f98
                                    0x00401fa2
                                    0x00401fa6
                                    0x00401fea
                                    0x00401fa8
                                    0x00401fab
                                    0x00401fae
                                    0x00401fde
                                    0x00401fb0
                                    0x00401fb3
                                    0x00401fbc
                                    0x00401fbe
                                    0x00401fbe
                                    0x00401fbc
                                    0x00401fae
                                    0x00401ff2
                                    0x00402007
                                    0x00402007
                                    0x00000000
                                    0x00401ff2
                                    0x00401f7c
                                    0x00401f82
                                    0x00401f86
                                    0x00000000
                                    0x00000000
                                    0x00000000

                                    APIs
                                    • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401F7C
                                    • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                    • KiUserCallbackDispatcher.NTDLL(?,00000400,00424000,0040AF70, ?B,?,00000008,00000001,000000F0), ref: 00401FDE
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00402C4A,00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000), ref: 00404F60
                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\), ref: 00404F72
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                    • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$Librarylstrlen$AddressCallbackDispatcherFreeHandleLoadModuleProcTextUserWindowlstrcat
                                    • String ID: ?B
                                    • API String ID: 4236411475-117478770
                                    • Opcode ID: a57e8c0769ea844e22e0c1e1f0cba5f5542df926a794c83fcda134ba5213478a
                                    • Instruction ID: 83c29b7dad20212888764ed045f323035a642c1bbb84e8da84d377f5f563bf0e
                                    • Opcode Fuzzy Hash: a57e8c0769ea844e22e0c1e1f0cba5f5542df926a794c83fcda134ba5213478a
                                    • Instruction Fuzzy Hash: D621EE72D04216EBCF207FA4DE49A6E75B06B44399F204237F511B52E0D77C4D41965E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402303, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 784 402303-402349 call 402aeb call 4029f6 * 2 RegCreateKeyExA 791 40288b-40289a 784->791 792 40234f-402357 784->792 794 402367-40236a 792->794 795 402359-402366 call 4029f6 lstrlenA 792->795 798 40237a-40237d 794->798 799 40236c-402379 call 4029d9 794->799 795->794 802 40238e-4023a2 RegSetValueExA 798->802 803 40237f-402389 call 402f18 798->803 799->798 806 4023a4 802->806 807 4023a7-402483 RegCloseKey 802->807 803->802 806->807 807->791
                                    C-Code - Quality: 90%
                                    			E00402303(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				long _t22;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402AEB(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x14));
				 *(_t37 - 0x30) =  *(_t37 - 0x10);
				 *(_t37 - 0x44) = E004029F6(2);
				_t18 = E004029F6(0x11);
				_t30 =  *0x423f50; // 0x0
				_t31 = _t30 | 0x00000002;
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27); // executed
				if(_t19 == 0) {
					if(_t35 == 1) {
						E004029F6(0x23);
						_t19 = lstrlenA(0x40a370) + 1;
					}
					if(_t35 == 4) {
						_t24 = E004029D9(3);
						 *0x40a370 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402F18(_t31,  *((intOrPtr*)(_t37 - 0x18)), _t27, 0x40a370, 0xc00);
					}
					_t22 = RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x44), _t27,  *(_t37 - 0x30), 0x40a370, _t19); // executed
					if(_t22 == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423f28 =  *0x423f28 +  *(_t37 - 4);
				return 0;
			}












                                    0x00402304
                                    0x00402309
                                    0x00402313
                                    0x0040231d
                                    0x00402320
                                    0x0040232a
                                    0x00402330
                                    0x0040233a
                                    0x00402341
                                    0x00402349
                                    0x00402357
                                    0x0040235b
                                    0x00402366
                                    0x00402366
                                    0x0040236a
                                    0x0040236e
                                    0x00402374
                                    0x00402379
                                    0x00402379
                                    0x0040237d
                                    0x00402389
                                    0x00402389
                                    0x0040239a
                                    0x004023a2
                                    0x004023a4
                                    0x004023a4
                                    0x004023a7
                                    0x0040247d
                                    0x0040247d
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402341
                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402361
                                    • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040239A
                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040247D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CloseCreateValuelstrlen
                                    • String ID: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp
                                    • API String ID: 1356686001-2125483276
                                    • Opcode ID: a542455d9f9526f25a51f1532c83397ec4fb85749294bc37414485deefa1f1b8
                                    • Instruction ID: d7b132d9018d44432a73f3315d2b91b6aa1600c7a927e9fa70905f900517fa5a
                                    • Opcode Fuzzy Hash: a542455d9f9526f25a51f1532c83397ec4fb85749294bc37414485deefa1f1b8
                                    • Instruction Fuzzy Hash: BA1160B1E00209BFEB10AFA0DE49EAF767CFB54398F10413AF905B61D0D7B85D019669
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004015B3, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 85%
                                    			E004015B3(struct _SECURITY_ATTRIBUTES* __ebx) {
				struct _SECURITY_ATTRIBUTES** _t10;
				int _t19;
				struct _SECURITY_ATTRIBUTES* _t20;
				signed char _t22;
				struct _SECURITY_ATTRIBUTES* _t23;
				CHAR* _t25;
				struct _SECURITY_ATTRIBUTES** _t29;
				void* _t30;

				_t23 = __ebx;
				_t25 = E004029F6(0xfffffff0);
				_t10 = E004056ED(_t25);
				_t27 = _t10;
				if(_t10 != __ebx) {
					do {
						_t29 = E00405684(_t27, 0x5c);
						 *_t29 = _t23;
						 *((char*)(_t30 + 0xb)) =  *_t29;
						_t19 = CreateDirectoryA(_t25, _t23); // executed
						if(_t19 == 0) {
							if(GetLastError() != 0xb7) {
								L4:
								 *((intOrPtr*)(_t30 - 4)) =  *((intOrPtr*)(_t30 - 4)) + 1;
							} else {
								_t22 = GetFileAttributesA(_t25); // executed
								if((_t22 & 0x00000010) == 0) {
									goto L4;
								}
							}
						}
						_t20 =  *((intOrPtr*)(_t30 + 0xb));
						 *_t29 = _t20;
						_t27 =  &(_t29[0]);
					} while (_t20 != _t23);
				}
				if( *((intOrPtr*)(_t30 - 0x20)) == _t23) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B66("C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver", _t25);
					SetCurrentDirectoryA(_t25); // executed
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}











                                    0x004015b3
                                    0x004015ba
                                    0x004015bd
                                    0x004015c2
                                    0x004015c6
                                    0x004015c8
                                    0x004015d0
                                    0x004015d6
                                    0x004015d8
                                    0x004015db
                                    0x004015e3
                                    0x004015f0
                                    0x004015fd
                                    0x004015fd
                                    0x004015f2
                                    0x004015f3
                                    0x004015fb
                                    0x00000000
                                    0x00000000
                                    0x004015fb
                                    0x004015f0
                                    0x00401600
                                    0x00401603
                                    0x00401605
                                    0x00401606
                                    0x004015c8
                                    0x0040160d
                                    0x0040162d
                                    0x00402164
                                    0x0040160f
                                    0x00401611
                                    0x0040161c
                                    0x00401622
                                    0x00401622
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                      • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,C:\,00000000,00405751,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,73BCF560), ref: 004056FB
                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                    • CreateDirectoryA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                    • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                    • GetFileAttributesA.KERNELBASE(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                    • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files (x86)\Code Laboratories\CL-Eye Driver,00000000,00000000,000000F0), ref: 00401622
                                    Strings
                                    • C:\Program Files (x86)\Code Laboratories\CL-Eye Driver, xrefs: 00401617
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                    • String ID: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver
                                    • API String ID: 3751793516-1878831446
                                    • Opcode ID: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                    • Instruction ID: c38907cd9fbddcdb820990ab727de55d75fa8bca08f123d111df4852c942a759
                                    • Opcode Fuzzy Hash: 79158bb1b9e0f9446a8291b1140989ad94052719e68ebd3d846b01836d69eb3e
                                    • Instruction Fuzzy Hash: 7E010431D08141AFDB216F751D4497F27B0AA56369728073FF891B22E2C63C0942962E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040586C, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040586C(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                    0x00405870
                                    0x00405876
                                    0x00405877
                                    0x00405877
                                    0x00405878
                                    0x0040587f
                                    0x00405889
                                    0x00405896
                                    0x00405899
                                    0x004058a1
                                    0x00000000
                                    0x00000000
                                    0x004058a5
                                    0x00000000
                                    0x00000000
                                    0x004058a7
                                    0x00000000
                                    0x004058a7
                                    0x00000000

                                    APIs
                                    • GetTickCount.KERNEL32 ref: 0040587F
                                    • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 00405899
                                    Strings
                                    • nsa, xrefs: 00405878
                                    • "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install, xrefs: 00405873
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 0040586C, 0040586F
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CountFileNameTempTick
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install$C:\Users\user\AppData\Local\Temp\$nsa
                                    • API String ID: 1716503409-2308537698
                                    • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                    • Instruction ID: 7bdb262dbebad2fb51735791196b4a750b565e3ebaa120aaaad2cbe3184e43fd
                                    • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                    • Instruction Fuzzy Hash: B1F0A73734820876E7105E55DC04B9B7F9DDF91760F14C027FE44DA1C0D6B49954C7A5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402A36, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 84%
                                    			E00402A36(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423f50; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8); // executed
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A36(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405E88(2);
					if(_t27 == 0) {
						__eflags =  *0x423f50; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423f50, 0);
				}
				return _t18;
			}










                                    0x00402a46
                                    0x00402a57
                                    0x00402a5f
                                    0x00402a87
                                    0x00402a6e
                                    0x00402a71
                                    0x00402ac1
                                    0x00402ac7
                                    0x00402ac9
                                    0x00000000
                                    0x00402ac9
                                    0x00402a7e
                                    0x00402a83
                                    0x00402a85
                                    0x00000000
                                    0x00000000
                                    0x00402a85
                                    0x00402a9c
                                    0x00402aa4
                                    0x00402aab
                                    0x00402ad1
                                    0x00402ad7
                                    0x00000000
                                    0x00000000
                                    0x00402adf
                                    0x00402ae5
                                    0x00402ae7
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00402ae7
                                    0x00000000
                                    0x00402aba
                                    0x00402ace

                                    APIs
                                    • RegOpenKeyExA.KERNELBASE(?,?,00000000,00000000,?), ref: 00402A57
                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                    • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                    • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Close$DeleteEnumOpen
                                    • String ID:
                                    • API String ID: 1912718029-0
                                    • Opcode ID: 72afb8cb533f2fe791e78f417861fb03d0db66ec5a0e4b139ed5fdb4cbcd1b28
                                    • Instruction ID: 3ec7b1818cbfc33efeafaf7017db19c7c479205e5d6f4ff66fb244667a93d6f3
                                    • Opcode Fuzzy Hash: 72afb8cb533f2fe791e78f417861fb03d0db66ec5a0e4b139ed5fdb4cbcd1b28
                                    • Instruction Fuzzy Hash: 93112971A00009FFDF319F90DE49EAF7B7DEB44385B104436F905A10A0DBB59E51AE69
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401CC1, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00401CC1(int __edx) {
				long _t16;
				void* _t17;
				int _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 0x34), __edx);
				GetClientRect(_t25, _t27 - 0x40);
				_t16 = LoadImageA(_t21, E004029F6(_t21), _t21,  *(_t27 - 0x38) *  *(_t27 - 0x1c),  *(_t27 - 0x34) *  *(_t27 - 0x1c), 0x10); // executed
				_t17 = SendMessageA(_t25, 0x172, _t21, _t16); // executed
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}








                                    0x00401ccb
                                    0x00401cd2
                                    0x00401cf3
                                    0x00401d01
                                    0x00401d09
                                    0x00401d10
                                    0x00401d10
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • GetDlgItem.USER32 ref: 00401CC5
                                    • GetClientRect.USER32 ref: 00401CD2
                                    • LoadImageA.USER32 ref: 00401CF3
                                    • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                    • DeleteObject.GDI32(00000000), ref: 00401D10
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                    • String ID:
                                    • API String ID: 1849352358-0
                                    • Opcode ID: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                    • Instruction ID: de7316f9b9f1bcc3f0c1dff9ae5dc63c91f1472c52c052d8cf8a0da7f27950be
                                    • Opcode Fuzzy Hash: 70cca8153c69b2e132429069c22b9ddf05dbb7ba62a9a7cfa9b79a9bcebcea9b
                                    • Instruction Fuzzy Hash: D5F01DB2E04105BFD700EFA4EE89DAFB7BDEB44345B104576F602F2190C6789D018B69
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402020, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134comCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 74%
                                    			E00402020() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				short* _t99;
				void* _t100;

				 *(_t100 - 0x30) = E004029F6(0xfffffff0);
				_t96 = E004029F6(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x2c)) = E004029F6(2);
				 *((intOrPtr*)(_t100 - 8)) = E004029F6(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x44)) = E004029F6(0x45);
				if(E004056C6(_t96) == 0) {
					E004029F6(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407384, _t75, 1, 0x407374, _t44); // executed
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407394, _t100 - 0x34);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver");
						_t81 =  *(_t100 - 0x14);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x14);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 8)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 8)),  *(_t100 - 0x14) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x2c)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x44)));
						if(_t95 >= _t75) {
							_t99 = L"C:\\Users\\Public\\Desktop\\CL-Eye Test.lnk";
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, _t99, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 0x34));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, _t99, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 0x34));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}






















                                    0x00402029
                                    0x00402033
                                    0x0040203c
                                    0x00402046
                                    0x0040204f
                                    0x00402059
                                    0x0040205d
                                    0x0040205d
                                    0x00402062
                                    0x00402073
                                    0x0040207b
                                    0x0040215b
                                    0x0040215b
                                    0x00402162
                                    0x00402081
                                    0x00402081
                                    0x00402092
                                    0x00402096
                                    0x0040209c
                                    0x004020a6
                                    0x004020a8
                                    0x004020b3
                                    0x004020b6
                                    0x004020c3
                                    0x004020c5
                                    0x004020c7
                                    0x004020ce
                                    0x004020d1
                                    0x004020d1
                                    0x004020d4
                                    0x004020de
                                    0x004020e6
                                    0x004020eb
                                    0x004020f7
                                    0x004020f7
                                    0x004020fa
                                    0x00402103
                                    0x00402106
                                    0x0040210f
                                    0x00402114
                                    0x00402116
                                    0x00402126
                                    0x00402135
                                    0x00402137
                                    0x00402143
                                    0x00402143
                                    0x00402135
                                    0x00402145
                                    0x0040214b
                                    0x0040214b
                                    0x0040214e
                                    0x00402154
                                    0x00402159
                                    0x0040216e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00402159
                                    0x00402164
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,C:\Users\Public\Desktop\CL-Eye Test.lnk,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ByteCharCreateInstanceMultiWide
                                    • String ID: C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$C:\Users\Public\Desktop\CL-Eye Test.lnk
                                    • API String ID: 123533781-1765080787
                                    • Opcode ID: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                    • Instruction ID: 0b92ce9401c32f92a97655b67b17bc3e2e7042a2ba93bb40bff56c30807ccd12
                                    • Opcode Fuzzy Hash: 20f8b56c3263d051d76756f701b26ac218ff209cd135641c8178b13e20f06e8d
                                    • Instruction Fuzzy Hash: 94418E75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401BAD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 51%
                                    			E00401BAD() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 0x34) = E004029D9(3);
				 *(_t55 + 8) = E004029D9(4);
				if(( *(_t55 - 0x10) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x34)) = E004029F6(0x33);
				}
				__eflags =  *(_t55 - 0x10) & 0x00000002;
				if(( *(_t55 - 0x10) & 0x00000002) != 0) {
					 *(_t55 + 8) = E004029F6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E004029F6();
					_t28 = E004029F6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 0x34),  *(_t55 + 8), _t31,  ~( *_t28) & _t28); // executed
					goto L10;
				} else {
					_t52 = E004029D9();
					_t37 = E004029D9();
					_t48 =  *(_t55 - 0x10) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8)); // executed
						L10:
						 *(_t55 - 8) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 0x34),  *(_t55 + 8), _t42, _t48, _t55 - 8);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x24)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x24)) >= _t42) {
					_push( *(_t55 - 8));
					E00405AC4();
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                    0x00401bb6
                                    0x00401bc2
                                    0x00401bc5
                                    0x00401bce
                                    0x00401bce
                                    0x00401bd1
                                    0x00401bd5
                                    0x00401bde
                                    0x00401bde
                                    0x00401be1
                                    0x00401be5
                                    0x00401be7
                                    0x00401c34
                                    0x00401c36
                                    0x00401c3f
                                    0x00401c47
                                    0x00401c4a
                                    0x00401c4a
                                    0x00401c53
                                    0x00000000
                                    0x00401be9
                                    0x00401bf0
                                    0x00401bf2
                                    0x00401bfa
                                    0x00401bfd
                                    0x00401c25
                                    0x00401c59
                                    0x00401c59
                                    0x00401bff
                                    0x00401c0d
                                    0x00401c15
                                    0x00401c18
                                    0x00401c18
                                    0x00401bfd
                                    0x00401c5c
                                    0x00401c5f
                                    0x00401c65
                                    0x00402833
                                    0x00402833
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                    • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$Timeout
                                    • String ID: !
                                    • API String ID: 1777923405-2657877971
                                    • Opcode ID: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                    • Instruction ID: 67abd366a37910a3fb0c7fe19d632a25016d3899897cc5a5bd850e91adcb6683
                                    • Opcode Fuzzy Hash: 4c88f05d798f5705ce1e1e18451d2fcf653d7f56610e9d44bad61831beeb824c
                                    • Instruction Fuzzy Hash: B721C4B1A44209BFEF01AFB4CE4AAAE7B75EF44344F14053EF602B60D1D6B84980E718
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040573A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 53%
                                    			E0040573A(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				void* _t22;

				E00405B66(0x4218a8, _a4);
				_t21 = E004056ED(0x4218a8);
				if(_t21 != 0) {
					E00405DC8(_t21);
					if(( *0x423eb8 & 0x00000080) == 0) {
						L5:
						_t22 = _t21 - 0x4218a8;
						while(1) {
							_t11 = lstrlenA(0x4218a8);
							_push(0x4218a8);
							if(_t11 <= _t22) {
								break;
							}
							_t12 = E00405E61();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E004056A0(0x4218a8);
								continue;
							} else {
								goto L1;
							}
						}
						E00405659();
						_t16 = GetFileAttributesA(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                    0x00405746
                                    0x00405751
                                    0x00405755
                                    0x0040575c
                                    0x00405768
                                    0x00405774
                                    0x00405774
                                    0x0040578c
                                    0x0040578d
                                    0x00405794
                                    0x00405795
                                    0x00000000
                                    0x00000000
                                    0x00405778
                                    0x0040577f
                                    0x00405787
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040577f
                                    0x00405797
                                    0x0040579d
                                    0x00000000
                                    0x004057ab
                                    0x0040576a
                                    0x0040576e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040576e
                                    0x00405757
                                    0x00000000

                                    APIs
                                      • Part of subcall function 00405B66: lstrcpynA.KERNEL32(?,?,00000400,004032AA,CL-Eye Driver Setup,NSIS Error), ref: 00405B73
                                      • Part of subcall function 004056ED: CharNextA.USER32(0040549F,?,C:\,00000000,00405751,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,73BCF560), ref: 004056FB
                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 00405700
                                      • Part of subcall function 004056ED: CharNextA.USER32(00000000), ref: 0040570F
                                    • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,73BCF560), ref: 0040578D
                                    • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,73BCF560), ref: 0040579D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                    • String ID: C:\
                                    • API String ID: 3248276644-3404278061
                                    • Opcode ID: 716f681fdc2f335f171507b78212e4fdddf35da2e6b413ee0daba6d976a18fc7
                                    • Instruction ID: 7155b9e5202267c574e320c9449d9087b3e4f671a0d42f3ce7b213b6d11f415d
                                    • Opcode Fuzzy Hash: 716f681fdc2f335f171507b78212e4fdddf35da2e6b413ee0daba6d976a18fc7
                                    • Instruction Fuzzy Hash: A1F0F425104D509AC72636395C09EAF1A55CE833A4F48053FF894B32D1CB3C8943EDAE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404FD6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32comCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 44%
                                    			E00404FD6(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x423ec8; // 0x67723c
				_t10 =  *0x423ecc; // 0x3
				__imp__OleInitialize(0);
				 *0x423f58 =  *0x423f58 | __eax;
				E00403F64(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					do {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) == 0) {
							goto L4;
						} else {
							_push(_v0);
							if(E00401389( *_t12) != 0) {
								 *0x423f2c =  *0x423f2c + 1;
							} else {
								goto L4;
							}
						}
						goto L7;
						L4:
						_t12 = _t12 + 0x418;
					} while (_t10 != 0);
				}
				L7:
				E00403F64(0x404); // executed
				__imp__OleUninitialize();
				_t8 =  *0x423f2c; // 0x0
				return _t8;
			}








                                    0x00404fd7
                                    0x00404fde
                                    0x00404fe6
                                    0x00404fec
                                    0x00404ff4
                                    0x00404ffb
                                    0x00404ffd
                                    0x00405000
                                    0x00405000
                                    0x00405005
                                    0x00000000
                                    0x00405007
                                    0x00405007
                                    0x00405014
                                    0x00405022
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405014
                                    0x00000000
                                    0x00405016
                                    0x00405016
                                    0x0040501c
                                    0x00405020
                                    0x00405028
                                    0x0040502d
                                    0x00405032
                                    0x00405038
                                    0x0040503f

                                    APIs
                                    • OleInitialize.OLE32(00000000), ref: 00404FE6
                                      • Part of subcall function 00403F64: SendMessageA.USER32(000B040E,00000000,00000000,00000000), ref: 00403F76
                                    • OleUninitialize.OLE32(00000404,00000000), ref: 00405032
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: InitializeMessageSendUninitialize
                                    • String ID: <rg
                                    • API String ID: 2896919175-485436009
                                    • Opcode ID: 556d00a79d4960ff1ce6e89c465a7e0d9a54ac6e1d471b85b6eeaa2226694139
                                    • Instruction ID: 3b1d1a5f3629fb090bd5a0ea86c798931cabf3c291590e76d9817694e46b8829
                                    • Opcode Fuzzy Hash: 556d00a79d4960ff1ce6e89c465a7e0d9a54ac6e1d471b85b6eeaa2226694139
                                    • Instruction Fuzzy Hash: BEF02477E00201AAD3206F68AD00B1B7774EF88302F06443AFE04722E1C77D89428B9D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403208, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 84%
                                    			E00403208(void* __eflags) {
				void* _t2;
				void* _t5;
				CHAR* _t6;

				_t6 = "C:\\Users\\jones\\AppData\\Local\\Temp\\";
				E00405DC8(_t6);
				_t2 = E004056C6(_t6);
				if(_t2 != 0) {
					E00405659(_t6);
					CreateDirectoryA(_t6, 0); // executed
					_t5 = E0040586C("1033", _t6); // executed
					return _t5;
				} else {
					return _t2;
				}
			}






                                    0x00403209
                                    0x0040320f
                                    0x00403215
                                    0x0040321c
                                    0x00403221
                                    0x00403229
                                    0x00403235
                                    0x0040323b
                                    0x0040321f
                                    0x0040321f
                                    0x0040321f

                                    APIs
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                      • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                    • CreateDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00403229
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Char$Next$CreateDirectoryPrev
                                    • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                    • API String ID: 4115351271-517883005
                                    • Opcode ID: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                    • Instruction ID: 28437e5e833f6c5712a3d87292ca06883de7807d6adf700678bf42288e0e849f
                                    • Opcode Fuzzy Hash: abd89e45c2a658b1316b3d4f01b0b3756ccb9227471bfd75c63f163c6189ffd7
                                    • Instruction Fuzzy Hash: 11D0C922656E3032C651363A3C0AFDF091C8F5271AF55847BF908B40D64B6C5A5259EF
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040361A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E0040361A() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f45c; // 0x0
				_t3 = E004035FF(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8)); // executed
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f45c =  *0x41f45c & 0x00000000;
				return _t3;
			}







                                    0x0040361b
                                    0x00403623
                                    0x0040362a
                                    0x0040362d
                                    0x0040362d
                                    0x0040362f
                                    0x00403634
                                    0x0040363b
                                    0x00403641
                                    0x00403645
                                    0x00403646
                                    0x0040364e

                                    APIs
                                    • FreeLibrary.KERNELBASE(?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,00000000,73BCF560,004035F1,00000000,0040342D,00000000), ref: 00403634
                                    • GlobalFree.KERNEL32 ref: 0040363B
                                    Strings
                                    • "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install, xrefs: 0040362C
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Free$GlobalLibrary
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install
                                    • API String ID: 1100898210-1890958195
                                    • Opcode ID: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                    • Instruction ID: 07f203a12dc211ea1540440f4769086933c1ddaa55d0411da1bb29b7fd771b51
                                    • Opcode Fuzzy Hash: 594683390acbace1feb38ee5af495b240e475f157c4d409b541952378f73dbd9
                                    • Instruction Fuzzy Hash: 8FE08C32804420ABC6216F55EC0579A7768AB48B22F028536E900BB3A083743C464BDC
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406566, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 99%
                                    			E00406566() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M004069D4))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                    0x00406566
                                    0x00406566
                                    0x00406566
                                    0x00406566
                                    0x0040656c
                                    0x00406570
                                    0x00406574
                                    0x0040657e
                                    0x0040658c
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x00000000
                                    0x00000000
                                    0x0040689f
                                    0x004068a8
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068f6
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x0040689d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004068f8
                                    0x004068f8
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x004069ad
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x0040687b
                                    0x00406881
                                    0x00406888
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00000000
                                    0x00406893
                                    0x004068fd
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00406819
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcb
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd5
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406030
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607a
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a4
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060ea
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x004069a1
                                    0x00000000
                                    0x004069a1
                                    0x004067f8
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x00000000
                                    0x004061be
                                    0x00406138
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x004063d0
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x00000000
                                    0x00000000
                                    0x0040647d
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x00406509
                                    0x004064f4
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x00000000
                                    0x00000000
                                    0x00406767
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040676d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x0040686f
                                    0x0040682a
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406915
                                    0x00406918
                                    0x00406819
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x0040681f
                                    0x00000000
                                    0x0040654f
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x0040686f
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406594
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x0040662d
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00406819
                                    0x00406899
                                    0x00406862

                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                    • Instruction ID: 319d18918fa2cc3741333e20ed782d5c303dd2f769888eebbc994f2124d7c2e6
                                    • Opcode Fuzzy Hash: b47bfdafb4299acf6df14b1a265fb959f908a42d38d0bc6d60d6342fbb02c28f
                                    • Instruction Fuzzy Hash: 29A15171E00229CBDF28CFA8C8547ADBBB1FF44305F15812AD856BB281D7789A96DF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00406767, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00406767() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                    0x00000000
                                    0x00406767
                                    0x00406767
                                    0x0040676b
                                    0x00406790
                                    0x0040679a
                                    0x00000000
                                    0x0040676d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x0040677a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x0040685b
                                    0x0040685b
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00406819
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x00000000
                                    0x004069a1
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x00000000
                                    0x004061be
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x00000000
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x00406509
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x00000000
                                    0x00406854
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00000000
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x004069b7
                                    0x004069bd
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00406819
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x004068f6
                                    0x00000000
                                    0x0040676b

                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                    • Instruction ID: 868f2ec1f3ea74d7de1394d818727f69d5aca31e92bf34b5737afca42cfaef71
                                    • Opcode Fuzzy Hash: d0b545a720d06a2780d8eb9310de1c164ea8e259f40aa19cdef3f662a7789f4d
                                    • Instruction Fuzzy Hash: 6E913171D00229CBEF28CF98C8547ADBBB1FF44305F15812AD856BB281C7789A9ADF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040647D, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E0040647D() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M004069D4))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                    0x00000000
                                    0x0040647d
                                    0x0040647d
                                    0x00406481
                                    0x00406538
                                    0x0040653b
                                    0x00406547
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x0040679d
                                    0x0040679d
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x004067ee
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x00000000
                                    0x004069a1
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00000000
                                    0x00406810
                                    0x00406487
                                    0x0040648b
                                    0x004069cc
                                    0x004069cc
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x00406491
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x00000000
                                    0x004069c8
                                    0x004064ab
                                    0x004064ae
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x004064df
                                    0x004064df
                                    0x004064df
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x00000000
                                    0x004061be
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x00406509
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x00000000
                                    0x0040679a
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00000000
                                    0x0040690d
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x00000000
                                    0x00406762
                                    0x00406760
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4

                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                    • Instruction ID: e06b97397237a54a8f7c6fae7a0c48c933f493286525731b7b3672fa0d973436
                                    • Opcode Fuzzy Hash: 3ca4e82cbd918d9bc6f131d9bc7fd5d61b9600368ad5a57dd77e762cc9babb20
                                    • Instruction Fuzzy Hash: 678155B1D00229CFDF24CFA8C8447ADBBB1FB44305F25816AD456BB281D7789A96CF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405F82, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00405F82(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M004069D4))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                    0x00405f92
                                    0x00405f99
                                    0x00405f9f
                                    0x00405fa5
                                    0x00000000
                                    0x00405fa9
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcb
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe0
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602b
                                    0x0040602e
                                    0x00406056
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406030
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x00406048
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x0040609f
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a4
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c1
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406107
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067af
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067e5
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x00000000
                                    0x004069a1
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x0040680d
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x00000000
                                    0x004061be
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x004061a1
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x00000000
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x00406509
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x00000000
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x00406819
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x004069b7
                                    0x004069bd
                                    0x004069bf
                                    0x004069c6
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000

                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                    • Instruction ID: 3ccfc7c80e99de65fa6db0e0edc8679980b1d0ea62cd2807200041591328ae3c
                                    • Opcode Fuzzy Hash: c94337aa44be19872a05e7fe324c1f72408cb83bc4afcb37e89916e28dd5cdb7
                                    • Instruction Fuzzy Hash: D98187B1D00229CBDF24CFA8C8447AEBBB1FB44305F11816AD856BB2C1C7785A96CF44
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004063D0, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E004063D0() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                    0x00000000
                                    0x004063d0
                                    0x004063d0
                                    0x004063d4
                                    0x004063f5
                                    0x004063fc
                                    0x00406402
                                    0x00406408
                                    0x0040641a
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x004063d6
                                    0x004063dc
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x004067a0
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00406819
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x0040681f
                                    0x00406819
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00406819
                                    0x004067a0
                                    0x0040679d
                                    0x00000000
                                    0x004063d4

                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                    • Instruction ID: 235c9a1f152390887c8e3346b3cf8cf745e7d176c25095dba4735a56a8f4339d
                                    • Opcode Fuzzy Hash: 040a7e0d789931a885e98904e34fb369bef72c7c312577bd0d6f252efd828c84
                                    • Instruction Fuzzy Hash: 80714371D00229CBDF28CFA8C8447ADBBF1FB48305F15806AD846BB281D7395A96DF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004064EE, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E004064EE() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                    0x00000000
                                    0x004064ee
                                    0x004064ee
                                    0x004064f2
                                    0x004064ff
                                    0x00406509
                                    0x00000000
                                    0x004064f4
                                    0x004064f4
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00406428
                                    0x0040642b
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x004067a0
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x0040643a
                                    0x0040643e
                                    0x00406461
                                    0x00406464
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406440
                                    0x00406443
                                    0x00406446
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x00406459
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x0040679d
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00406819
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x0040681f
                                    0x00406819
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00406819
                                    0x004067a0
                                    0x0040679d
                                    0x00000000
                                    0x004064f2

                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                    • Instruction ID: 067b91939e33353516387f96afd3df60e22fb0a2a23546be1218d687de4ca84d
                                    • Opcode Fuzzy Hash: 55b1e8378e3b2d282ecc9e99db2cbf184c75cfe722202a43e2005f386b139382
                                    • Instruction Fuzzy Hash: 14715371E00229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7799996DF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040643A, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E0040643A() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M004069D4))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                    0x00000000
                                    0x0040643a
                                    0x0040643a
                                    0x0040643e
                                    0x00406467
                                    0x00406471
                                    0x00406440
                                    0x00406449
                                    0x00406456
                                    0x00406459
                                    0x0040679d
                                    0x0040679d
                                    0x004067a0
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x004067ee
                                    0x004067f2
                                    0x004069a1
                                    0x004069b7
                                    0x004069bf
                                    0x004069c6
                                    0x004069c8
                                    0x004069cf
                                    0x004069d3
                                    0x004069d3
                                    0x004067fe
                                    0x00406805
                                    0x0040680d
                                    0x00406810
                                    0x00406813
                                    0x00406813
                                    0x00406819
                                    0x00406819
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fb5
                                    0x00405fbe
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x00000000
                                    0x00405fcf
                                    0x00000000
                                    0x00000000
                                    0x00405fd8
                                    0x00405fdb
                                    0x00405fde
                                    0x00405fe2
                                    0x00000000
                                    0x00000000
                                    0x00405fe8
                                    0x00405feb
                                    0x00405fed
                                    0x00405fee
                                    0x00405ff1
                                    0x00405ff3
                                    0x00405ff4
                                    0x00405ff6
                                    0x00405ff9
                                    0x00405ffe
                                    0x00406003
                                    0x0040600c
                                    0x0040601f
                                    0x00406022
                                    0x0040602e
                                    0x00406056
                                    0x00406058
                                    0x00406066
                                    0x00406066
                                    0x0040606a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040605a
                                    0x0040605a
                                    0x0040605d
                                    0x0040605e
                                    0x0040605e
                                    0x00000000
                                    0x0040605a
                                    0x00406034
                                    0x00406039
                                    0x00406039
                                    0x00406042
                                    0x0040604a
                                    0x0040604d
                                    0x00000000
                                    0x00406053
                                    0x00406053
                                    0x00000000
                                    0x00406053
                                    0x00000000
                                    0x00406070
                                    0x00406070
                                    0x00406074
                                    0x00406920
                                    0x00000000
                                    0x00406920
                                    0x0040607d
                                    0x0040608d
                                    0x00406090
                                    0x00406093
                                    0x00406093
                                    0x00406093
                                    0x00406096
                                    0x0040609a
                                    0x00000000
                                    0x00000000
                                    0x0040609c
                                    0x004060a2
                                    0x004060cc
                                    0x004060d2
                                    0x004060d9
                                    0x00000000
                                    0x004060d9
                                    0x004060a8
                                    0x004060ab
                                    0x004060b0
                                    0x004060b0
                                    0x004060bb
                                    0x004060c3
                                    0x004060c6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040610b
                                    0x00406111
                                    0x00406114
                                    0x00406121
                                    0x00406129
                                    0x0040679d
                                    0x00000000
                                    0x00000000
                                    0x004060e0
                                    0x004060e0
                                    0x004060e4
                                    0x0040692f
                                    0x00000000
                                    0x0040692f
                                    0x004060f0
                                    0x004060fb
                                    0x004060fb
                                    0x004060fb
                                    0x004060fe
                                    0x00406101
                                    0x00406104
                                    0x00406109
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004067a0
                                    0x004067a0
                                    0x004067a6
                                    0x004067ac
                                    0x004067b2
                                    0x004067cc
                                    0x004067cf
                                    0x004067d5
                                    0x004067e0
                                    0x004067e2
                                    0x004067b4
                                    0x004067b4
                                    0x004067c3
                                    0x004067c7
                                    0x004067c7
                                    0x004067ec
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00406131
                                    0x00406133
                                    0x00406136
                                    0x004061a7
                                    0x004061aa
                                    0x004061ad
                                    0x004061b4
                                    0x004061be
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x00406138
                                    0x0040613c
                                    0x0040613f
                                    0x00406141
                                    0x00406144
                                    0x00406147
                                    0x00406149
                                    0x0040614c
                                    0x0040614e
                                    0x00406153
                                    0x00406156
                                    0x00406159
                                    0x0040615d
                                    0x00406164
                                    0x00406167
                                    0x0040616e
                                    0x00406172
                                    0x0040617a
                                    0x0040617a
                                    0x0040617a
                                    0x00406174
                                    0x00406174
                                    0x00406174
                                    0x00406169
                                    0x00406169
                                    0x00406169
                                    0x0040617e
                                    0x00406181
                                    0x0040619f
                                    0x004061a1
                                    0x00000000
                                    0x00406183
                                    0x00406183
                                    0x00406186
                                    0x00406189
                                    0x0040618c
                                    0x0040618e
                                    0x0040618e
                                    0x0040618e
                                    0x00406191
                                    0x00406194
                                    0x00406196
                                    0x00406197
                                    0x0040619a
                                    0x00000000
                                    0x0040619a
                                    0x00000000
                                    0x004063d0
                                    0x004063d4
                                    0x004063f2
                                    0x004063f5
                                    0x004063fc
                                    0x004063ff
                                    0x00406402
                                    0x00406405
                                    0x00406408
                                    0x0040640b
                                    0x0040640d
                                    0x00406414
                                    0x00406415
                                    0x00406417
                                    0x0040641a
                                    0x0040641d
                                    0x00406420
                                    0x00406420
                                    0x00406425
                                    0x00000000
                                    0x00406425
                                    0x004063d6
                                    0x004063d9
                                    0x004063dc
                                    0x004063e6
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040647d
                                    0x00406481
                                    0x00000000
                                    0x00000000
                                    0x00406487
                                    0x0040648b
                                    0x00000000
                                    0x00000000
                                    0x00406491
                                    0x00406493
                                    0x00406497
                                    0x00406497
                                    0x0040649a
                                    0x0040649e
                                    0x00000000
                                    0x00000000
                                    0x004064ee
                                    0x004064f2
                                    0x004064f9
                                    0x004064fc
                                    0x004064ff
                                    0x00406509
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x004064f4
                                    0x00000000
                                    0x00000000
                                    0x00406515
                                    0x00406519
                                    0x00406520
                                    0x00406523
                                    0x00406526
                                    0x0040651b
                                    0x0040651b
                                    0x0040651b
                                    0x00406529
                                    0x0040652c
                                    0x0040652f
                                    0x0040652f
                                    0x00406532
                                    0x00406535
                                    0x00406538
                                    0x00406538
                                    0x0040653b
                                    0x00406542
                                    0x00406547
                                    0x00000000
                                    0x00000000
                                    0x004065d5
                                    0x004065d5
                                    0x004065d9
                                    0x00406977
                                    0x00000000
                                    0x00406977
                                    0x004065df
                                    0x004065e2
                                    0x004065e5
                                    0x004065e9
                                    0x004065ec
                                    0x004065f2
                                    0x004065f4
                                    0x004065f4
                                    0x004065f4
                                    0x004065f7
                                    0x004065fa
                                    0x00000000
                                    0x00000000
                                    0x004061ca
                                    0x004061ca
                                    0x004061ce
                                    0x0040693b
                                    0x00000000
                                    0x0040693b
                                    0x004061d4
                                    0x004061d7
                                    0x004061da
                                    0x004061de
                                    0x004061e1
                                    0x004061e7
                                    0x004061e9
                                    0x004061e9
                                    0x004061e9
                                    0x004061ec
                                    0x004061ef
                                    0x004061ef
                                    0x004061f2
                                    0x004061f5
                                    0x00000000
                                    0x00000000
                                    0x004061fb
                                    0x00406201
                                    0x00000000
                                    0x00000000
                                    0x00406207
                                    0x00406207
                                    0x0040620b
                                    0x0040620e
                                    0x00406211
                                    0x00406214
                                    0x00406217
                                    0x00406218
                                    0x0040621b
                                    0x0040621d
                                    0x00406223
                                    0x00406226
                                    0x00406229
                                    0x0040622c
                                    0x0040622f
                                    0x00406232
                                    0x00406235
                                    0x00406251
                                    0x00406254
                                    0x00406257
                                    0x0040625a
                                    0x00406261
                                    0x00406265
                                    0x00406267
                                    0x0040626b
                                    0x00406237
                                    0x00406237
                                    0x0040623b
                                    0x00406243
                                    0x00406248
                                    0x0040624a
                                    0x0040624c
                                    0x0040624c
                                    0x0040626e
                                    0x00406275
                                    0x00406278
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x0040627e
                                    0x00000000
                                    0x00406283
                                    0x00406283
                                    0x00406287
                                    0x00406947
                                    0x00000000
                                    0x00406947
                                    0x0040628d
                                    0x00406290
                                    0x00406293
                                    0x00406297
                                    0x0040629a
                                    0x004062a0
                                    0x004062a2
                                    0x004062a2
                                    0x004062a2
                                    0x004062a5
                                    0x004062a8
                                    0x004062a8
                                    0x004062a8
                                    0x004062ae
                                    0x00000000
                                    0x00000000
                                    0x004062b0
                                    0x004062b3
                                    0x004062b6
                                    0x004062b9
                                    0x004062bc
                                    0x004062bf
                                    0x004062c2
                                    0x004062c5
                                    0x004062c8
                                    0x004062cb
                                    0x004062ce
                                    0x004062e6
                                    0x004062e9
                                    0x004062ec
                                    0x004062ef
                                    0x004062ef
                                    0x004062f2
                                    0x004062f6
                                    0x004062f8
                                    0x004062d0
                                    0x004062d0
                                    0x004062d8
                                    0x004062dd
                                    0x004062df
                                    0x004062e1
                                    0x004062e1
                                    0x004062fb
                                    0x00406302
                                    0x00406305
                                    0x00000000
                                    0x00406307
                                    0x00000000
                                    0x00406307
                                    0x00406305
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x0040630c
                                    0x00000000
                                    0x00000000
                                    0x00406347
                                    0x00406347
                                    0x0040634b
                                    0x00406953
                                    0x00000000
                                    0x00406953
                                    0x00406351
                                    0x00406354
                                    0x00406357
                                    0x0040635b
                                    0x0040635e
                                    0x00406364
                                    0x00406366
                                    0x00406366
                                    0x00406366
                                    0x00406369
                                    0x0040636c
                                    0x0040636c
                                    0x00406372
                                    0x00406310
                                    0x00406310
                                    0x00406313
                                    0x00000000
                                    0x00406313
                                    0x00406374
                                    0x00406374
                                    0x00406377
                                    0x0040637a
                                    0x0040637d
                                    0x00406380
                                    0x00406383
                                    0x00406386
                                    0x00406389
                                    0x0040638c
                                    0x0040638f
                                    0x00406392
                                    0x004063aa
                                    0x004063ad
                                    0x004063b0
                                    0x004063b3
                                    0x004063b3
                                    0x004063b6
                                    0x004063ba
                                    0x004063bc
                                    0x00406394
                                    0x00406394
                                    0x0040639c
                                    0x004063a1
                                    0x004063a3
                                    0x004063a5
                                    0x004063a5
                                    0x004063bf
                                    0x004063c6
                                    0x004063c9
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x004063cb
                                    0x00000000
                                    0x00406658
                                    0x00406658
                                    0x0040665c
                                    0x00406983
                                    0x00000000
                                    0x00406983
                                    0x00406662
                                    0x00406665
                                    0x00406668
                                    0x0040666c
                                    0x0040666f
                                    0x00406675
                                    0x00406677
                                    0x00406677
                                    0x00406677
                                    0x0040667a
                                    0x00000000
                                    0x00000000
                                    0x00406428
                                    0x00406428
                                    0x0040642b
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x00000000
                                    0x00406767
                                    0x0040676b
                                    0x0040678d
                                    0x00406790
                                    0x0040679a
                                    0x0040679d
                                    0x0040679d
                                    0x00000000
                                    0x0040679d
                                    0x0040679d
                                    0x0040676d
                                    0x00406770
                                    0x00406774
                                    0x00406777
                                    0x00406777
                                    0x0040677a
                                    0x00000000
                                    0x00000000
                                    0x00406824
                                    0x00406828
                                    0x00406846
                                    0x00406846
                                    0x00406846
                                    0x0040684d
                                    0x00406854
                                    0x0040685b
                                    0x0040685b
                                    0x00000000
                                    0x0040685b
                                    0x0040682a
                                    0x0040682d
                                    0x00406830
                                    0x00406833
                                    0x0040683a
                                    0x0040677e
                                    0x0040677e
                                    0x00406781
                                    0x00000000
                                    0x00000000
                                    0x00406915
                                    0x00406918
                                    0x00406819
                                    0x00000000
                                    0x00000000
                                    0x0040654f
                                    0x00406551
                                    0x00406558
                                    0x00406559
                                    0x0040655b
                                    0x0040655e
                                    0x00000000
                                    0x00000000
                                    0x00406566
                                    0x00406569
                                    0x0040656c
                                    0x0040656e
                                    0x00406570
                                    0x00406570
                                    0x00406571
                                    0x00406574
                                    0x0040657b
                                    0x0040657e
                                    0x0040658c
                                    0x00000000
                                    0x00000000
                                    0x00406862
                                    0x00406862
                                    0x00406865
                                    0x0040686c
                                    0x00000000
                                    0x00000000
                                    0x00406871
                                    0x00406871
                                    0x00406875
                                    0x004069ad
                                    0x00000000
                                    0x004069ad
                                    0x0040687b
                                    0x0040687e
                                    0x00406881
                                    0x00406885
                                    0x00406888
                                    0x0040688e
                                    0x00406890
                                    0x00406890
                                    0x00406890
                                    0x00406893
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406896
                                    0x00406899
                                    0x00406899
                                    0x0040689d
                                    0x004068fd
                                    0x00406900
                                    0x00406905
                                    0x00406906
                                    0x00406908
                                    0x0040690a
                                    0x0040690d
                                    0x00406819
                                    0x00406819
                                    0x00000000
                                    0x0040681f
                                    0x00406819
                                    0x0040689f
                                    0x004068a5
                                    0x004068a8
                                    0x004068ab
                                    0x004068ae
                                    0x004068b1
                                    0x004068b4
                                    0x004068b7
                                    0x004068ba
                                    0x004068bd
                                    0x004068c0
                                    0x004068d9
                                    0x004068dc
                                    0x004068df
                                    0x004068e2
                                    0x004068e6
                                    0x004068e8
                                    0x004068e8
                                    0x004068e9
                                    0x004068ec
                                    0x004068c2
                                    0x004068c2
                                    0x004068ca
                                    0x004068cf
                                    0x004068d1
                                    0x004068d4
                                    0x004068d4
                                    0x004068ef
                                    0x004068f6
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x004068f8
                                    0x00000000
                                    0x00406594
                                    0x00406597
                                    0x004065cd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x004066fd
                                    0x00406700
                                    0x00406700
                                    0x00406703
                                    0x00406705
                                    0x0040698f
                                    0x00000000
                                    0x0040698f
                                    0x0040670b
                                    0x0040670e
                                    0x00000000
                                    0x00000000
                                    0x00406714
                                    0x00406718
                                    0x0040671b
                                    0x0040671b
                                    0x0040671b
                                    0x00000000
                                    0x0040671b
                                    0x00406599
                                    0x0040659b
                                    0x0040659d
                                    0x0040659f
                                    0x004065a2
                                    0x004065a3
                                    0x004065a5
                                    0x004065a7
                                    0x004065aa
                                    0x004065ad
                                    0x004065c3
                                    0x004065c8
                                    0x00406600
                                    0x00406600
                                    0x00406604
                                    0x00406630
                                    0x00406632
                                    0x00406639
                                    0x0040663c
                                    0x0040663f
                                    0x0040663f
                                    0x00406644
                                    0x00406644
                                    0x00406646
                                    0x00406649
                                    0x00406650
                                    0x00406653
                                    0x00406680
                                    0x00406680
                                    0x00406683
                                    0x00406686
                                    0x004066fa
                                    0x004066fa
                                    0x004066fa
                                    0x00000000
                                    0x004066fa
                                    0x00406688
                                    0x0040668e
                                    0x00406691
                                    0x00406694
                                    0x00406697
                                    0x0040669a
                                    0x0040669d
                                    0x004066a0
                                    0x004066a3
                                    0x004066a6
                                    0x004066a9
                                    0x004066c2
                                    0x004066c4
                                    0x004066c7
                                    0x004066c8
                                    0x004066cb
                                    0x004066cd
                                    0x004066d0
                                    0x004066d2
                                    0x004066d4
                                    0x004066d7
                                    0x004066d9
                                    0x004066dc
                                    0x004066e0
                                    0x004066e2
                                    0x004066e2
                                    0x004066e3
                                    0x004066e6
                                    0x004066e9
                                    0x004066ab
                                    0x004066ab
                                    0x004066b3
                                    0x004066b8
                                    0x004066ba
                                    0x004066bd
                                    0x004066bd
                                    0x004066ec
                                    0x004066f3
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x0040667d
                                    0x00000000
                                    0x004066f5
                                    0x00000000
                                    0x004066f5
                                    0x004066f3
                                    0x00406606
                                    0x00406609
                                    0x0040660b
                                    0x0040660e
                                    0x00406611
                                    0x00406614
                                    0x00406616
                                    0x00406619
                                    0x0040661c
                                    0x0040661c
                                    0x0040661f
                                    0x0040661f
                                    0x00406622
                                    0x00406629
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x004065fd
                                    0x00000000
                                    0x0040662b
                                    0x00000000
                                    0x0040662b
                                    0x00406629
                                    0x004065af
                                    0x004065b2
                                    0x004065b4
                                    0x004065b7
                                    0x00000000
                                    0x00000000
                                    0x00406316
                                    0x00406316
                                    0x0040631a
                                    0x0040695f
                                    0x00000000
                                    0x0040695f
                                    0x00406320
                                    0x00406323
                                    0x00406326
                                    0x00406329
                                    0x0040632c
                                    0x0040632f
                                    0x00406332
                                    0x00406334
                                    0x00406337
                                    0x0040633a
                                    0x0040633d
                                    0x0040633f
                                    0x0040633f
                                    0x0040633f
                                    0x00000000
                                    0x00000000
                                    0x004064a1
                                    0x004064a1
                                    0x004064a5
                                    0x0040696b
                                    0x00000000
                                    0x0040696b
                                    0x004064ab
                                    0x004064ae
                                    0x004064b1
                                    0x004064b4
                                    0x004064b6
                                    0x004064b6
                                    0x004064b6
                                    0x004064b9
                                    0x004064bc
                                    0x004064bf
                                    0x004064c2
                                    0x004064c5
                                    0x004064c8
                                    0x004064c9
                                    0x004064cb
                                    0x004064cb
                                    0x004064cb
                                    0x004064ce
                                    0x004064d1
                                    0x004064d4
                                    0x004064d7
                                    0x004064d7
                                    0x004064d7
                                    0x004064da
                                    0x004064dc
                                    0x004064dc
                                    0x00000000
                                    0x00000000
                                    0x0040671e
                                    0x0040671e
                                    0x0040671e
                                    0x00406722
                                    0x00000000
                                    0x00000000
                                    0x00406728
                                    0x0040672b
                                    0x0040672e
                                    0x00406731
                                    0x00406733
                                    0x00406733
                                    0x00406733
                                    0x00406736
                                    0x00406739
                                    0x0040673c
                                    0x0040673f
                                    0x00406742
                                    0x00406745
                                    0x00406746
                                    0x00406748
                                    0x00406748
                                    0x00406748
                                    0x0040674b
                                    0x0040674e
                                    0x00406751
                                    0x00406754
                                    0x00406757
                                    0x0040675b
                                    0x0040675d
                                    0x00406760
                                    0x00000000
                                    0x00406762
                                    0x004064df
                                    0x004064df
                                    0x00000000
                                    0x004064df
                                    0x00406760
                                    0x00406995
                                    0x00000000
                                    0x00000000
                                    0x00405fc4
                                    0x004069cc
                                    0x004069cc
                                    0x00000000
                                    0x004069cc
                                    0x00406819
                                    0x004067a0
                                    0x0040679d

                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                    • Instruction ID: fa01dbb36adddbb747bc37ce8d7c8691094d52a97b4972d7f98645f49a39bfe1
                                    • Opcode Fuzzy Hash: c10b0ec6d8a1716373c4594016b158d4b4e2bf5790cbb1f15a9d43b973b4a336
                                    • Instruction Fuzzy Hash: B3715671D00229CBEF28CF98C844BADBBB1FF44305F11816AD856BB281C7795A56DF54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401B06, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 59%
                                    			E00401B06(void* __ebx, void* __edx) {
				intOrPtr _t7;
				void* _t8;
				void _t11;
				void* _t13;
				void* _t21;
				void* _t24;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t37;

				_t27 = __ebx;
				_t7 =  *((intOrPtr*)(_t37 - 0x1c));
				_t30 =  *0x40af70; // 0x6adf88
				if(_t7 == __ebx) {
					if(__edx == __ebx) {
						_t8 = GlobalAlloc(0x40, 0x404); // executed
						_t34 = _t8;
						_t4 = _t34 + 4; // 0x4
						E00405B88(__ebx, _t30, _t34, _t4,  *((intOrPtr*)(_t37 - 0x24)));
						_t11 =  *0x40af70; // 0x6adf88
						 *_t34 = _t11;
						 *0x40af70 = _t34;
					} else {
						if(_t30 == __ebx) {
							 *((intOrPtr*)(_t37 - 4)) = 1;
						} else {
							_t2 = _t30 + 4; // 0x6adf8c
							E00405B66(_t33, _t2);
							_push(_t30);
							 *0x40af70 =  *_t30;
							GlobalFree();
						}
					}
					goto L15;
				} else {
					while(1) {
						_t7 = _t7 - 1;
						if(_t30 == _t27) {
							break;
						}
						_t30 =  *_t30;
						if(_t7 != _t27) {
							continue;
						} else {
							if(_t30 == _t27) {
								break;
							} else {
								_t32 = _t30 + 4;
								E00405B66(0x409b70, _t30 + 4);
								_t21 =  *0x40af70; // 0x6adf88
								E00405B66(_t32, _t21 + 4);
								_t24 =  *0x40af70; // 0x6adf88
								_push(0x409b70);
								_push(_t24 + 4);
								E00405B66();
								L15:
								 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t37 - 4));
								_t13 = 0;
							}
						}
						goto L17;
					}
					_push(0x200010);
					_push(E00405B88(_t27, _t30, _t33, _t27, 0xffffffe8));
					E00405427();
					_t13 = 0x7fffffff;
				}
				L17:
				return _t13;
			}













                                    0x00401b06
                                    0x00401b06
                                    0x00401b09
                                    0x00401b11
                                    0x00401b59
                                    0x00401b87
                                    0x00401b90
                                    0x00401b92
                                    0x00401b96
                                    0x00401b9b
                                    0x00401ba0
                                    0x00401ba2
                                    0x00401b5b
                                    0x00401b5d
                                    0x0040265c
                                    0x00401b63
                                    0x00401b63
                                    0x00401b68
                                    0x00401b6f
                                    0x00401b70
                                    0x00401b75
                                    0x00401b75
                                    0x00401b5d
                                    0x00000000
                                    0x00401b13
                                    0x00401b13
                                    0x00401b13
                                    0x00401b16
                                    0x00000000
                                    0x00000000
                                    0x00401b1c
                                    0x00401b20
                                    0x00000000
                                    0x00401b22
                                    0x00401b24
                                    0x00000000
                                    0x00401b2a
                                    0x00401b2a
                                    0x00401b34
                                    0x00401b39
                                    0x00401b43
                                    0x00401b48
                                    0x00401b4d
                                    0x00401b51
                                    0x004027b1
                                    0x0040288b
                                    0x0040288e
                                    0x00402894
                                    0x00402894
                                    0x00401b24
                                    0x00000000
                                    0x00401b20
                                    0x004021fb
                                    0x00402208
                                    0x00402209
                                    0x0040220e
                                    0x0040220e
                                    0x00402896
                                    0x0040289a

                                    APIs
                                    • GlobalFree.KERNEL32 ref: 00401B75
                                    • GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401B87
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Global$AllocFree
                                    • String ID: Call
                                    • API String ID: 3394109436-1824292864
                                    • Opcode ID: 9b92690919ab3925ef73853116ce48ab465fb75dc046896ca91c647f4bc949d6
                                    • Instruction ID: f6df762d61d54559a5bd4bb911f236f7c2d089bf7a2c1af573ad77b5def0dbe6
                                    • Opcode Fuzzy Hash: 9b92690919ab3925ef73853116ce48ab465fb75dc046896ca91c647f4bc949d6
                                    • Instruction Fuzzy Hash: 9F2181B2A006169BC710AFA4DE85D5E73B4EB44318724463BF502F32D0DB7CB9129B5E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405A4D, Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E00405A4D(void* _a4, int _a8, char* _a12, int _a16, void* _a20) {
				long _t20;
				long _t23;
				long _t24;
				char* _t26;

				asm("sbb eax, eax");
				_t26 = _a16;
				 *_t26 = 0;
				_t20 = RegOpenKeyExA(_a4, _a8, 0,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				if(_t20 == 0) {
					_a8 = 0x400;
					_t23 = RegQueryValueExA(_a20, _a12, 0,  &_a16, _t26,  &_a8); // executed
					if(_t23 != 0 || _a16 != 1 && _a16 != 2) {
						 *_t26 = 0;
					}
					_t26[0x3ff] = 0;
					_t24 = RegCloseKey(_a20); // executed
					return _t24;
				}
				return _t20;
			}







                                    0x00405a5d
                                    0x00405a5f
                                    0x00405a6c
                                    0x00405a76
                                    0x00405a7e
                                    0x00405a83
                                    0x00405a97
                                    0x00405a9f
                                    0x00405aad
                                    0x00405aad
                                    0x00405ab2
                                    0x00405ab8
                                    0x00000000
                                    0x00405ab8
                                    0x00405ac1

                                    APIs
                                    • RegOpenKeyExA.KERNELBASE(80000002,00405C89,00000000,00000002,?,00000002,0025A351,?,00405C89,80000002,Software\Microsoft\Windows\CurrentVersion,0025A351,Remove folder: ,0067E229), ref: 00405A76
                                    • RegQueryValueExA.KERNELBASE(0025A351,?,00000000,00405C89,0025A351,00405C89), ref: 00405A97
                                    • RegCloseKey.KERNELBASE(?), ref: 00405AB8
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CloseOpenQueryValue
                                    • String ID:
                                    • API String ID: 3677997916-0
                                    • Opcode ID: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                    • Instruction ID: 1f5187eb0d206272966296eac295dca0b6851c7ebc3b2299c22a00064415c0d3
                                    • Opcode Fuzzy Hash: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                                    • Instruction Fuzzy Hash: 5E01487114020AEFDB128F64EC84AEB3FACEF14394F004526F945E6120D335D964DFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405E88, Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00405E88(signed int _a4) {
				struct HINSTANCE__* _t5;
				CHAR* _t7;
				signed int _t9;

				_t9 = _a4 << 3;
				_t7 =  *(_t9 + 0x409220);
				_t5 = GetModuleHandleA(_t7);
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t9 + 0x409224));
				}
				_t5 = LoadLibraryA(_t7); // executed
				if(_t5 != 0) {
					goto L2;
				}
				return _t5;
			}






                                    0x00405e90
                                    0x00405e93
                                    0x00405e9a
                                    0x00405ea2
                                    0x00405eaf
                                    0x00000000
                                    0x00405eb6
                                    0x00405ea5
                                    0x00405ead
                                    0x00000000
                                    0x00000000
                                    0x00405ebe

                                    APIs
                                    • GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                    • LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: AddressHandleLibraryLoadModuleProc
                                    • String ID:
                                    • API String ID: 310444273-0
                                    • Opcode ID: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                    • Instruction ID: 91087f9554edebef2dfdad95906e97f440013226b38390424b9c6ad62026e406
                                    • Opcode Fuzzy Hash: cda0668070076e7cac62d6abfc32be1e4fdfe709f191786036c768239460f4b3
                                    • Instruction Fuzzy Hash: 0FE08C32A08511BBD3115B30ED0896B77A8EA89B41304083EF959F6290D734EC119BFA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004035BD, Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 20COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004035BD() {
				void* _t1;
				void* _t2;
				void* _t4;
				void* _t7;
				signed int _t12;

				_t1 =  *0x409014; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x409014 =  *0x409014 | 0xffffffff;
				}
				_t2 =  *0x409018; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x409018 =  *0x409018 | 0xffffffff;
					_t12 =  *0x409018;
				}
				E0040361A();
				_t4 = E0040548B(_t7, _t12, "C:\\Users\\jones\\AppData\\Local\\Temp\\nsz8F4D.tmp\\", 7); // executed
				return _t4;
			}








                                    0x004035bd
                                    0x004035cc
                                    0x004035cf
                                    0x004035d1
                                    0x004035d1
                                    0x004035d8
                                    0x004035e0
                                    0x004035e3
                                    0x004035e5
                                    0x004035e5
                                    0x004035e5
                                    0x004035ec
                                    0x004035f8
                                    0x004035fe

                                    APIs
                                    • CloseHandle.KERNEL32(FFFFFFFF,00000000,0040342D,00000000), ref: 004035CF
                                    • CloseHandle.KERNEL32(FFFFFFFF,00000000,0040342D,00000000), ref: 004035E3
                                    Strings
                                    • C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\, xrefs: 004035F3
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CloseHandle
                                    • String ID: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\
                                    • API String ID: 2962429428-3105295924
                                    • Opcode ID: d5091cb339cf9ca4b2a17f3525511bedeea9812c5bf65782ecb3b679df28d270
                                    • Instruction ID: 5c77e6c533590f6c422f1e12d180fd4ee44bb6ddfd602f374d0031013ab669df
                                    • Opcode Fuzzy Hash: d5091cb339cf9ca4b2a17f3525511bedeea9812c5bf65782ecb3b679df28d270
                                    • Instruction Fuzzy Hash: 3AE08C30900610AAC234AF7CAE4594A3A1C9B413327248722F538F21F2C738AE824AAD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403EF1, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00403EF1(int _a4) {
				long _t3;

				if(_a4 == 0x78) {
					 *0x42366c =  *0x42366c + 1;
				}
				_t3 = SendMessageA( *0x423ea8, 0x408, _a4, 0); // executed
				return _t3;
			}




                                    0x00403ef6
                                    0x00403ef8
                                    0x00403ef8
                                    0x00403f0f
                                    0x00403f15

                                    APIs
                                    • SendMessageA.USER32(00000408,?,00000000,00403B53), ref: 00403F0F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID: x
                                    • API String ID: 3850602802-2363233923
                                    • Opcode ID: 46d605fedc9b17ed3aa99e624faff798016ffe450984ce7ce2feb54509c3447d
                                    • Instruction ID: 0a00224ba8322c10e7c5ad3fa7d0cdf23506fb3b21bf1cf3cfca3f20ccc8a775
                                    • Opcode Fuzzy Hash: 46d605fedc9b17ed3aa99e624faff798016ffe450984ce7ce2feb54509c3447d
                                    • Instruction Fuzzy Hash: 29C012B2688200BECB205F12DE01F06BA31E7A0703F109039F344200B4C2B86622EB0D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                    • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                    • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                                    • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                                    • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004022A7, Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00402B00: RegOpenKeyExA.ADVAPI32(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                    • RegDeleteValueA.ADVAPI32(00000000,00000000,00000033), ref: 004022C6
                                    • RegCloseKey.ADVAPI32(00000000), ref: 004022CF
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CloseDeleteOpenValue
                                    • String ID:
                                    • API String ID: 849931509-0
                                    • Opcode ID: c6fbd28be4fb576c1c824b197712ce80a04ff9fb8fb345fe1b7811bc65f51c46
                                    • Instruction ID: ec3bb2159187b6359b978bf82045442e623c3603711c8f759b9971cfdd6908a0
                                    • Opcode Fuzzy Hash: c6fbd28be4fb576c1c824b197712ce80a04ff9fb8fb345fe1b7811bc65f51c46
                                    • Instruction Fuzzy Hash: A8F04472A00211ABDB20BFA49F4DABF7268AB40354F10453BF601B61C1D9B94D42A66D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402866, Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageA.USER32(?,0000000B,00000001), ref: 00402875
                                    • InvalidateRect.USER32(?), ref: 00402885
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: InvalidateMessageRectSend
                                    • String ID:
                                    • API String ID: 909852535-0
                                    • Opcode ID: 46d6f11c940701ec0eb3576edbaf6f76ecda1d887e6a847d8cdde8d99bec7f9f
                                    • Instruction ID: bcd717e7596d016e205178ba64243b8d7c77eee19d70b8784ae4534d65a4b435
                                    • Opcode Fuzzy Hash: 46d6f11c940701ec0eb3576edbaf6f76ecda1d887e6a847d8cdde8d99bec7f9f
                                    • Instruction Fuzzy Hash: 2AE08C72B00104FFDB10DF94FE959AE77BAEB44359B10007AF201F10A0D2341D00CA28
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401D95, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                    Download Yara Rule
                                    APIs
                                    • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DAB
                                    • EnableWindow.USER32(00000000,00000000), ref: 00401DB6
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Window$EnableShow
                                    • String ID:
                                    • API String ID: 1136574915-0
                                    • Opcode ID: 01184a99a098fa4f7b5ffd0caf4b96e4eb64a91bfbc6cfc84e1934e58c82cbe0
                                    • Instruction ID: 0a77d41913575adca2a7ede6e8d56263b744db67c7fbf003078f88b8ecd5966f
                                    • Opcode Fuzzy Hash: 01184a99a098fa4f7b5ffd0caf4b96e4eb64a91bfbc6cfc84e1934e58c82cbe0
                                    • Instruction Fuzzy Hash: 24E0C272F08210DBD710FBB4AE899AE3274DB403A9B10453BF503F20C1D6B89C8196EE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040583D, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileAttributesA.KERNELBASE(00000003,00402CB5,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,80000000,00000003), ref: 00405841
                                    • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405863
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: File$AttributesCreate
                                    • String ID:
                                    • API String ID: 415043291-0
                                    • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                    • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                                    • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                                    • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0040581E, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetFileAttributesA.KERNELBASE(?,00405629,?,?,?), ref: 00405822
                                    • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405834
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: AttributesFile
                                    • String ID:
                                    • API String ID: 3188754299-0
                                    • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                    • Instruction ID: 89544605ef234ac14ed66c3b065a2d642d1346908a696065e0ba681aeed38476
                                    • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                                    • Instruction Fuzzy Hash: F8C04CB1808501ABD7056B24EF0D81F7B66EF50325B108B35F5A9E00F0C7355C66DA1A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402615, Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • FindNextFileA.KERNELBASE(00000000,?,?), ref: 00402626
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileFindNext
                                    • String ID:
                                    • API String ID: 2029273394-0
                                    • Opcode ID: 1b2096366f9d60c073af6be6c907b9621ce39872e8c26c5f5c0e0ec0b15a29fb
                                    • Instruction ID: 985f2403c07579d6712aaa9ce172f0afd7b6bd539b2011b98a7510670cf64351
                                    • Opcode Fuzzy Hash: 1b2096366f9d60c073af6be6c907b9621ce39872e8c26c5f5c0e0ec0b15a29fb
                                    • Instruction Fuzzy Hash: D7E06D32A04104DBD710EFA4AA88AEA73B8DB41348F60447BE402F21C1E2BD9A455B6A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402223, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                    Download Yara Rule
                                    APIs
                                    • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040225C
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: PrivateProfileStringWrite
                                    • String ID:
                                    • API String ID: 390214022-0
                                    • Opcode ID: b6116c209c80720ea8c5b66b32d343bdc214f8bf2523826a10554ae8e2aaa3ef
                                    • Instruction ID: 7f0f3d0bfb11d3a69440f7e30d7772d63b8707f304f836d716d69bda9ce5b450
                                    • Opcode Fuzzy Hash: b6116c209c80720ea8c5b66b32d343bdc214f8bf2523826a10554ae8e2aaa3ef
                                    • Instruction Fuzzy Hash: 31E04871F002656BDBA07AF14F8D97F115C7B84344F14027EBA15762C6E9BC4D416169
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004025CC, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004025E6
                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FilePointerwsprintf
                                    • String ID:
                                    • API String ID: 327478801-0
                                    • Opcode ID: 3059be8c82d4397c86f1532bacb28e72089f78617d9c0675f34511d3d01b3758
                                    • Instruction ID: 2b12485fa52346b996e4869e092ed6d36d9f18209e02d62845b21ba0c7d9cf2c
                                    • Opcode Fuzzy Hash: 3059be8c82d4397c86f1532bacb28e72089f78617d9c0675f34511d3d01b3758
                                    • Instruction Fuzzy Hash: 88E04876A00101ABD701F7955E89CBF7678DB50359B10453BF501F00D1C67D49429A6E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004031BF, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    • ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00413040,0040B040,004030C4,00413040,00004000,?,00000000,?,00402F4E,00000004,00000000,00000000), ref: 004031D6
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileRead
                                    • String ID:
                                    • API String ID: 2738559852-0
                                    • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                    • Instruction ID: 4c5c04567c480c11bae84e94003d2882b37cb3083c3cc1db03504fe221b835f3
                                    • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                    • Instruction Fuzzy Hash: DAE08631500119BBCF215E619C00A973B5CEB09362F008033FA04E9190D532DB109BA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403F18, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ItemText
                                    • String ID:
                                    • API String ID: 3367045223-0
                                    • Opcode ID: a4344885837872da06a0b73f422c0a40da7d5145ed9eee0f172373294b1062d3
                                    • Instruction ID: 32956ba5a052c000d200729fffd4f2c944d874cb1110b62223aa4bdd109d9e57
                                    • Opcode Fuzzy Hash: a4344885837872da06a0b73f422c0a40da7d5145ed9eee0f172373294b1062d3
                                    • Instruction Fuzzy Hash: E4C08C31048200BFD241AB04CC42F1FB3A8EFA0327F00C92EB05CE00D2C634D420CE2A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403F64, Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageA.USER32(000B040E,00000000,00000000,00000000), ref: 00403F76
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: 74a19277012f6d931596f598d2f6ffa2ec736fc7041dbb57cfa43a045af561dc
                                    • Instruction ID: 4934297729c285da13a483c37f1bad53b44c21571947472378d90217470b6476
                                    • Opcode Fuzzy Hash: 74a19277012f6d931596f598d2f6ffa2ec736fc7041dbb57cfa43a045af561dc
                                    • Instruction Fuzzy Hash: 6CC04C71B442017AEA209F619D45F177B68A754701F5444657204A51D0C674E510D61D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403F4D, Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    • SendMessageA.USER32(00000028,?,00000001,00403D7E), ref: 00403F5B
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend
                                    • String ID:
                                    • API String ID: 3850602802-0
                                    • Opcode ID: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                                    • Instruction ID: 0662716cb4741bc9db58cdf5bc89cb1196afa115b106f7c4ea820954fb206898
                                    • Opcode Fuzzy Hash: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                                    • Instruction Fuzzy Hash: 17B09276685201BADA215B10DE09F457E62E764702F018064B204240B0C6B200A5DB09
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004031F1, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                    Download Yara Rule
                                    APIs
                                    • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E9D,0000E9E4), ref: 004031FF
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FilePointer
                                    • String ID:
                                    • API String ID: 973152223-0
                                    • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                    • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                    • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                    • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403F3A, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                    Download Yara Rule
                                    APIs
                                    • KiUserCallbackDispatcher.NTDLL(?,00403D17), ref: 00403F44
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CallbackDispatcherUser
                                    • String ID:
                                    • API String ID: 2492992576-0
                                    • Opcode ID: 315e157356e8942ef3b8d7e2082c61631171d9164c942d8812de0ab912510814
                                    • Instruction ID: 218003202f2b1835e3bff4e9bf146b8b4f872d9b8cc4e3003fd48478f7f9154f
                                    • Opcode Fuzzy Hash: 315e157356e8942ef3b8d7e2082c61631171d9164c942d8812de0ab912510814
                                    • Instruction Fuzzy Hash: 09A002755051049BCA519B54DE048057A62A754701741C479B24551575C7315461EB6E
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004014D6, Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                                    Download Yara Rule
                                    APIs
                                    • Sleep.KERNELBASE(00000000), ref: 004014E5
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Sleep
                                    • String ID:
                                    • API String ID: 3472027048-0
                                    • Opcode ID: 7f2b96c0ac7e3adfbfa05993655b8384a5a1308702b52abfe92519b2179cd3a1
                                    • Instruction ID: 0e7ad585a1f0adefe16d4622bd579cc52ea23b171ff9c05291141f9a24cab872
                                    • Opcode Fuzzy Hash: 7f2b96c0ac7e3adfbfa05993655b8384a5a1308702b52abfe92519b2179cd3a1
                                    • Instruction Fuzzy Hash: F5D0C977B146009BD750EBB8AE8945A73A8EB5136A3204937D903E20D2E57CC942965D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 00404853, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMONCrypto
                                    Download Yara Rule
                                    C-Code - Quality: 98%
                                    			E00404853(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423ec8; // 0x67723c
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423eb0; // 0x676fd0
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423eb9 & 0x00000002;
							if(( *0x423eb9 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E004047D3(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423eb8; // 0x81
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x42047c;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x420494;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x42047c = _t315;
									 *0x420494 = _t315;
									 *0x423f00 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423eb9 & 0x00000001;
										if(( *0x423eb9 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423ecc - _t315; // 0x3
										_v32 =  *0x420494;
										_t196 =  *0x423ec8; // 0x67723c
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42367c; // 0x68c42a
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E004046F1(0x3ff, 0xfffffffb, E004047A6(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x677244
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x677254
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423ecc; // 0x3
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x420494);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423f00 = _a4;
					_t247 =  *0x423ecc; // 0x3
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x420494 = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423ea0, 0x6e);
					 *0x420488 =  *0x420488 | 0xffffffff;
					_v24 = _t250;
					 *0x420490 = SetWindowLongA(_v8, 0xfffffffc, E00404E54);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42047c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42047c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405B88(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403F18(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403F18(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423ecc - _t318; // 0x3
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x420494 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x420494 + _t318 * 4) = _t274;
									_t288 =  *( *0x420494 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423ecc; // 0x3
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403F4D(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403F4D(_v12);
								L89:
								return E00403F7F(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                    0x00404871
                                    0x00404877
                                    0x00404879
                                    0x0040487f
                                    0x00404885
                                    0x00404888
                                    0x00404892
                                    0x0040489b
                                    0x0040489e
                                    0x004048a1
                                    0x00404ac9
                                    0x00404ac9
                                    0x00404ad0
                                    0x00404ae4
                                    0x00404ad2
                                    0x00404ad4
                                    0x00404ad7
                                    0x00404ad8
                                    0x00404adf
                                    0x00404adf
                                    0x00404ae7
                                    0x00404af0
                                    0x00404afb
                                    0x00404afb
                                    0x00404afe
                                    0x00404b01
                                    0x00404b10
                                    0x00404b10
                                    0x00404b17
                                    0x00404b8f
                                    0x00404b8f
                                    0x00404b92
                                    0x00404b94
                                    0x00404b97
                                    0x00404b9e
                                    0x00404bac
                                    0x00404bac
                                    0x00404bae
                                    0x00404bb1
                                    0x00404bb8
                                    0x00404bba
                                    0x00404bbe
                                    0x00404bdb
                                    0x00404bdf
                                    0x00404bdf
                                    0x00404bc0
                                    0x00404bcd
                                    0x00404bcd
                                    0x00404bbe
                                    0x00404bb8
                                    0x00000000
                                    0x00404b92
                                    0x00404b19
                                    0x00404b1c
                                    0x00404b27
                                    0x00404b29
                                    0x00404b2c
                                    0x00404b33
                                    0x00404b38
                                    0x00404b3a
                                    0x00404b44
                                    0x00404b44
                                    0x00404b48
                                    0x00404b4a
                                    0x00404b4d
                                    0x00404b4f
                                    0x00404b52
                                    0x00404b68
                                    0x00404b68
                                    0x00404b54
                                    0x00404b54
                                    0x00404b5a
                                    0x00404b5c
                                    0x00404b63
                                    0x00404b5e
                                    0x00404b5e
                                    0x00404b5e
                                    0x00404b5c
                                    0x00404b6c
                                    0x00404b6e
                                    0x00404b73
                                    0x00404b7c
                                    0x00404b7d
                                    0x00404b87
                                    0x00404b87
                                    0x00404b89
                                    0x00404b8c
                                    0x00404b8c
                                    0x00404b4d
                                    0x00000000
                                    0x00404b3a
                                    0x00404b1e
                                    0x00404b21
                                    0x00404b25
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404b25
                                    0x00404b03
                                    0x00404b0a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404af2
                                    0x00404af2
                                    0x00404af5
                                    0x00404be2
                                    0x00404be2
                                    0x00404be9
                                    0x00404c5d
                                    0x00404c5d
                                    0x00404c64
                                    0x00404c70
                                    0x00404c70
                                    0x00404c72
                                    0x00404c79
                                    0x00404c7b
                                    0x00404c80
                                    0x00404c82
                                    0x00404c85
                                    0x00404c85
                                    0x00404c8b
                                    0x00404c90
                                    0x00404c92
                                    0x00404c95
                                    0x00404c95
                                    0x00404c9b
                                    0x00404ca1
                                    0x00404ca7
                                    0x00404ca7
                                    0x00404cad
                                    0x00404cb4
                                    0x00404e01
                                    0x00404e01
                                    0x00404e08
                                    0x00404e0a
                                    0x00404e11
                                    0x00404e15
                                    0x00404e22
                                    0x00404e22
                                    0x00404e25
                                    0x00404e2b
                                    0x00404e3d
                                    0x00404e3d
                                    0x00404e11
                                    0x00000000
                                    0x00404cba
                                    0x00404cbc
                                    0x00404cc1
                                    0x00404cc4
                                    0x00404cc8
                                    0x00404cc8
                                    0x00404ccd
                                    0x00404cd0
                                    0x00404d11
                                    0x00404d13
                                    0x00404d1d
                                    0x00404d23
                                    0x00404d26
                                    0x00404d2b
                                    0x00404d32
                                    0x00404d35
                                    0x00404dd7
                                    0x00404ddd
                                    0x00404de3
                                    0x00404de8
                                    0x00404deb
                                    0x00404dfc
                                    0x00404dfc
                                    0x00000000
                                    0x00404d3b
                                    0x00404d3b
                                    0x00404d3b
                                    0x00404d3e
                                    0x00404d44
                                    0x00404d47
                                    0x00404d49
                                    0x00404d4b
                                    0x00404d4d
                                    0x00404d50
                                    0x00404d53
                                    0x00404d5a
                                    0x00404d5c
                                    0x00404d5f
                                    0x00404d66
                                    0x00404d69
                                    0x00404d69
                                    0x00404d69
                                    0x00404d69
                                    0x00404d6d
                                    0x00404d70
                                    0x00404d7c
                                    0x00404d7d
                                    0x00404d80
                                    0x00404d82
                                    0x00404d82
                                    0x00404d82
                                    0x00404d72
                                    0x00404d74
                                    0x00404d74
                                    0x00404da1
                                    0x00404da1
                                    0x00404da2
                                    0x00404dae
                                    0x00404dbd
                                    0x00404dbd
                                    0x00404dbf
                                    0x00404dc2
                                    0x00404dcb
                                    0x00404dcb
                                    0x00000000
                                    0x00404d3e
                                    0x00404cd2
                                    0x00404cdd
                                    0x00404ce0
                                    0x00404ce5
                                    0x00404ce7
                                    0x00404ce9
                                    0x00404ceb
                                    0x00404cfb
                                    0x00404d05
                                    0x00404d07
                                    0x00404d0a
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404ced
                                    0x00404ced
                                    0x00404ced
                                    0x00404cf0
                                    0x00404cf3
                                    0x00404cf5
                                    0x00404cf5
                                    0x00404cf5
                                    0x00404cf6
                                    0x00404cf7
                                    0x00404cf7
                                    0x00000000
                                    0x00404ced
                                    0x00404cd0
                                    0x00404cb4
                                    0x00404beb
                                    0x00404bf1
                                    0x00000000
                                    0x00000000
                                    0x00404bfd
                                    0x00404c01
                                    0x00000000
                                    0x00000000
                                    0x00404c11
                                    0x00404c13
                                    0x00404c16
                                    0x00000000
                                    0x00000000
                                    0x00404c28
                                    0x00404c2a
                                    0x00404c2d
                                    0x00404c37
                                    0x00404c39
                                    0x00404c3a
                                    0x00404c3b
                                    0x00404c4a
                                    0x00404c4c
                                    0x00404c53
                                    0x00404c56
                                    0x00000000
                                    0x00404c56
                                    0x00404c2f
                                    0x00404c32
                                    0x00404c35
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404c35
                                    0x00000000
                                    0x00404af5
                                    0x004048a7
                                    0x004048ac
                                    0x004048b1
                                    0x004048b6
                                    0x004048b7
                                    0x004048c0
                                    0x004048cb
                                    0x004048d6
                                    0x004048dc
                                    0x004048ea
                                    0x004048ff
                                    0x00404904
                                    0x0040490f
                                    0x00404918
                                    0x0040492d
                                    0x0040493e
                                    0x0040494b
                                    0x0040494b
                                    0x00404950
                                    0x00404956
                                    0x00404958
                                    0x0040495b
                                    0x00404960
                                    0x00404965
                                    0x00404967
                                    0x00404967
                                    0x00404987
                                    0x00404987
                                    0x00404989
                                    0x0040498a
                                    0x0040498f
                                    0x00404992
                                    0x00404995
                                    0x00404999
                                    0x0040499e
                                    0x004049a3
                                    0x004049a7
                                    0x004049ac
                                    0x004049b1
                                    0x004049b3
                                    0x004049b5
                                    0x004049bb
                                    0x00404a85
                                    0x00404a98
                                    0x00000000
                                    0x004049c1
                                    0x004049c4
                                    0x004049c7
                                    0x004049ca
                                    0x004049ca
                                    0x004049d0
                                    0x004049d6
                                    0x004049d9
                                    0x004049df
                                    0x004049e0
                                    0x004049e5
                                    0x004049ee
                                    0x004049f5
                                    0x004049f8
                                    0x004049fb
                                    0x004049fe
                                    0x00404a38
                                    0x00404a3a
                                    0x00404a63
                                    0x00404a3c
                                    0x00404a49
                                    0x00404a49
                                    0x00404a00
                                    0x00404a03
                                    0x00404a12
                                    0x00404a1c
                                    0x00404a24
                                    0x00404a2b
                                    0x00404a33
                                    0x00404a33
                                    0x004049fe
                                    0x00404a69
                                    0x00404a6a
                                    0x00404a70
                                    0x00404a76
                                    0x00404a76
                                    0x00404a83
                                    0x00404a9e
                                    0x00404aa2
                                    0x00404abf
                                    0x00404ac4
                                    0x00404ac7
                                    0x00404ac7
                                    0x00000000
                                    0x00404aa4
                                    0x00404aa9
                                    0x00404ab2
                                    0x00404e3f
                                    0x00404e51
                                    0x00404e51
                                    0x00404aa2
                                    0x00000000
                                    0x00404a83
                                    0x004049bb

                                    APIs
                                    • GetDlgItem.USER32 ref: 0040486A
                                    • GetDlgItem.USER32 ref: 00404877
                                    • GlobalAlloc.KERNEL32(00000040,00000003), ref: 004048C3
                                    • LoadBitmapA.USER32 ref: 004048D6
                                    • SetWindowLongA.USER32 ref: 004048F0
                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404904
                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404918
                                    • SendMessageA.USER32(?,00001109,00000002), ref: 0040492D
                                    • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404939
                                    • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040494B
                                    • DeleteObject.GDI32(?), ref: 00404950
                                    • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040497B
                                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404987
                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A1C
                                    • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404A47
                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A5B
                                    • GetWindowLongA.USER32 ref: 00404A8A
                                    • SetWindowLongA.USER32 ref: 00404A98
                                    • ShowWindow.USER32(?,00000005), ref: 00404AA9
                                    • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404BAC
                                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404C11
                                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404C26
                                    • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404C4A
                                    • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C70
                                    • ImageList_Destroy.COMCTL32(?), ref: 00404C85
                                    • GlobalFree.KERNEL32 ref: 00404C95
                                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404D05
                                    • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404DAE
                                    • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404DBD
                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404DDD
                                    • ShowWindow.USER32(?,00000000), ref: 00404E2B
                                    • GetDlgItem.USER32 ref: 00404E36
                                    • ShowWindow.USER32(00000000), ref: 00404E3D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                    • String ID: $<rg$M$N
                                    • API String ID: 1638840714-744593883
                                    • Opcode ID: 9d7127013aa6371c945dd951bd4b8b5fe2ec9ac9385b3123730207c7727c871c
                                    • Instruction ID: 91af9d563adbb526dddc39620d8b288a2aea1bcbb5731436b9e02a5cfbe7d22d
                                    • Opcode Fuzzy Hash: 9d7127013aa6371c945dd951bd4b8b5fe2ec9ac9385b3123730207c7727c871c
                                    • Instruction Fuzzy Hash: AB029FB0E00209AFDB21DF54DD45AAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423eb0; // 0x676fd0
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "CL-Eye Driver Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423ea8; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                    0x0040100a
                                    0x00401039
                                    0x00401047
                                    0x0040104d
                                    0x00401051
                                    0x0040105b
                                    0x00401061
                                    0x00401064
                                    0x004010f3
                                    0x00401089
                                    0x0040108c
                                    0x004010a6
                                    0x004010bd
                                    0x004010cc
                                    0x004010cf
                                    0x004010d5
                                    0x004010d9
                                    0x004010e4
                                    0x004010ed
                                    0x004010ef
                                    0x004010ef
                                    0x00401100
                                    0x00401105
                                    0x0040110d
                                    0x00401110
                                    0x00401112
                                    0x00401118
                                    0x0040111f
                                    0x00401126
                                    0x00401130
                                    0x00401142
                                    0x00401156
                                    0x00401160
                                    0x00401165
                                    0x00401165
                                    0x00401110
                                    0x0040116e
                                    0x00000000
                                    0x00401178
                                    0x00401010
                                    0x00401013
                                    0x00401015
                                    0x00401019
                                    0x0040101f
                                    0x0040101f
                                    0x00000000

                                    APIs
                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                    • BeginPaint.USER32(?,?), ref: 00401047
                                    • GetClientRect.USER32 ref: 0040105B
                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                    • FillRect.USER32 ref: 004010E4
                                    • DeleteObject.GDI32(?), ref: 004010ED
                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                    • SetTextColor.GDI32(00000000,?), ref: 00401130
                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                    • DrawTextA.USER32(00000000,CL-Eye Driver Setup,000000FF,00000010,00000820), ref: 00401156
                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                    • DeleteObject.GDI32(?), ref: 00401165
                                    • EndPaint.USER32(?,?), ref: 0040116E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                    • String ID: CL-Eye Driver Setup$F
                                    • API String ID: 941294808-3089066853
                                    • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                    • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                                    • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                                    • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404356, Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 266stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 78%
                                    			E00404356(struct HWND__* _a4, signed int _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				struct HWND__* _v12;
				long _v16;
				long _v20;
				char _v24;
				long _v28;
				char _v32;
				intOrPtr _v36;
				long _v40;
				signed int _v44;
				CHAR* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				CHAR* _v68;
				void _v72;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t81;
				long _t86;
				signed char* _t88;
				void* _t94;
				signed int _t95;
				signed short _t113;
				signed int _t117;
				char* _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				signed int* _t145;
				intOrPtr _t147;
				signed int _t148;
				signed int _t153;
				struct HWND__* _t159;
				CHAR* _t162;
				int _t163;

				_t81 =  *0x41fc70; // 0x67717c
				_v36 = _t81;
				_t162 = ( *(_t81 + 0x3c) << 0xa) + 0x424000;
				_v8 =  *((intOrPtr*)(_t81 + 0x38));
				if(_a8 == 0x40b) {
					E0040540B(0x3fb, _t162);
					E00405DC8(_t162);
				}
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040540B(0x3fb, _t162);
							if(E0040573A(_t180, _t162) == 0) {
								_v8 = 1;
							}
							E00405B66(0x41f468, _t162);
							_t145 = 0;
							_t86 = E00405E88(0);
							_v16 = _t86;
							if(_t86 == 0) {
								L31:
								E00405B66(0x41f468, _t162);
								_t88 = E004056ED(0x41f468);
								if(_t88 != _t145) {
									 *_t88 =  *_t88 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f468,  &_v20,  &_v28,  &_v16,  &_v40) == 0) {
									_t153 = _a8;
									goto L37;
								} else {
									_t163 = 0x400;
									_t153 = MulDiv(_v20 * _v28, _v16, 0x400);
									_v12 = 1;
									goto L38;
								}
							} else {
								if(0 == 0x41f468) {
									L30:
									_t145 = 0;
									goto L31;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t113 = _v16(0x41f468,  &_v44,  &_v24,  &_v32);
									if(_t113 != 0) {
										break;
									}
									if(_t145 != 0) {
										 *_t145 =  *_t145 & _t113;
									}
									_t145 = E004056A0(0x41f468) - 1;
									 *_t145 = 0x5c;
									if(_t145 != 0x41f468) {
										continue;
									} else {
										goto L30;
									}
								}
								_t153 = (_v40 << 0x00000020 | _v44) >> 0xa;
								_v12 = 1;
								_t145 = 0;
								L37:
								_t163 = 0x400;
								L38:
								_t94 = E004047A6(5);
								if(_v12 != _t145 && _t153 < _t94) {
									_v8 = 2;
								}
								_t147 =  *0x42367c; // 0x68c42a
								if( *((intOrPtr*)(_t147 + 0x10)) != _t145) {
									E004046F1(0x3ff, 0xfffffffb, _t94);
									if(_v12 == _t145) {
										SetDlgItemTextA(_a4, _t163, 0x41f458);
									} else {
										E004046F1(_t163, 0xfffffffc, _t153);
									}
								}
								_t95 = _v8;
								 *0x423f44 = _t95;
								if(_t95 == _t145) {
									_v8 = E0040140B(7);
								}
								if(( *(_v36 + 0x14) & _t163) != 0) {
									_v8 = _t145;
								}
								E00403F3A(0 | _v8 == _t145);
								if(_v8 == _t145 &&  *0x42048c == _t145) {
									E004042EB();
								}
								 *0x42048c = _t145;
								goto L53;
							}
						}
						_t180 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t117 = _a12 & 0x0000ffff;
					if(_t117 != 0x3fb) {
						L12:
						if(_t117 == 0x3e9) {
							_t148 = 7;
							memset( &_v72, 0, _t148 << 2);
							_v76 = _a4;
							_v68 = 0x4204a0;
							_v56 = E0040468B;
							_v52 = _t162;
							_v64 = E00405B88(0x3fb, 0x4204a0, _t162, 0x41f870, _v8);
							_t122 =  &_v76;
							_v60 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405659(_t162);
								_t124 =  *0x423eb0; // 0x676fd0
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t162 == "C:\\Program Files (x86)\\Code Laboratories\\CL-Eye Driver") {
									E00405B88(0x3fb, 0x4204a0, _t162, 0, _t125);
									if(lstrcmpiA(0x422e40, 0x4204a0) != 0) {
										lstrcatA(_t162, 0x422e40);
									}
								}
								 *0x42048c =  &(( *0x42048c)[0]);
								SetDlgItemTextA(_a4, 0x3fb, _t162);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t159 = _a4;
					_v12 = GetDlgItem(_t159, 0x3fb);
					if(E004056C6(_t162) != 0 && E004056ED(_t162) == 0) {
						E00405659(_t162);
					}
					 *0x423678 = _t159;
					SetWindowTextA(_v12, _t162);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403F18(_t159);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403F18(_t159);
					E00403F4D(_v12);
					_t138 = E00405E88(7);
					if(_t138 == 0) {
						L53:
						return E00403F7F(_a8, _a12, _a16);
					}
					 *_t138(_v12, 1);
					goto L8;
				}
			}








































                                    0x0040435c
                                    0x00404363
                                    0x0040436f
                                    0x0040437d
                                    0x00404385
                                    0x00404389
                                    0x0040438f
                                    0x0040438f
                                    0x0040439b
                                    0x0040440f
                                    0x00404416
                                    0x004044eb
                                    0x004044f2
                                    0x00404501
                                    0x00404501
                                    0x00404505
                                    0x0040450b
                                    0x00404518
                                    0x0040451a
                                    0x0040451a
                                    0x00404528
                                    0x0040452d
                                    0x00404530
                                    0x00404537
                                    0x0040453a
                                    0x00404571
                                    0x00404573
                                    0x00404579
                                    0x00404580
                                    0x00404582
                                    0x00404582
                                    0x0040459e
                                    0x004045da
                                    0x00000000
                                    0x004045a0
                                    0x004045a3
                                    0x004045b7
                                    0x004045b9
                                    0x00000000
                                    0x004045b9
                                    0x0040453c
                                    0x00404540
                                    0x0040456f
                                    0x0040456f
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00404542
                                    0x00404542
                                    0x0040454f
                                    0x00404554
                                    0x00000000
                                    0x00000000
                                    0x00404558
                                    0x0040455a
                                    0x0040455a
                                    0x00404565
                                    0x00404568
                                    0x0040456d
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040456d
                                    0x004045c8
                                    0x004045cf
                                    0x004045d6
                                    0x004045dd
                                    0x004045dd
                                    0x004045e2
                                    0x004045e4
                                    0x004045ec
                                    0x004045f2
                                    0x004045f2
                                    0x004045f9
                                    0x00404602
                                    0x0040460c
                                    0x00404614
                                    0x0040462a
                                    0x00404616
                                    0x0040461a
                                    0x0040461a
                                    0x00404614
                                    0x0040462f
                                    0x00404634
                                    0x00404639
                                    0x00404642
                                    0x00404642
                                    0x0040464b
                                    0x0040464d
                                    0x0040464d
                                    0x00404659
                                    0x00404661
                                    0x0040466b
                                    0x0040466b
                                    0x00404670
                                    0x00000000
                                    0x00404670
                                    0x0040453a
                                    0x004044f4
                                    0x004044fb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004044fb
                                    0x0040441c
                                    0x00404422
                                    0x0040443c
                                    0x00404441
                                    0x0040444b
                                    0x00404452
                                    0x00404461
                                    0x00404464
                                    0x00404467
                                    0x0040446e
                                    0x00404476
                                    0x00404479
                                    0x0040447d
                                    0x00404484
                                    0x0040448c
                                    0x004044e4
                                    0x0040448e
                                    0x0040448f
                                    0x00404496
                                    0x0040449b
                                    0x004044a0
                                    0x004044a8
                                    0x004044b5
                                    0x004044c9
                                    0x004044cd
                                    0x004044cd
                                    0x004044c9
                                    0x004044d2
                                    0x004044dd
                                    0x004044dd
                                    0x0040448c
                                    0x00000000
                                    0x00404441
                                    0x0040442f
                                    0x00000000
                                    0x00000000
                                    0x00404435
                                    0x00000000
                                    0x0040439d
                                    0x0040439d
                                    0x004043a9
                                    0x004043b3
                                    0x004043c0
                                    0x004043c0
                                    0x004043c6
                                    0x004043cf
                                    0x004043d8
                                    0x004043db
                                    0x004043de
                                    0x004043e6
                                    0x004043e9
                                    0x004043ec
                                    0x004043f4
                                    0x004043fb
                                    0x00404402
                                    0x00404676
                                    0x00404688
                                    0x00404688
                                    0x0040440d
                                    0x00000000
                                    0x0040440d

                                    APIs
                                    • GetDlgItem.USER32 ref: 004043A2
                                    • SetWindowTextA.USER32(?,?), ref: 004043CF
                                    • SHBrowseForFolderA.SHELL32(?,0041F870,?), ref: 00404484
                                    • CoTaskMemFree.OLE32(00000000), ref: 0040448F
                                    • lstrcmpiA.KERNEL32(Remove folder: ,004204A0,00000000,?,?), ref: 004044C1
                                    • lstrcatA.KERNEL32(?,Remove folder: ), ref: 004044CD
                                    • SetDlgItemTextA.USER32 ref: 004044DD
                                      • Part of subcall function 0040540B: GetDlgItemTextA.USER32 ref: 0040541E
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                      • Part of subcall function 00405DC8: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                      • Part of subcall function 00405DC8: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                    • GetDiskFreeSpaceA.KERNEL32(0041F468,?,?,0000040F,?,0041F468,0041F468,?,00000000,0041F468,?,?,000003FB,?), ref: 00404596
                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004045B1
                                    • SetDlgItemTextA.USER32 ref: 0040462A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                    • String ID: A$C:\Program Files (x86)\Code Laboratories\CL-Eye Driver$Remove folder: $|qg
                                    • API String ID: 2246997448-2801715172
                                    • Opcode ID: 3cdee0d3b15a5f473c4b90c9f3f5b15abf96d87614e60a3eade95cc215b2791d
                                    • Instruction ID: fa341535892c43c3a67d7fcafb17cb6574160925603278dae289bcadb551eaae
                                    • Opcode Fuzzy Hash: 3cdee0d3b15a5f473c4b90c9f3f5b15abf96d87614e60a3eade95cc215b2791d
                                    • Instruction Fuzzy Hash: 2D9170B1900218BBDB11AFA1CD84AAF7BB8EF45314F10847BF704B6291D77C9A41DB59
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004058B4, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 93%
                                    			E004058B4() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405E88(1);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423f30 =  *0x423f30 + 1;
						return _t20;
					}
				}
				 *0x422630 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x4220a8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421ca8, "%s=%s\r\n", 0x422630, 0x4220a8);
						_t18 =  *0x423eb0; // 0x676fd0
						_t56 = _t55 + 0x10;
						E00405B88(_t43, 0x400, 0x4220a8, 0x4220a8,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040583D(0x4220a8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057B2(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057B2(_t26 + 0xa, 0x409350);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E004057FE(_t51 + _t29, 0x421ca8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B66(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040583D(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x422630, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                    0x004058ba
                                    0x004058c1
                                    0x004058c5
                                    0x004058ce
                                    0x004058d2
                                    0x00405a11
                                    0x00405a11
                                    0x00000000
                                    0x00405a11
                                    0x004058d2
                                    0x004058de
                                    0x004058f4
                                    0x0040591c
                                    0x00405927
                                    0x0040592b
                                    0x0040594b
                                    0x0040594d
                                    0x00405952
                                    0x0040595c
                                    0x00405969
                                    0x0040596e
                                    0x00405973
                                    0x00405977
                                    0x00000000
                                    0x00000000
                                    0x00405986
                                    0x00405988
                                    0x00405995
                                    0x00405999
                                    0x00405a0a
                                    0x00405a0b
                                    0x00000000
                                    0x004059b5
                                    0x004059c2
                                    0x00405a27
                                    0x00405a2e
                                    0x004059d5
                                    0x004059d5
                                    0x004059d7
                                    0x004059e0
                                    0x004059eb
                                    0x004059fd
                                    0x00405a04
                                    0x00000000
                                    0x00405a04
                                    0x00405a30
                                    0x00405a31
                                    0x00405a36
                                    0x00405a38
                                    0x00405a45
                                    0x00405a45
                                    0x00405a49
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405a3a
                                    0x00405a3a
                                    0x00405a3d
                                    0x00405a40
                                    0x00405a41
                                    0x00000000
                                    0x00405a3a
                                    0x004059cd
                                    0x004059d2
                                    0x00000000
                                    0x004059d2
                                    0x00405999
                                    0x004058f6
                                    0x00405901
                                    0x0040590a
                                    0x0040590e
                                    0x00000000
                                    0x00000000
                                    0x0040590e
                                    0x00405a1b

                                    APIs
                                      • Part of subcall function 00405E88: GetModuleHandleA.KERNEL32(?,?,00000000,0040327F,00000008), ref: 00405E9A
                                      • Part of subcall function 00405E88: LoadLibraryA.KERNELBASE(?,?,00000000,0040327F,00000008), ref: 00405EA5
                                      • Part of subcall function 00405E88: GetProcAddress.KERNEL32(00000000,?), ref: 00405EB6
                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405649,?,00000000,000000F1,?), ref: 00405901
                                    • GetShortPathNameA.KERNEL32(?,00422630,00000400), ref: 0040590A
                                    • GetShortPathNameA.KERNEL32(00000000,004220A8,00000400), ref: 00405927
                                    • wsprintfA.USER32 ref: 00405945
                                    • GetFileSize.KERNEL32(00000000,00000000,004220A8,C0000000,00000004,004220A8,?,?,?,00000000,000000F1,?), ref: 00405980
                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 0040598F
                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004059A5
                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA8,00000000,-0000000A,00409350,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004059EB
                                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004059FD
                                    • GlobalFree.KERNEL32 ref: 00405A04
                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A0B
                                      • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                      • Part of subcall function 004057B2: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                    • String ID: %s=%s$0&B$[Rename]
                                    • API String ID: 3772915668-951905037
                                    • Opcode ID: 05dc510c935a9252d183404297d509aa55311242524adffaf7837e6f51b89b1c
                                    • Instruction ID: 8912a0e40cac8f66f34925055924fb713260e7a12edb00ecfb1cfbef244c1689
                                    • Opcode Fuzzy Hash: 05dc510c935a9252d183404297d509aa55311242524adffaf7837e6f51b89b1c
                                    • Instruction Fuzzy Hash: D9411332B05B11BBD3216B61AD88F6B3A5CDB84715F140136FE05F22C2E678A801CEBD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405DC8, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00405DC8(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056C6(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E00405684("*?|<>/\":", _t5))) == 0) {
							E004057FE(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                    0x00405dca
                                    0x00405dd2
                                    0x00405de6
                                    0x00405de6
                                    0x00405dec
                                    0x00405df9
                                    0x00405df9
                                    0x00405dfa
                                    0x00405dfc
                                    0x00405e00
                                    0x00405e02
                                    0x00405e0b
                                    0x00405e0d
                                    0x00405e27
                                    0x00405e2f
                                    0x00405e2f
                                    0x00405e34
                                    0x00405e36
                                    0x00405e38
                                    0x00405e3c
                                    0x00405e3d
                                    0x00405e40
                                    0x00405e48
                                    0x00405e4a
                                    0x00405e4e
                                    0x00000000
                                    0x00000000
                                    0x00405e54
                                    0x00405e59
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00405e59
                                    0x00405e5e

                                    APIs
                                    • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E20
                                    • CharNextA.USER32(?,?,?,00000000), ref: 00405E2D
                                    • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E32
                                    • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,C:\Users\user\AppData\Local\Temp\,00000000,00403214,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405E42
                                    Strings
                                    • "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install, xrefs: 00405DCE
                                    • *?|<>/":, xrefs: 00405E10
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DC9, 00405E04
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Char$Next$Prev
                                    • String ID: "C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                    • API String ID: 589700163-1429231952
                                    • Opcode ID: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                    • Instruction ID: 3b6179abbfe29fc78842bf11aa846075366cc437f950451d76d565b88bc2b460
                                    • Opcode Fuzzy Hash: d60fa47d96b079028a76cfcdb2d30976ede71f36b1f4f1e1bc9c50cb25bd2be5
                                    • Instruction Fuzzy Hash: A0110861805B9129EB3227284C48BBB7F89CF66754F18447FD8C4722C2C67C5D429FAD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403F7F, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00403F7F(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                    0x00403f91
                                    0x00404025
                                    0x00000000
                                    0x00404025
                                    0x00403fa2
                                    0x00403fa6
                                    0x00000000
                                    0x00000000
                                    0x00403fac
                                    0x00403fb5
                                    0x00403fb8
                                    0x00403fb8
                                    0x00403fbe
                                    0x00403fc4
                                    0x00403fc4
                                    0x00403fd0
                                    0x00403fd6
                                    0x00403fdd
                                    0x00403fe0
                                    0x00403fe3
                                    0x00403fe5
                                    0x00403fe5
                                    0x00403fed
                                    0x00403ff3
                                    0x00403ff3
                                    0x00403ffd
                                    0x00404002
                                    0x00404005
                                    0x0040400a
                                    0x0040400d
                                    0x0040400d
                                    0x0040401d
                                    0x0040401d
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                    • String ID:
                                    • API String ID: 2320649405-0
                                    • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                    • Instruction ID: 4cc26f8bf5fc777f430f8318c3ba194748f169832e683f7fcd21add738ba3f9d
                                    • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                    • Instruction Fuzzy Hash: C221C371904705ABCB209F78DD08B4BBBF8AF40711F048A29F992F26E0C738E904CB55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402BD3, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00402BD3(intOrPtr _a4) {
				char _v68;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x41704c; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x41704c = 0;
					return _t15;
				}
				__eflags =  *0x41704c; // 0x0
				if(__eflags != 0) {
					return E00405EC1(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x423eac;
				if(_t6 >  *0x423eac) {
					__eflags =  *0x423ea8; // 0x0
					if(__eflags == 0) {
						_t7 = CreateDialogParamA( *0x423ea0, 0x6f, 0, E00402B3B, 0);
						 *0x41704c = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x423f54 & 0x00000001;
					if(( *0x423f54 & 0x00000001) != 0) {
						wsprintfA( &_v68, "... %d%%", E00402BB7());
						return E00404F04(0,  &_v68);
					}
				}
				return _t6;
			}







                                    0x00402bdf
                                    0x00402be1
                                    0x00402be8
                                    0x00402beb
                                    0x00402beb
                                    0x00402bf1
                                    0x00000000
                                    0x00402bf1
                                    0x00402bf9
                                    0x00402bff
                                    0x00000000
                                    0x00402c02
                                    0x00402c09
                                    0x00402c0f
                                    0x00402c15
                                    0x00402c17
                                    0x00402c1d
                                    0x00402c5b
                                    0x00402c64
                                    0x00000000
                                    0x00402c69
                                    0x00402c1f
                                    0x00402c26
                                    0x00402c37
                                    0x00000000
                                    0x00402c45
                                    0x00402c26
                                    0x00402c71

                                    APIs
                                    • DestroyWindow.USER32(00000000,00000000), ref: 00402BEB
                                    • GetTickCount.KERNEL32 ref: 00402C09
                                    • wsprintfA.USER32 ref: 00402C37
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000,?), ref: 00404F3D
                                      • Part of subcall function 00404F04: lstrlenA.KERNEL32(00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C4A,00000000), ref: 00404F4D
                                      • Part of subcall function 00404F04: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00402C4A,00402C4A,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,00000000,00000000,00000000), ref: 00404F60
                                      • Part of subcall function 00404F04: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\), ref: 00404F72
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F98
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FB2
                                      • Part of subcall function 00404F04: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FC0
                                    • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C5B
                                    • ShowWindow.USER32(00000000,00000005), ref: 00402C69
                                      • Part of subcall function 00402BB7: MulDiv.KERNEL32(0002F569,00000064,0002FC52), ref: 00402BCC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                    • String ID: ... %d%%
                                    • API String ID: 722711167-2449383134
                                    • Opcode ID: 17bdaf27663d9d1b2b81c0b918eaf4f945a095ba4556a5c22c1c6286d7ec1668
                                    • Instruction ID: c44cf6bb529b7c61e0c77009ed50883557557090b8ffabf6f859222ef57aaf40
                                    • Opcode Fuzzy Hash: 17bdaf27663d9d1b2b81c0b918eaf4f945a095ba4556a5c22c1c6286d7ec1668
                                    • Instruction Fuzzy Hash: C6016170949210EBD7215F61EE4DA9F7B78AB04701B14403BF502B11E5C6BC9A01CBAE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004047D3, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004047D3(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                    0x004047e1
                                    0x004047ee
                                    0x004047f4
                                    0x00404832
                                    0x00404832
                                    0x00404841
                                    0x00404848
                                    0x00000000
                                    0x0040484a
                                    0x004047f6
                                    0x00404805
                                    0x0040480d
                                    0x00404810
                                    0x00404822
                                    0x00404828
                                    0x0040482f
                                    0x00000000
                                    0x0040482f
                                    0x00000000

                                    APIs
                                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004047EE
                                    • GetMessagePos.USER32 ref: 004047F6
                                    • ScreenToClient.USER32 ref: 00404810
                                    • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404822
                                    • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404848
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Message$Send$ClientScreen
                                    • String ID: f
                                    • API String ID: 41195575-1993550816
                                    • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                    • Instruction ID: 01d6173a61c3c3b4b037133c9a52f1e04ee3049876a8ff08b59bebc5d15cf036
                                    • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                    • Instruction Fuzzy Hash: BA018075D40218BADB00DB94CC41BFEBBBCAB55711F10412ABB00B61C0C3B46501CB95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00402B3B, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00402B3B(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				void* _t11;
				CHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00402BB7();
					_t19 = "unpacking data: %d%%";
					if( *0x423eb0 == 0) {
						_t19 = "verifying installer: %d%%";
					}
					wsprintfA( &_v68, _t19, _t11);
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                    0x00402b48
                                    0x00402b56
                                    0x00402b5c
                                    0x00402b5c
                                    0x00402b6a
                                    0x00402b6c
                                    0x00402b78
                                    0x00402b7d
                                    0x00402b7f
                                    0x00402b7f
                                    0x00402b8a
                                    0x00402b9a
                                    0x00402bac
                                    0x00402bac
                                    0x00402bb4

                                    APIs
                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                    • wsprintfA.USER32 ref: 00402B8A
                                    • SetWindowTextA.USER32(?,?), ref: 00402B9A
                                    • SetDlgItemTextA.USER32 ref: 00402BAC
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Text$ItemTimerWindowwsprintf
                                    • String ID: unpacking data: %d%%$verifying installer: %d%%
                                    • API String ID: 1451636040-1158693248
                                    • Opcode ID: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                    • Instruction ID: 39266fd7d8b3d51d4259f470751267aa52f8e49dbca779dff7f29341b6a717b4
                                    • Opcode Fuzzy Hash: a19141f3df1e0a3c8b8c2abcbd515ef60a2dd56e778219f0b9cb34bd20a9fb2d
                                    • Instruction Fuzzy Hash: AFF03671900109ABEF255F51DD0ABEE3779FB00305F008036FA05B51D1D7F9AA559F99
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00403978, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00403978(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405ADD(__ecx, "1033");
				while(1) {
					_t26 =  *0x423ee4; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423eb0; // 0x676fd0
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423ee0;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423680 = _t18[1];
					 *0x423f48 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42367c = _t23;
						E00405AC4(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420478, E00405B88(_t13, _t24, _t26, "CL-Eye Driver Setup", 0xfffffffe));
						_t11 =  *0x423ecc; // 0x3
						_t27 =  *0x423ec8; // 0x67723c
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x677254
								_t11 = E00405B88(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                    0x0040397c
                                    0x00403981
                                    0x00403987
                                    0x0040398c
                                    0x0040398c
                                    0x00403994
                                    0x00000000
                                    0x00000000
                                    0x00403996
                                    0x0040399c
                                    0x004039a4
                                    0x004039a6
                                    0x004039ac
                                    0x004039ac
                                    0x004039ae
                                    0x004039ba
                                    0x00000000
                                    0x00000000
                                    0x004039be
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004039c0
                                    0x004039c5
                                    0x004039ce
                                    0x004039d4
                                    0x004039d9
                                    0x004039ed
                                    0x004039f8
                                    0x00403a10
                                    0x00403a16
                                    0x00403a1b
                                    0x00403a23
                                    0x00403a44
                                    0x00403a44
                                    0x00403a44
                                    0x00403a25
                                    0x00403a27
                                    0x00403a27
                                    0x00403a2b
                                    0x00403a2e
                                    0x00403a32
                                    0x00403a32
                                    0x00403a37
                                    0x00403a3d
                                    0x00403a3d
                                    0x00000000
                                    0x00403a27
                                    0x004039db
                                    0x004039e0
                                    0x004039e9
                                    0x004039e2
                                    0x004039e2
                                    0x004039e2
                                    0x004039e0

                                    APIs
                                    • SetWindowTextA.USER32(00000000,CL-Eye Driver Setup), ref: 00403A10
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: TextWindow
                                    • String ID: 1033$<rg$C:\Users\user\AppData\Local\Temp\$CL-Eye Driver Setup
                                    • API String ID: 530164218-3001107171
                                    • Opcode ID: 3de9c273dcbb814963b36f795d2ecfd45048fc62fbd5e49154c857ec1ced3a84
                                    • Instruction ID: 09623374405f0611f065d620c03919b516a5f167df25bc0d5edc66fe9dc562c0
                                    • Opcode Fuzzy Hash: 3de9c273dcbb814963b36f795d2ecfd45048fc62fbd5e49154c857ec1ced3a84
                                    • Instruction Fuzzy Hash: F611C2B1B005109BC730DF15D880A73767DEB84716369413BE94167391C77EAE028E58
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401D1B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 67%
                                    			E00401D1B() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 0x34)), 0x5a);
				0x40af74->lfHeight =  ~(MulDiv(E004029D9(2), _t6, 0x48));
				 *0x40af84 = E004029D9(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x14));
				 *0x40af8b = 1;
				 *0x40af88 = _t11 & 0x00000001;
				 *0x40af89 = _t11 & 0x00000002;
				 *0x40af8a = _t11 & 0x00000004;
				E00405B88(_t18, _t24, _t26, "MS Shell Dlg",  *((intOrPtr*)(_t28 - 0x20)));
				_t14 = CreateFontIndirectA(0x40af74);
				_push(_t14);
				_push(_t26);
				E00405AC4();
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                    0x00401d29
                                    0x00401d42
                                    0x00401d4c
                                    0x00401d51
                                    0x00401d5c
                                    0x00401d63
                                    0x00401d75
                                    0x00401d7b
                                    0x00401d80
                                    0x00401d8a
                                    0x004024b8
                                    0x00401561
                                    0x00402833
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • GetDC.USER32(?), ref: 00401D22
                                    • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                    • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                    • CreateFontIndirectA.GDI32(0040AF74), ref: 00401D8A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CapsCreateDeviceFontIndirect
                                    • String ID: MS Shell Dlg
                                    • API String ID: 3272661963-76309092
                                    • Opcode ID: 65d6d6c3eade4a3ebb09d4d6b1d43c63415d6ff7796dc61260d2c7023a1fee7c
                                    • Instruction ID: d83410998d1654a5337f8c322709d39cf2ce3a8a4f0330bc6585c9693e616625
                                    • Opcode Fuzzy Hash: 65d6d6c3eade4a3ebb09d4d6b1d43c63415d6ff7796dc61260d2c7023a1fee7c
                                    • Instruction Fuzzy Hash: E1F044F1A45342AEE7016770AE0ABA93B649725306F100576F541BA1E2C5BC10149B7F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004046F1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 51%
                                    			E004046F1(int _a4, intOrPtr _a8, unsigned int _a12) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t26;
				void* _t34;
				signed int _t36;
				signed int _t39;
				unsigned int _t46;

				_t46 = _a12;
				_push(0x14);
				_pop(0);
				_t34 = 0xffffffdc;
				if(_t46 < 0x100000) {
					_push(0xa);
					_pop(0);
					_t34 = 0xffffffdd;
				}
				if(_t46 < 0x400) {
					_t34 = 0xffffffde;
				}
				if(_t46 < 0xffff3333) {
					_t39 = 0x14;
					asm("cdq");
					_t46 = _t46 + 1 / _t39;
				}
				_push(E00405B88(_t34, 0, _t46,  &_v36, 0xffffffdf));
				_push(E00405B88(_t34, 0, _t46,  &_v68, _t34));
				_t21 = _t46 & 0x00ffffff;
				_t36 = 0xa;
				_push(((_t46 & 0x00ffffff) + _t21 * 4 + (_t46 & 0x00ffffff) + _t21 * 4 >> 0) % _t36);
				_push(_t46 >> 0);
				_t26 = E00405B88(_t34, 0, 0x4204a0, 0x4204a0, _a8);
				wsprintfA(_t26 + lstrlenA(0x4204a0), "%u.%u%s%s");
				return SetDlgItemTextA( *0x423678, _a4, 0x4204a0);
			}













                                    0x004046f9
                                    0x004046fd
                                    0x00404705
                                    0x00404708
                                    0x00404709
                                    0x0040470b
                                    0x0040470d
                                    0x00404710
                                    0x00404710
                                    0x00404717
                                    0x0040471d
                                    0x0040471d
                                    0x00404724
                                    0x0040472f
                                    0x00404730
                                    0x00404733
                                    0x00404733
                                    0x00404740
                                    0x0040474b
                                    0x0040474e
                                    0x00404760
                                    0x00404767
                                    0x00404768
                                    0x00404777
                                    0x00404787
                                    0x004047a3

                                    APIs
                                    • lstrlenA.KERNEL32(004204A0,004204A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404611,000000DF,0000040F,00000400,00000000), ref: 0040477F
                                    • wsprintfA.USER32 ref: 00404787
                                    • SetDlgItemTextA.USER32 ref: 0040479A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: ItemTextlstrlenwsprintf
                                    • String ID: %u.%u%s%s
                                    • API String ID: 3540041739-3551169577
                                    • Opcode ID: c1bf9231fe92aebf28e2bf8449a75e77e369f05ec6904c2f29ee4e7a53275fee
                                    • Instruction ID: e1128f73888b2767c9277aed1687fd20c93e739cc52df1aac9c0a45a5a8dde9d
                                    • Opcode Fuzzy Hash: c1bf9231fe92aebf28e2bf8449a75e77e369f05ec6904c2f29ee4e7a53275fee
                                    • Instruction Fuzzy Hash: 7311E2736001243BDB10666D9C46EEF3699DBC6335F14423BFA25F61D1E938AC5286A8
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004053C6, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004053C6(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x4224a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x4224a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                    0x004053cf
                                    0x004053eb
                                    0x004053f3
                                    0x004053f8
                                    0x00000000
                                    0x004053fe
                                    0x00405402

                                    APIs
                                    • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A8,Error launching installer), ref: 004053EB
                                    • CloseHandle.KERNEL32(?), ref: 004053F8
                                    Strings
                                    • Error launching installer, xrefs: 004053D9
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004053C6
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CloseCreateHandleProcess
                                    • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                    • API String ID: 3712363035-1785902839
                                    • Opcode ID: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                    • Instruction ID: 069b69ca15cd8b990da55ccc95fe3be7356009797bdfa18ab8f6d6c8c96e71ef
                                    • Opcode Fuzzy Hash: 3b814a6f076d0ba9038e170a1e0f3647fdefee354992cb10a65e7e77ca0a2381
                                    • Instruction Fuzzy Hash: A3E0ECB4A00219BFDB00AF64ED49AAB7BBDEB00305F90C522A911E2150D775D8118AB9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00405659, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00405659(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                    0x0040565a
                                    0x00405671
                                    0x00405679
                                    0x00405679
                                    0x00405681

                                    APIs
                                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 0040565F
                                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403226,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403386), ref: 00405668
                                    • lstrcatA.KERNEL32(?,00409010), ref: 00405679
                                    Strings
                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405659
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharPrevlstrcatlstrlen
                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                    • API String ID: 2659869361-3081826266
                                    • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                    • Instruction ID: d5422d5486d5b384c4dcc02911800b35c31fcf4388d9dde419d5dff5703c7688
                                    • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                    • Instruction Fuzzy Hash: 8BD05272605A202ED2022A258C05E9B7A28CF06311B044866B540B2292C6386D818AEE
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00401EC5, Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 85%
                                    			E00401EC5(char __ebx, char* __edi, char* __esi) {
				char* _t18;
				int _t19;
				void* _t30;

				_t18 = E004029F6(0xffffffee);
				 *(_t30 - 0x2c) = _t18;
				_t19 = GetFileVersionInfoSizeA(_t18, _t30 - 0x30);
				 *__esi = __ebx;
				 *(_t30 - 8) = _t19;
				 *__edi = __ebx;
				 *((intOrPtr*)(_t30 - 4)) = 1;
				if(_t19 != __ebx) {
					__eax = GlobalAlloc(0x40, __eax);
					 *(__ebp + 8) = __eax;
					if(__eax != __ebx) {
						if(__eax != 0) {
							__ebp - 0x44 = __ebp - 0x34;
							if(VerQueryValueA( *(__ebp + 8), 0x409010, __ebp - 0x34, __ebp - 0x44) != 0) {
								 *(__ebp - 0x34) = E00405AC4(__esi,  *((intOrPtr*)( *(__ebp - 0x34) + 8)));
								 *(__ebp - 0x34) = E00405AC4(__edi,  *((intOrPtr*)( *(__ebp - 0x34) + 0xc)));
								 *((intOrPtr*)(__ebp - 4)) = __ebx;
							}
						}
						_push( *(__ebp + 8));
						GlobalFree();
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t30 - 4));
				return 0;
			}






                                    0x00401ec7
                                    0x00401ecf
                                    0x00401ed4
                                    0x00401ed9
                                    0x00401edd
                                    0x00401ee0
                                    0x00401ee2
                                    0x00401ee9
                                    0x00401ef2
                                    0x00401efa
                                    0x00401efd
                                    0x00401f12
                                    0x00401f18
                                    0x00401f2b
                                    0x00401f34
                                    0x00401f40
                                    0x00401f45
                                    0x00401f45
                                    0x00401f2b
                                    0x00401f48
                                    0x00401b75
                                    0x00401b75
                                    0x00401efd
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                    • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                    • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                      • Part of subcall function 00405AC4: wsprintfA.USER32 ref: 00405AD1
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                    • String ID:
                                    • API String ID: 1404258612-0
                                    • Opcode ID: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                    • Instruction ID: 178fa6cf4330108057832d0c189c0e5a27020503733a18e797ef1cc5e9d7aef6
                                    • Opcode Fuzzy Hash: be50ba22476c795dccddfbd46c0b19e6aec7ed87346bdfd2eed6167faf837e67
                                    • Instruction Fuzzy Hash: 52113A71A00108BEDB01EFA5DD819AEBBB9EB48344B20853AF501F61E1D7389A54DB28
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004056ED, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004056ED(CHAR* _a4) {
				CHAR* _t3;
				char* _t5;
				CHAR* _t7;
				CHAR* _t8;
				void* _t10;

				_t8 = _a4;
				_t7 = CharNextA(_t8);
				_t3 = CharNextA(_t7);
				if( *_t8 == 0 ||  *_t7 != 0x5c3a) {
					if( *_t8 != 0x5c5c) {
						L8:
						return 0;
					}
					_t10 = 2;
					while(1) {
						_t10 = _t10 - 1;
						_t5 = E00405684(_t3, 0x5c);
						if( *_t5 == 0) {
							goto L8;
						}
						_t3 = _t5 + 1;
						if(_t10 != 0) {
							continue;
						}
						return _t3;
					}
					goto L8;
				} else {
					return CharNextA(_t3);
				}
			}








                                    0x004056f6
                                    0x004056fd
                                    0x00405700
                                    0x00405705
                                    0x00405718
                                    0x00405732
                                    0x00000000
                                    0x00405732
                                    0x0040571c
                                    0x0040571d
                                    0x00405720
                                    0x00405721
                                    0x00405729
                                    0x00000000
                                    0x00000000
                                    0x0040572b
                                    0x0040572e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0040572e
                                    0x00000000
                                    0x0040570e
                                    0x00000000
                                    0x0040570f

                                    APIs
                                    • CharNextA.USER32(0040549F,?,C:\,00000000,00405751,C:\,C:\,?,?,73BCF560,0040549F,?,"C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe" /install,73BCF560), ref: 004056FB
                                    • CharNextA.USER32(00000000), ref: 00405700
                                    • CharNextA.USER32(00000000), ref: 0040570F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharNext
                                    • String ID: C:\
                                    • API String ID: 3213498283-3404278061
                                    • Opcode ID: 48d170df000bd52d6530e74bc6e21c30bbb8ee0efc11f7a91444a9d932de86af
                                    • Instruction ID: 78d2da9fff81111ace552b99da8146ab0c55ee08e32a6a48318d29482ea338b5
                                    • Opcode Fuzzy Hash: 48d170df000bd52d6530e74bc6e21c30bbb8ee0efc11f7a91444a9d932de86af
                                    • Instruction Fuzzy Hash: 5AF0A751945A219AEB3262AC4C44B7B5B9CDB95720F144437E100BB1D1C6BC4C82AFAA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00404E54, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00404E54(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420488 != _t22) {
							 *0x420488 = _t22;
							E00405B66(0x4204a0, 0x424000);
							E00405AC4(0x424000, _t22);
							E0040140B(6);
							E00405B66(0x424000, 0x4204a0);
						}
						L11:
						return CallWindowProcA( *0x420490, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E004047D3(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403F64(0x413);
				return 0;
			}




                                    0x00404e60
                                    0x00404e85
                                    0x00404ea5
                                    0x00404ea8
                                    0x00404eab
                                    0x00404ec2
                                    0x00404ec8
                                    0x00404ecf
                                    0x00404ed6
                                    0x00404edd
                                    0x00404ee2
                                    0x00404ee8
                                    0x00000000
                                    0x00404ef8
                                    0x00404e92
                                    0x00404ee5
                                    0x00404ee5
                                    0x00000000
                                    0x00404ee5
                                    0x00404e9e
                                    0x00404ea0
                                    0x00000000
                                    0x00404ea0
                                    0x00404e66
                                    0x00000000
                                    0x00000000
                                    0x00404e6d
                                    0x00000000

                                    APIs
                                    • IsWindowVisible.USER32(?), ref: 00404E8A
                                    • CallWindowProcA.USER32 ref: 00404EF8
                                      • Part of subcall function 00403F64: SendMessageA.USER32(000B040E,00000000,00000000,00000000), ref: 00403F76
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: Window$CallMessageProcSendVisible
                                    • String ID:
                                    • API String ID: 3748168415-3916222277
                                    • Opcode ID: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                    • Instruction ID: 62f3a1a08e098275047049d4f9968a6b4933f6b7f921e7009373277d82a30415
                                    • Opcode Fuzzy Hash: 1a28ca64547386e1a64dd11c64f6ae458e1df03769ff3acb3952d776ac0a4b66
                                    • Instruction Fuzzy Hash: D1116D71900208BBDB21AF52DC4499B3669FB84369F00803BF6047A2E2C37C5A519BAD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004024BE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004024BE(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x1c)) == __ebx) {
					_t7 = lstrlenA(E004029F6(0x11));
				} else {
					E004029D9(1);
					 *0x409f70 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405ADD(_t17 + 8, _t15), "C:\Users\jones\AppData\Local\Temp\nsz8F4D.tmp\System.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423f28 =  *0x423f28 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                    0x004024be
                                    0x004024be
                                    0x004024c1
                                    0x004024dc
                                    0x004024c3
                                    0x004024c5
                                    0x004024ca
                                    0x004024d1
                                    0x004024e3
                                    0x0040265c
                                    0x0040265c
                                    0x004024e9
                                    0x004024fb
                                    0x004015a6
                                    0x004015a8
                                    0x00000000
                                    0x004015ae
                                    0x004015a8
                                    0x0040288e
                                    0x0040289a

                                    APIs
                                    • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                    • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                    Strings
                                    • C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\System.dll, xrefs: 004024CA, 004024EF
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: FileWritelstrlen
                                    • String ID: C:\Users\user\AppData\Local\Temp\nsz8F4D.tmp\System.dll
                                    • API String ID: 427699356-117184085
                                    • Opcode ID: aeb33319f1ae75ac5a293ebd3faabad394e91247697e6cefe37e7ee81cc22ed1
                                    • Instruction ID: 2c1f07a632d72534084a5ac00d75746702f795d1104bf50e8da4b719a2e94720
                                    • Opcode Fuzzy Hash: aeb33319f1ae75ac5a293ebd3faabad394e91247697e6cefe37e7ee81cc22ed1
                                    • Instruction Fuzzy Hash: BCF08972A44245FFD710EBB19E49EAF7668DB00348F14443BB142F51C2D6FC5982976D
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004056A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004056A0(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                    0x004056a1
                                    0x004056ab
                                    0x004056ad
                                    0x004056b4
                                    0x004056bc
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004056bc
                                    0x004056be
                                    0x004056c3

                                    APIs
                                    • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,80000000,00000003), ref: 004056A6
                                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CDE,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,C:\Users\user\Desktop\CL-Eye-Driver-5.3.0.0341-Emuline.exe,80000000,00000003), ref: 004056B4
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: CharPrevlstrlen
                                    • String ID: C:\Users\user\Desktop
                                    • API String ID: 2709904686-224404859
                                    • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                    • Instruction ID: 6658d1b0ab05e5211e75f0b74aef41c49d7b43cb9628f8e009f88ad9fa15a52a
                                    • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                    • Instruction Fuzzy Hash: C5D0A772409DB02EF30352108C04B8F7A98CF17300F0948A2E440E21D0C27C5C818FFD
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004057B2, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004057B2(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                    0x004057be
                                    0x004057c0
                                    0x004057e8
                                    0x004057cd
                                    0x004057d2
                                    0x004057dd
                                    0x00000000
                                    0x004057fa
                                    0x004057e6
                                    0x004057e6
                                    0x00000000

                                    APIs
                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057B9
                                    • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057D2
                                    • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004057E0
                                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059C0,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057E9
                                    Memory Dump Source
                                    • Source File: 00000001.00000002.779748392.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                    • Associated: 00000001.00000002.779739344.0000000000400000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779763734.0000000000407000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779771902.0000000000409000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779792450.0000000000421000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779803705.0000000000428000.00000004.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779815023.0000000000436000.00000002.00020000.sdmp Download File
                                    • Associated: 00000001.00000002.779824324.000000000043C000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_1_2_400000_CL-Eye-Driver-5.jbxd
                                    Similarity
                                    • API ID: lstrlen$CharNextlstrcmpi
                                    • String ID:
                                    • API String ID: 190613189-0
                                    • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                    • Instruction ID: 042c172281cf084eebf1820456e7eb749b121a10276c912c68532230cfd8689c
                                    • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                    • Instruction Fuzzy Hash: BBF0A736249D51DBC2029B295C44E6FBEA4EF95355F14057EF440F3180D335AC11ABBB
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Analysis Process: CertMgr.exe PID: 2108 Parent PID: 6764 CertMgr.exeCOMMON

                                    Executed Functions

                                    Function 00467E7F, Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 226encryptionmemoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 128 467e7f-467eb2 HeapSetInformation call 4617f3 131 4680ec 128->131 132 467eb8-467ed5 LoadStringW 128->132 133 4680f1-4680f7 call 468f8e 131->133 132->131 134 467edb-467eef LoadStringW 132->134 138 4680fc-4680fd 133->138 134->131 136 467ef5-467f0e LoadStringA 134->136 136->131 137 467f14-467f29 LoadStringW 136->137 137->131 139 467f2f-467f44 LoadStringW 137->139 140 4680fe-468108 138->140 139->131 141 467f4a-467f62 LoadStringW 139->141 142 468110-468117 140->142 143 46810a-46810b call 468f35 140->143 141->131 144 467f68-467f6c 141->144 146 46811f-468126 142->146 147 468119-46811a call 468f35 142->147 143->142 148 467fde-467fe1 144->148 149 467f6e-467f7f CryptUIDlgCertMgr 144->149 151 46812e-468135 146->151 152 468128-468129 call 468f35 146->152 147->146 153 467f92-467fa1 148->153 154 467fe3-467fea call 463822 148->154 155 467f84-467f8d 149->155 157 468137-468138 CryptMsgClose 151->157 158 46813e-468142 151->158 152->151 160 467fa3-467fa7 153->160 161 467fca-467fd9 call 4634b4 153->161 170 467fec-467ff1 call 461864 154->170 171 468009-468034 call 464b58 154->171 155->133 157->158 162 468144-468149 CertCloseStore 158->162 163 46814f-46815d call 4686c7 158->163 160->161 166 467fa9-467fb0 160->166 174 467ff6-467ffd 161->174 175 467fdb 161->175 162->163 172 467fb2-467fb7 166->172 173 467fb9-467fc6 call 462675 166->173 170->140 183 468036-46803b 171->183 184 46803d-46804a 171->184 172->148 173->170 186 467fc8 173->186 174->170 180 467fff-468004 call 461a02 174->180 175->148 180->140 187 46805f-46806c call 468f8e 183->187 188 46806e-468071 184->188 189 46804c-46804f 184->189 186->148 187->131 193 4680a5-4680ac 188->193 194 468073-468075 188->194 189->188 191 468051-468058 189->191 191->188 195 46805a 191->195 196 4680ae-4680b8 call 467934 193->196 197 4680ba-4680c1 193->197 199 468087-468091 call 466d37 194->199 200 468077-468085 call 46644e 194->200 195->187 196->131 196->197 202 4680c3-4680c6 call 466f07 197->202 203 4680cf-4680d6 197->203 199->131 211 468093-4680a4 call 468f8e 199->211 200->131 200->199 212 4680cb-4680cd 202->212 203->155 208 4680dc-4680e6 call 4673e5 203->208 208->131 208->155 211->193 212->131 212->203
                                    C-Code - Quality: 50%
                                    			E00467E7F(void* __ebx, void* __edx, void* __edi, void* __esi, char _a4, signed short** _a8) {
				signed int _v8;
				short _v28;
				short _v48;
				char _v52;
				signed int _v56;
				signed short** _v60;
				int _v80;
				signed int _t41;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				signed short* _t63;
				void* _t71;
				intOrPtr _t72;
				void* _t74;
				void* _t84;
				int _t85;
				int _t86;
				signed int _t87;
				signed char _t92;
				void* _t97;
				signed short** _t99;
				void* _t100;
				void* _t103;
				signed int _t105;

				_t97 = __edx;
				_t41 =  *0x46a078; // 0x4cbb1deb
				_v8 = _t41 ^ _t105;
				_v56 = _v56 | 0xffffffff;
				_t99 = _a8;
				_v52 = 0;
				__imp__HeapSetInformation(0, 1, 0, 0, __edi, __esi, __ebx);
				if(E004617F3() == 0) {
					L41:
					_push(0x1773);
					goto L42;
				} else {
					_t85 = 0xa;
					if(LoadStringW( *0x46a7f8, 0x17a2,  &_v48, _t85) == 0 || LoadStringW( *0x46a7f8, 0x17a3,  &_v28, _t85) == 0 || LoadStringA( *0x46a7f8, 0x1b58, "<NULL>", _t85) == 0 || LoadStringW( *0x46a7f8, 0x1b59, ?str?, _t85) == 0 || LoadStringW( *0x46a7f8, 0x1b5a, ?str?, _t85) == 0) {
						goto L41;
					} else {
						_t86 = 0x14;
						if(LoadStringW( *0x46a7f8, 0x1b5b, L"<UNKNOWN OID>", _t86) == 0) {
							goto L41;
						} else {
							if(_a4 != 1) {
								while(1) {
									_t20 =  &_a4;
									 *_t20 = _a4 - 1;
									if( *_t20 == 0) {
										break;
									}
									_t99 =  &(_t99[1]);
									_t63 =  *_t99;
									_t87 =  *_t63 & 0x0000ffff;
									_v60 = _t99;
									if(_t87 == _v48 || _t87 == _v28) {
										if(E004634B4( &_a4,  &_v60) == 0) {
											if( *0x46a830 != 1) {
												goto L20;
											} else {
												E00461A02();
											}
										} else {
											_t99 = _v60;
											continue;
										}
									} else {
										if( *0x46a83c != 0) {
											if(E00462675(0x46a84c, _t63) == 0) {
												L20:
												E00461864();
											} else {
												continue;
											}
										} else {
											 *0x46a83c = _t63;
											continue;
										}
									}
									goto L43;
								}
								if(E00463822() != 0) {
									_t71 = E00464B58( &_v52, _t87, _t97,  *0x46a83c,  *0x46a834,  *0x46a070,  *0x46a854,  *0x46a85c, 1,  &_v52); // executed
									if(_t71 != 0) {
										_t72 =  *0x46a820; // 0x0
										_t92 =  *0x46a7fc; // 0x2
										if(_t72 == 0 || (_t92 & 0x00000004) == 0 ||  *0x46a840 == 0) {
											if((_t92 & 0x00000001) == 0) {
												L35:
												if(( *0x46a7fc & 0x00000004) == 0 || E00467934(_t97, _v52) != 0) {
													if(( *0x46a7fc & 0x00000002) == 0) {
														L39:
														if(( *0x46a7fc & 0x00000008) == 0 || E004673E5(_t86, _t97, _v52) != 0) {
															goto L9;
														} else {
															goto L41;
														}
													} else {
														_t74 = E00466F07(_t86, _t97, _v52); // executed
														if(_t74 == 0) {
															goto L41;
														} else {
															goto L39;
														}
													}
												} else {
													goto L41;
												}
											} else {
												if(_t72 == 0 || E0046644E(_t97, _t72,  *0x46a800) != 0) {
													if(E00466D37(_t97, _v52) == 0) {
														goto L41;
													} else {
														_push(0x1c0b);
														_push( *0x46a7f8);
														E00468F8E();
														goto L35;
													}
												} else {
													goto L41;
												}
											}
										} else {
											_push(0x1c2b);
											goto L29;
										}
									} else {
										_push(0x17b0);
										L29:
										_push( *0x46a7f8);
										E00468F8E();
										goto L41;
									}
									goto L42;
								} else {
									goto L20;
								}
							} else {
								asm("stosd");
								asm("stosd");
								asm("stosd");
								asm("stosd");
								asm("stosd");
								_push( &_v80);
								_v80 = _t86;
								L0046931A();
								L9:
								_v56 = _v56 & 0x00000000;
								_push(0x1772);
								L42:
								_push( *0x46a7f8); // executed
								E00468F8E(); // executed
							}
						}
					}
				}
				L43:
				_t46 =  *0x46a854; // 0x0
				_pop(_t100);
				_pop(_t103);
				_pop(_t84);
				if(_t46 != 0) {
					E00468F35(_t46, _t46);
				}
				_t47 =  *0x46a864; // 0x0
				if(_t47 != 0) {
					E00468F35(_t47, _t47);
				}
				_t48 =  *0x46a814; // 0x0
				if(_t48 != 0) {
					E00468F35(_t48, _t48);
				}
				_t49 =  *0x46a820; // 0x0
				if(_t49 != 0) {
					__imp__CryptMsgClose(_t49);
				}
				if(_v52 != 0) {
					__imp__CertCloseStore(_v52, 0);
				}
				return E004686C7(_v56, _t84, _v8 ^ _t105, _t97, _t100, _t103);
			}





























                                    0x00467e7f
                                    0x00467e87
                                    0x00467e8e
                                    0x00467e91
                                    0x00467e98
                                    0x00467ea2
                                    0x00467ea5
                                    0x00467eb2
                                    0x004680ec
                                    0x004680ec
                                    0x00000000
                                    0x00467eb8
                                    0x00467ec0
                                    0x00467ed5
                                    0x00000000
                                    0x00467f4a
                                    0x00467f4c
                                    0x00467f62
                                    0x00000000
                                    0x00467f68
                                    0x00467f6c
                                    0x00467fde
                                    0x00467fde
                                    0x00467fde
                                    0x00467fe1
                                    0x00000000
                                    0x00000000
                                    0x00467f92
                                    0x00467f95
                                    0x00467f97
                                    0x00467f9a
                                    0x00467fa1
                                    0x00467fd9
                                    0x00467ffd
                                    0x00000000
                                    0x00467fff
                                    0x00467fff
                                    0x00467fff
                                    0x00467fdb
                                    0x00467fdb
                                    0x00000000
                                    0x00467fdb
                                    0x00467fa9
                                    0x00467fb0
                                    0x00467fc6
                                    0x00467fec
                                    0x00467fec
                                    0x00467fc8
                                    0x00000000
                                    0x00467fc8
                                    0x00467fb2
                                    0x00467fb2
                                    0x00000000
                                    0x00467fb2
                                    0x00467fb0
                                    0x00000000
                                    0x00467fa1
                                    0x00467fea
                                    0x0046802d
                                    0x00468034
                                    0x0046803d
                                    0x00468042
                                    0x0046804a
                                    0x00468071
                                    0x004680a5
                                    0x004680ac
                                    0x004680c1
                                    0x004680cf
                                    0x004680d6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004680c3
                                    0x004680c6
                                    0x004680cd
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x004680cd
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00468073
                                    0x00468075
                                    0x00468091
                                    0x00000000
                                    0x00468093
                                    0x00468093
                                    0x00468098
                                    0x0046809e
                                    0x00000000
                                    0x004680a4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00468075
                                    0x0046805a
                                    0x0046805a
                                    0x00000000
                                    0x0046805a
                                    0x00468036
                                    0x00468036
                                    0x0046805f
                                    0x0046805f
                                    0x00468065
                                    0x00000000
                                    0x0046806b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00467f6e
                                    0x00467f73
                                    0x00467f74
                                    0x00467f75
                                    0x00467f76
                                    0x00467f77
                                    0x00467f7b
                                    0x00467f7c
                                    0x00467f7f
                                    0x00467f84
                                    0x00467f84
                                    0x00467f88
                                    0x004680f1
                                    0x004680f1
                                    0x004680f7
                                    0x004680fd
                                    0x00467f6c
                                    0x00467f62
                                    0x00467ed5
                                    0x004680fe
                                    0x004680fe
                                    0x00468103
                                    0x00468104
                                    0x00468105
                                    0x00468108
                                    0x0046810b
                                    0x0046810b
                                    0x00468110
                                    0x00468117
                                    0x0046811a
                                    0x0046811a
                                    0x0046811f
                                    0x00468126
                                    0x00468129
                                    0x00468129
                                    0x0046812e
                                    0x00468135
                                    0x00468138
                                    0x00468138
                                    0x00468142
                                    0x00468149
                                    0x00468149
                                    0x0046815d

                                    APIs
                                    • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 00467EA5
                                      • Part of subcall function 004617F3: GetModuleHandleA.KERNEL32(00000000,00467EB0), ref: 004617F5
                                    • LoadStringW.USER32(000017A2,?,0000000A), ref: 00467ED1
                                    • LoadStringW.USER32(000017A3,?,0000000A), ref: 00467EEB
                                    • LoadStringA.USER32 ref: 00467F06
                                    • LoadStringW.USER32(00001B59,SHA1,0000000A), ref: 00467F25
                                    • LoadStringW.USER32(00001B5A,MD5,0000000A), ref: 00467F40
                                    • LoadStringW.USER32(00001B5B,<UNKNOWN OID>,00000014), ref: 00467F5E
                                    • CryptUIDlgCertMgr.CRYPTUI(?), ref: 00467F7F
                                    • CryptMsgClose.CRYPT32(00000000), ref: 00468138
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00468149
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString$CertCloseCrypt$HandleHeapInformationModuleStore
                                    • String ID: <NULL>$<UNKNOWN OID>$MD5$SHA1
                                    • API String ID: 215360622-1563267417
                                    • Opcode ID: 2feb60fe862775e6329be3a7f97ec3c0e84aea24876764fed0ec9c771196f9ad
                                    • Instruction ID: 2f16cdbd215e0a3a4ef4da2a8c77983a1ae9d90842c134f7845a0d58fcc9e25f
                                    • Opcode Fuzzy Hash: 2feb60fe862775e6329be3a7f97ec3c0e84aea24876764fed0ec9c771196f9ad
                                    • Instruction Fuzzy Hash: FD71C270604605EAEB106B61DD45FAB3BB9AB00745F05452BF900B22A1FFB9DC95CE1F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00468A1F, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 393 468a1f-468a2c SetUnhandledExceptionFilter
                                    C-Code - Quality: 100%
                                    			E00468A1F() {

				SetUnhandledExceptionFilter(E004689D7); // executed
				return 0;
			}



                                    0x00468a24
                                    0x00468a2c

                                    APIs
                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_000089D7), ref: 00468A24
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterUnhandled
                                    • String ID:
                                    • API String ID: 3192549508-0
                                    • Opcode ID: 11778088dbcf066f21cef129c2d4b3c09031ad7a63fea501d9e87fe8a512bda2
                                    • Instruction ID: 3c30e9dc9adc4b29b7ad8f4e98e03fa1c7970768d15cc12ecc4ea16c08246720
                                    • Opcode Fuzzy Hash: 11778088dbcf066f21cef129c2d4b3c09031ad7a63fea501d9e87fe8a512bda2
                                    • Instruction Fuzzy Hash: A79002A0251540664F0017B15D4979626A05A587027554567A602D4464FE944044551F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00466F07, Relevance: 33.4, APIs: 22, Instructions: 395encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 466f07-466f3e 1 4673c6-4673d8 call 468f8e 0->1 2 466f44-466f4b 0->2 8 4673da-4673dd 1->8 2->1 4 466f51-466f67 CertOpenStore 2->4 6 466f75-466f80 4->6 7 466f69-466f70 4->7 10 466f86-466f8c 6->10 11 467010-467017 6->11 9 4673b1-4673c0 call 468f8e 7->9 37 4673c1-4673c4 9->37 14 466fa7-466fae 10->14 15 466f8e-466f99 call 461dc3 10->15 12 46713f-467146 11->12 13 46701d-467023 11->13 17 467240-467246 12->17 18 46714c-467152 12->18 19 4670e3-4670ea 13->19 20 467029-467036 call 461dc3 13->20 23 466fb4-466fd9 CertFindCertificateInStore 14->23 24 467048-46704f 14->24 15->11 43 466f9b-466fa2 15->43 35 4672c3-4672c9 17->35 36 467248-467252 call 461a5b 17->36 27 4671dd-4671e4 18->27 28 467158-467165 call 461dc3 18->28 33 467177-467187 call 462100 19->33 34 4670f0-46710a call 461cd9 19->34 20->12 63 46703c-467043 20->63 25 466fe7-466ff6 CertAddCertificateContextToStore 23->25 26 466fdb-466fe2 23->26 30 467070-467079 24->30 31 467051-467059 24->31 47 467004-46700d CertFreeCertificateContext 25->47 48 466ff8-466fff 25->48 46 4672f3-4672f6 26->46 41 4671e6-46720b CertFindCTLInStore 27->41 42 467260-467270 call 4621ed 27->42 28->17 78 46716b-467172 28->78 38 46705a-467062 call 461fb6 30->38 31->38 80 467195-467199 33->80 81 467189-467190 33->81 74 46710c-467113 34->74 75 467118-467127 CertAddCRLContextToStore 34->75 39 4672e0-4672e3 call 464da0 35->39 40 4672cb-4672d5 call 461c45 35->40 36->35 76 467254-46725b 36->76 37->8 96 467064-46706b 38->96 97 46707b-467080 38->97 67 4672e8-4672ea 39->67 40->39 84 4672d7-4672de 40->84 54 46720d-467214 41->54 55 467219-467228 CertAddCRLContextToStore 41->55 94 467272-467279 42->94 95 46727e-467282 42->95 58 4673a1-4673af CertCloseStore 43->58 56 46731d-467328 46->56 57 4672f8-467301 CertFreeCertificateContext 46->57 47->11 48->46 68 467312-467314 54->68 70 467236-46723d CertFreeCRLContext 55->70 71 46722a-467231 55->71 72 46734d-467352 56->72 73 46732a-467330 56->73 69 467304-467306 57->69 58->9 58->37 63->56 67->56 85 4672ec 67->85 68->56 87 467316-467317 CertFreeCRLContext 68->87 69->56 86 467308-46730f CertFreeCRLContext 69->86 70->17 71->68 92 467377-46737c 72->92 93 467354-46735a 72->93 88 467332-467347 CertFreeCertificateContext 73->88 89 467349-46734c free 73->89 74->69 90 467135-46713c CertFreeCRLContext 75->90 91 467129-467130 75->91 76->56 78->56 82 4671bc 80->82 83 46719b-4671a1 80->83 81->56 82->12 101 4671be-4671d0 call 466b9f 82->101 98 4671a3-4671ae CertAddCRLContextToStore 83->98 84->56 85->46 86->68 87->56 88->88 88->89 89->72 90->12 91->69 92->58 104 46737e-467384 92->104 102 467373-467376 free 93->102 103 46735c-467371 CertFreeCRLContext 93->103 94->56 105 467284-46728a 95->105 106 4672a2 95->106 96->56 99 467096-467099 97->99 100 467082-467088 97->100 98->12 107 4671b0-4671b7 98->107 109 4670c0 99->109 110 46709b-4670a1 99->110 100->11 108 46708a-467091 100->108 101->107 122 4671d2-4671db 101->122 102->92 103->102 103->103 112 467386-46739b CertFreeCRLContext 104->112 113 46739d-4673a0 free 104->113 114 46728c-467297 CertAddCRLContextToStore 105->114 106->17 115 4672a4-4672b6 call 466c6b 106->115 107->56 108->56 109->11 118 4670c6-4670d6 call 4666c9 109->118 116 4670a3-4670ae CertAddCertificateContextToStore 110->116 112->112 112->113 113->58 114->17 119 467299-4672a0 114->119 115->119 126 4672b8-4672c1 115->126 116->11 121 4670b4-4670bb 116->121 118->121 127 4670d8-4670e1 118->127 119->56 121->56 122->98 126->114 127->116
                                    APIs
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 00466F5C
                                    • CertCloseStore.CRYPT32(?,00000000), ref: 004673A5
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertStore$CloseOpen
                                    • String ID:
                                    • API String ID: 2191479384-0
                                    • Opcode ID: 7b8da1b0b8058465aa4b7026ee9ecc554eb4f28fd6a2cfb4c097b9567b38867e
                                    • Instruction ID: 47f77aaec915dc1db14bf19b06cfeab1f81d7d3ea5bfa7cf18cedd3b1d23bfbf
                                    • Opcode Fuzzy Hash: 7b8da1b0b8058465aa4b7026ee9ecc554eb4f28fd6a2cfb4c097b9567b38867e
                                    • Instruction Fuzzy Hash: 38E16C70D08208EBCF119F91DD449EEBBB9EB45348F24446BE901B2260F7795A81DF6B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00464B58, Relevance: 18.2, APIs: 12, Instructions: 190encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 217 464b58-464b70 218 464b76-464b79 217->218 219 464d92 217->219 218->219 221 464b7f-464b83 218->221 220 464d94-464d98 219->220 222 464b85-464b8f 221->222 223 464b9f-464ba2 221->223 224 464b92 CertOpenStore 222->224 225 464c04-464c0d call 4625ea 223->225 226 464ba4-464ba8 223->226 228 464b98-464b9a 224->228 234 464c33-464c3d call 4624d4 225->234 235 464c0f-464c15 225->235 229 464bf6-464c02 226->229 230 464baa-464bc8 CertOpenStore 226->230 232 464d84-464d86 228->232 229->224 230->219 233 464bce-464bd5 230->233 232->219 236 464d88-464d90 232->236 233->232 237 464bdb-464bf4 CertCloseStore CertOpenStore 233->237 242 464c63-464c64 call 46255f 234->242 243 464c3f-464c45 234->243 238 464c27-464c2e 235->238 239 464c17-464c21 235->239 236->220 237->228 238->232 239->232 239->238 247 464c69-464c6d 242->247 244 464c57-464c5e 243->244 245 464c47-464c51 243->245 244->232 245->232 245->244 248 464c93-464caa CertOpenStore 247->248 249 464c6f-464c75 247->249 248->236 252 464cb0-464cbc call 463c7e 248->252 250 464c87-464c8e 249->250 251 464c77-464c81 249->251 250->232 251->232 251->250 252->236 255 464cc2-464cd4 call 462445 252->255 258 464d77-464d7a 255->258 259 464cda-464cf7 CertOpenStore 255->259 258->232 260 464d7c-464d7f call 468f35 258->260 259->258 261 464cf9-464d11 CertAddEncodedCTLToStore 259->261 260->232 261->258 263 464d13-464d2b CertAddEncodedCRLToStore 261->263 263->258 264 464d2d-464d45 CertAddEncodedCertificateToStore 263->264 264->258 265 464d47-464d63 CertCloseStore CertOpenStore 264->265 265->258 266 464d65-464d75 CertOpenStore 265->266 266->258
                                    APIs
                                    • CertOpenStore.CRYPT32(0000000A,00000000,?,?), ref: 00464B92
                                    • CertOpenStore.CRYPT32(0000000A,00000000,?,?), ref: 00464BC2
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00464BDD
                                    • CertOpenStore.CRYPT32(0000000A,00000000,?,?), ref: 00464BF2
                                    • CertOpenStore.CRYPT32(00000008,00000000,00000000,?), ref: 00464CA4
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 00464CF1
                                    • CertAddEncodedCTLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 00464D09
                                    • CertAddEncodedCRLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 00464D23
                                    • CertAddEncodedCertificateToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 00464D3D
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00464D49
                                    • CertOpenStore.CRYPT32(00000005,00000000,00000000,?), ref: 00464D5D
                                    • CertOpenStore.CRYPT32(00000006,00000000,00000000,?), ref: 00464D73
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertStore$Open$Encoded$Close$Certificate
                                    • String ID:
                                    • API String ID: 2200726460-0
                                    • Opcode ID: 2045838963a3ba496d0e59d37c40610b64839b1feb5748da7e9f708b1887816f
                                    • Instruction ID: 5b0d1f53130091b831e15c0e5c9ee108e2ad80ffffb560248a7694def0011d75
                                    • Opcode Fuzzy Hash: 2045838963a3ba496d0e59d37c40610b64839b1feb5748da7e9f708b1887816f
                                    • Instruction Fuzzy Hash: 37517C31900654FECF21AFA5CC44EAB7AB8FBC9754F044626F605B2220F3754951DB6B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00461DC3, Relevance: 13.6, APIs: 9, Instructions: 91encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 267 461dc3-461de2 268 461de4-461deb 267->268 269 461e0a-461e0e 267->269 270 461dff-461e08 CertEnumCertificatesInStore 268->270 271 461e10-461e17 269->271 272 461e3b-461e3f 269->272 270->269 275 461ded-461dfc CertAddCertificateContextToStore 270->275 276 461e2f-461e39 CertEnumCTLsInStore 271->276 273 461e75 272->273 274 461e41-461e4c 272->274 278 461e7c-461e7e 273->278 277 461e68-461e73 CertGetCRLFromStore 274->277 275->278 279 461dfe 275->279 276->272 280 461e19-461e2a CertAddCRLContextToStore 276->280 277->273 281 461e4e-461e5f CertAddCRLContextToStore 277->281 282 461e87-461e8a 278->282 283 461e80-461e81 CertFreeCertificateContext 278->283 279->270 280->278 284 461e2c 280->284 281->278 285 461e61-461e65 281->285 286 461e95-461e9b 282->286 287 461e8c-461e8f CertFreeCRLContext 282->287 283->282 284->276 285->277 288 461ea6-461eaa 286->288 289 461e9d-461ea0 CertFreeCRLContext 286->289 287->286 289->288
                                    APIs
                                    • CertAddCertificateContextToStore.CRYPT32(?,00000000,00000003,00000000), ref: 00461DF4
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00461E02
                                    • CertAddCRLContextToStore.CRYPT32(?,?,00000003,00000000), ref: 00461E22
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 00461E32
                                    • CertAddCRLContextToStore.CRYPT32(?,?,00000003,00000000), ref: 00461E57
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 00461E6C
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 00461E81
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00461E8F
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00461EA0
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextStore$Free$CertificateEnum$CertificatesFrom
                                    • String ID:
                                    • API String ID: 121226512-0
                                    • Opcode ID: 22e69239f8d4c000df8cc65a23fa867a74807f5df864e5361619318513085223
                                    • Instruction ID: 508d4b10372ea74cab833c81dbac62739cbe3ce0a163f4ebc62c3cf1a1768f21
                                    • Opcode Fuzzy Hash: 22e69239f8d4c000df8cc65a23fa867a74807f5df864e5361619318513085223
                                    • Instruction Fuzzy Hash: 91314F35900259FBDF229FA0DC44ADFBF79EF04750F184066F905A2170E3B68A91DB96
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00469087, Relevance: 9.1, APIs: 6, Instructions: 96fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 290 469087-4690a2 291 469181 290->291 292 4690a8-4690ad 290->292 294 469186-46918a 291->294 292->291 293 4690b3-4690b6 292->293 293->291 295 4690bc-4690c1 293->295 295->291 296 4690c7-4690eb call 469349 295->296 299 469106-469117 GetFileSize 296->299 300 4690ed-4690f5 GetLastError 296->300 299->300 303 469119-46911c 299->303 301 4690f7-4690fc 300->301 302 469101-469104 300->302 301->302 304 469158-46915b 302->304 305 469127-46913a CreateFileMappingA 303->305 306 46911e-469125 303->306 307 46915d-469162 304->307 309 46916e-469171 304->309 305->300 308 46913c-46914c MapViewOfFile 305->308 306->307 307->309 311 469164-46916b CloseHandle 307->311 308->300 310 46914e-469156 308->310 312 469173-469176 FindCloseChangeNotification 309->312 313 46917c-46917f 309->313 310->304 311->309 312->313 313->294
                                    C-Code - Quality: 85%
                                    			E00469087(long _a4, void* _a8, void** _a12, void** _a16) {
				long _v8;
				long _v12;
				long _v16;
				void* _t22;
				long _t24;
				signed int _t25;
				void* _t28;
				void* _t31;
				void* _t32;
				void** _t33;
				void** _t38;

				_t22 = _a8;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				if(_t22 == 0) {
					L20:
					return 0x80070057;
				}
				_t33 = _a12;
				if(_t33 == 0 || _a4 == 0) {
					goto L20;
				} else {
					_t38 = _a16;
					if(_t38 == 0) {
						goto L20;
					}
					_push(0);
					_push(0x80);
					_push(3);
					_push(0);
					_push(1);
					_push(0x80000000);
					_push(_a4);
					 *_t33 = 0;
					 *_t22 = 0;
					 *_t38 =  *_t38 | 0xffffffff; // executed
					E00469349(); // executed
					 *_t38 = _t22;
					if(_t22 != 0xffffffff) {
						_t24 = GetFileSize(_t22,  &_v16);
						_a4 = _t24;
						if(_t24 == 0xffffffff) {
							goto L5;
						}
						if(_v16 == 0) {
							_t31 = CreateFileMappingA( *_t38, 0, 2, 0, 0, 0); // executed
							_v12 = _t31;
							if(_t31 == 0) {
								goto L5;
							}
							_t32 = MapViewOfFile(_t31, 4, 0, 0, _a4); // executed
							if(_t32 == 0) {
								goto L5;
							}
							 *_a8 = _a4;
							 *_t33 = _t32;
							L14:
							if(_v8 == 0) {
								L17:
								if(_v12 != 0) {
									FindCloseChangeNotification(_v12); // executed
								}
								return _v8;
							}
							L15:
							_t28 =  *_t38;
							if(_t28 != 0xffffffff) {
								CloseHandle(_t28);
								 *_t38 =  *_t38 | 0xffffffff;
							}
							goto L17;
						}
						_v8 = 0x80004005;
						goto L15;
					}
					L5:
					_t25 = GetLastError();
					if(_t25 > 0) {
						_t25 = _t25 & 0x0000ffff | 0x80070000;
					}
					_v8 = _t25;
					goto L14;
				}
			}














                                    0x0046908f
                                    0x00469097
                                    0x0046909a
                                    0x0046909d
                                    0x004690a2
                                    0x00469181
                                    0x00000000
                                    0x00469181
                                    0x004690a8
                                    0x004690ad
                                    0x00000000
                                    0x004690bc
                                    0x004690bc
                                    0x004690c1
                                    0x00000000
                                    0x00000000
                                    0x004690c7
                                    0x004690c8
                                    0x004690cd
                                    0x004690cf
                                    0x004690d0
                                    0x004690d2
                                    0x004690d7
                                    0x004690da
                                    0x004690dc
                                    0x004690de
                                    0x004690e1
                                    0x004690e6
                                    0x004690eb
                                    0x0046910b
                                    0x00469111
                                    0x00469117
                                    0x00000000
                                    0x00000000
                                    0x0046911c
                                    0x0046912f
                                    0x00469135
                                    0x0046913a
                                    0x00000000
                                    0x00000000
                                    0x00469144
                                    0x0046914c
                                    0x00000000
                                    0x00000000
                                    0x00469154
                                    0x00469156
                                    0x00469158
                                    0x0046915b
                                    0x0046916e
                                    0x00469171
                                    0x00469176
                                    0x00469176
                                    0x00000000
                                    0x0046917c
                                    0x0046915d
                                    0x0046915d
                                    0x00469162
                                    0x00469165
                                    0x0046916b
                                    0x0046916b
                                    0x00000000
                                    0x00469162
                                    0x0046911e
                                    0x00000000
                                    0x0046911e
                                    0x004690ed
                                    0x004690ed
                                    0x004690f5
                                    0x004690fc
                                    0x004690fc
                                    0x00469101
                                    0x00000000
                                    0x00469101

                                    APIs
                                    • GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 004690ED
                                    • GetFileSize.KERNEL32(00000000,?,000000FF,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?,?,000000FF), ref: 0046910B
                                    • CreateFileMappingA.KERNEL32 ref: 0046912F
                                    • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,000000FF,?,00000000,?,?,000000FF), ref: 00469144
                                    • CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 00469165
                                    • FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 00469176
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: File$Close$ChangeCreateErrorFindHandleLastMappingNotificationSizeView
                                    • String ID:
                                    • API String ID: 2370202277-0
                                    • Opcode ID: 2e7b2d54c9ca6fe817b126e475caff9ae2d9d310f7c3cc738a205839e450e217
                                    • Instruction ID: a30fd0fa43ea7656cb3b4cab6889d953fdc5b10032c168b339a4064f05169b58
                                    • Opcode Fuzzy Hash: 2e7b2d54c9ca6fe817b126e475caff9ae2d9d310f7c3cc738a205839e450e217
                                    • Instruction Fuzzy Hash: BB318171900205FBDB218F59CC48DDEBBB9EBC6760F34861AF561D62A0E3B54D80DB16
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0046255F, Relevance: 7.6, APIs: 5, Instructions: 56encryptionfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 327 46255f-462579 call 469087 329 46257e-462580 327->329 330 462586-46259a CertOpenStore 329->330 331 462582-462584 329->331 333 4625c0-4625c3 330->333 334 46259c-4625b4 CertAddEncodedCertificateToStore 330->334 332 4625e1-4625e2 331->332 336 4625c5-4625c8 UnmapViewOfFile 333->336 337 4625ce-4625d2 333->337 334->333 335 4625b6-4625be CertCloseStore 334->335 335->333 336->337 338 4625d4-4625d7 CloseHandle 337->338 339 4625dd-4625e0 337->339 338->339 339->332
                                    C-Code - Quality: 37%
                                    			E0046255F(void* __ecx, void* _a4) {
				signed int _v8;
				char _v12;
				void* _t16;
				void* _t22;
				void* _t23;
				void* _t25;

				_v8 = _v8 | 0xffffffff;
				_t16 = E00469087(_a4,  &_v12,  &_a4,  &_v8); // executed
				if(_t16 == 0) {
					__imp__CertOpenStore(2, 0, 0, 0, 0, _t22, _t25);
					_t23 = _t16;
					if(_t23 != 0) {
						__imp__CertAddEncodedCertificateToStore(_t23,  *0x46a06c, _a4, _v12, 4, 0);
						if(_t16 == 0) {
							__imp__CertCloseStore(_t23, 0);
							_t23 = 0;
						}
					}
					if(_a4 != 0) {
						UnmapViewOfFile(_a4);
					}
					if(_v8 != 0xffffffff) {
						CloseHandle(_v8);
					}
					return _t23;
				}
				return 0;
			}









                                    0x00462566
                                    0x00462579
                                    0x00462580
                                    0x00462590
                                    0x00462596
                                    0x0046259a
                                    0x004625ac
                                    0x004625b4
                                    0x004625b8
                                    0x004625be
                                    0x004625be
                                    0x004625b4
                                    0x004625c3
                                    0x004625c8
                                    0x004625c8
                                    0x004625d2
                                    0x004625d7
                                    0x004625d7
                                    0x00000000
                                    0x004625e0
                                    0x00000000

                                    APIs
                                      • Part of subcall function 00469087: GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 004690ED
                                      • Part of subcall function 00469087: CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 00469165
                                      • Part of subcall function 00469087: FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 00469176
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000,00000000), ref: 00462590
                                    • CertAddEncodedCertificateToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 004625AC
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 004625B8
                                    • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,000000FF), ref: 004625C8
                                    • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,000000FF), ref: 004625D7
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Close$CertStore$Handle$CertificateChangeEncodedErrorFileFindLastNotificationOpenUnmapView
                                    • String ID:
                                    • API String ID: 780097858-0
                                    • Opcode ID: 1110ebf79c8562f344b5359d42ee9403b0147990476a9a9cf24e8631408a04ad
                                    • Instruction ID: 11920e8821be7349fd54b6d4a5b057f2a96b782e8b27cf0a1bcdde046d8560ca
                                    • Opcode Fuzzy Hash: 1110ebf79c8562f344b5359d42ee9403b0147990476a9a9cf24e8631408a04ad
                                    • Instruction Fuzzy Hash: 5A016176201114BBCF214F62DD08DDF7E6DEF467A0B144126F506E1060F7B48A41DABA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004624D4, Relevance: 7.6, APIs: 5, Instructions: 56encryptionfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 314 4624d4-4624f5 call 469087 317 4624f7-4624f9 314->317 318 4624fb-46250f CertOpenStore 314->318 319 462556-462557 317->319 320 462535-462538 318->320 321 462511-462529 CertAddEncodedCRLToStore 318->321 323 462543-462547 320->323 324 46253a-46253d UnmapViewOfFile 320->324 321->320 322 46252b-462533 CertCloseStore 321->322 322->320 325 462552-462555 323->325 326 462549-46254c CloseHandle 323->326 324->323 325->319 326->325
                                    C-Code - Quality: 37%
                                    			E004624D4(void* __ecx, void* _a4) {
				signed int _v8;
				char _v12;
				void* _t16;
				void* _t22;
				void* _t23;
				void* _t25;

				_v8 = _v8 | 0xffffffff;
				_t16 = E00469087(_a4,  &_v12,  &_a4,  &_v8); // executed
				if(_t16 == 0) {
					__imp__CertOpenStore(2, 0, 0, 0, 0, _t22, _t25);
					_t23 = _t16;
					if(_t23 != 0) {
						__imp__CertAddEncodedCRLToStore(_t23,  *0x46a064, _a4, _v12, 4, 0); // executed
						if(_t16 == 0) {
							__imp__CertCloseStore(_t23, 0);
							_t23 = 0;
						}
					}
					if(_a4 != 0) {
						UnmapViewOfFile(_a4);
					}
					if(_v8 != 0xffffffff) {
						CloseHandle(_v8);
					}
					return _t23;
				}
				return 0;
			}









                                    0x004624db
                                    0x004624ee
                                    0x004624f5
                                    0x00462505
                                    0x0046250b
                                    0x0046250f
                                    0x00462521
                                    0x00462529
                                    0x0046252d
                                    0x00462533
                                    0x00462533
                                    0x00462529
                                    0x00462538
                                    0x0046253d
                                    0x0046253d
                                    0x00462547
                                    0x0046254c
                                    0x0046254c
                                    0x00000000
                                    0x00462555
                                    0x00000000

                                    APIs
                                      • Part of subcall function 00469087: GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 004690ED
                                      • Part of subcall function 00469087: CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 00469165
                                      • Part of subcall function 00469087: FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 00469176
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000,00000000), ref: 00462505
                                    • CertAddEncodedCRLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 00462521
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 0046252D
                                    • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,000000FF), ref: 0046253D
                                    • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,000000FF), ref: 0046254C
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Close$CertStore$Handle$ChangeEncodedErrorFileFindLastNotificationOpenUnmapView
                                    • String ID:
                                    • API String ID: 3658566462-0
                                    • Opcode ID: 1cb6aa645ba98ea8df83a292b243f93acfdaa2a780592e489178266ec0b9c053
                                    • Instruction ID: 155e199c9a3f7e2ccaa9237c55436edba5714a53b2d0d96504db71015574a169
                                    • Opcode Fuzzy Hash: 1cb6aa645ba98ea8df83a292b243f93acfdaa2a780592e489178266ec0b9c053
                                    • Instruction Fuzzy Hash: B2016535201214BBCB214F56DD0CDDF7E2DEF8A7A0B144126F60AE1060F7748A41D6A6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004625EA, Relevance: 7.6, APIs: 5, Instructions: 56encryptionfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 340 4625ea-46260b call 469087 343 462611-462625 CertOpenStore 340->343 344 46260d-46260f 340->344 346 462627-46263f CertAddEncodedCTLToStore 343->346 347 46264b-46264e 343->347 345 46266c-46266d 344->345 346->347 348 462641-462649 CertCloseStore 346->348 349 462650-462653 UnmapViewOfFile 347->349 350 462659-46265d 347->350 348->347 349->350 351 46265f-462662 CloseHandle 350->351 352 462668-46266b 350->352 351->352 352->345
                                    C-Code - Quality: 37%
                                    			E004625EA(void* __ecx, void* _a4) {
				signed int _v8;
				char _v12;
				void* _t16;
				void* _t22;
				void* _t23;
				void* _t25;

				_v8 = _v8 | 0xffffffff;
				_t16 = E00469087(_a4,  &_v12,  &_a4,  &_v8); // executed
				if(_t16 == 0) {
					__imp__CertOpenStore(2, 0, 0, 0, 0, _t22, _t25);
					_t23 = _t16;
					if(_t23 != 0) {
						__imp__CertAddEncodedCTLToStore(_t23,  *0x46a06c, _a4, _v12, 4, 0);
						if(_t16 == 0) {
							__imp__CertCloseStore(_t23, 0);
							_t23 = 0;
						}
					}
					if(_a4 != 0) {
						UnmapViewOfFile(_a4);
					}
					if(_v8 != 0xffffffff) {
						CloseHandle(_v8);
					}
					return _t23;
				}
				return 0;
			}









                                    0x004625f1
                                    0x00462604
                                    0x0046260b
                                    0x0046261b
                                    0x00462621
                                    0x00462625
                                    0x00462637
                                    0x0046263f
                                    0x00462643
                                    0x00462649
                                    0x00462649
                                    0x0046263f
                                    0x0046264e
                                    0x00462653
                                    0x00462653
                                    0x0046265d
                                    0x00462662
                                    0x00462662
                                    0x00000000
                                    0x0046266b
                                    0x00000000

                                    APIs
                                      • Part of subcall function 00469087: GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 004690ED
                                      • Part of subcall function 00469087: CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 00469165
                                      • Part of subcall function 00469087: FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 00469176
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000,00000000), ref: 0046261B
                                    • CertAddEncodedCTLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 00462637
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00462643
                                    • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,000000FF), ref: 00462653
                                    • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,000000FF), ref: 00462662
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Close$CertStore$Handle$ChangeEncodedErrorFileFindLastNotificationOpenUnmapView
                                    • String ID:
                                    • API String ID: 3658566462-0
                                    • Opcode ID: 6cba96c85b3dd342dab40e1c5eb575e4b2a529b6d7bf7ba827d1bd325ed826e6
                                    • Instruction ID: e0a7e8b64252e8234f7ffdd6f0a73393cfb46f0bd54e47c287e960b375de07eb
                                    • Opcode Fuzzy Hash: 6cba96c85b3dd342dab40e1c5eb575e4b2a529b6d7bf7ba827d1bd325ed826e6
                                    • Instruction Fuzzy Hash: 6D016135201614BBCF215B62CD0CDDF7E2DEF467A0F144126F609E1070E7B08A41DBAA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00468F8E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 353 468f8e-468fba LoadStringW vwprintf
                                    C-Code - Quality: 100%
                                    			E00468F8E(struct HINSTANCE__* _a4, int _a8, void _a12) {
				int _t6;

				LoadStringW(_a4, _a8, 0x46acd8,  *0x46a390);
				_t6 = vwprintf(0x46acd8,  &_a12); // executed
				return _t6;
			}




                                    0x00468fa6
                                    0x00468fb1
                                    0x00468fba

                                    APIs
                                    • LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                    • vwprintf.MSVCRT ref: 00468FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadStringvwprintf
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 1051060134-2974366063
                                    • Opcode ID: 7816aef49e34dd12398fb3091db15f9c6fef14fd33ea7285efea06de21cb7483
                                    • Instruction ID: 407f3aac77c8c46e1e1e0b4e2367f9e3dd6fc8e561746d6ea681d0c1e5fd7fa2
                                    • Opcode Fuzzy Hash: 7816aef49e34dd12398fb3091db15f9c6fef14fd33ea7285efea06de21cb7483
                                    • Instruction Fuzzy Hash: 3AD05E320082187B8B116F42EC09CDB3F5DEB462747044026FD1C52220BA729D61DB9A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00464DA0, Relevance: 4.6, APIs: 3, Instructions: 113encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 354 464da0-464db9 355 464dd4-464dda 354->355 356 464dbb-464dcf call 468f8e 354->356 358 464de0-464de6 355->358 359 464e7b-464e81 355->359 364 464ef4-464ef8 356->364 361 464dec-464df3 358->361 362 464e9a-464ead 358->362 359->362 363 464e83-464e98 359->363 365 464df5-464dfc 361->365 366 464dfe-464e21 call 464b58 361->366 367 464eb3-464ebd CertOpenStore 362->367 363->367 365->366 370 464e37-464e48 365->370 366->370 377 464e23-464e2e call 461dc3 366->377 368 464ed3-464ed7 call 461dc3 367->368 369 464ebf-464ed1 call 468f8e 367->369 379 464edc 368->379 382 464ef1 369->382 374 464e4c-464e5d CertSaveStore 370->374 375 464e4a 370->375 380 464e63-464e65 374->380 375->374 377->370 388 464e30-464e35 377->388 379->380 383 464e67 380->383 384 464ede 380->384 382->364 387 464e6c-464e79 call 468f8e 383->387 386 464ee5-464ee7 384->386 386->382 389 464ee9-464eeb CertCloseStore 386->389 387->386 388->387 389->382
                                    APIs
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00464EEB
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertCloseLoadStoreStringvwprintf
                                    • String ID:
                                    • API String ID: 3929983701-0
                                    • Opcode ID: ad36a6f5cadd41de41bb845d2ab8c911c4bbbfe8d32d482b53075088177c8998
                                    • Instruction ID: e1fb5bc6a82fbfaa625496ed13c1e23169583a3ebc8e6758643c90318159db56
                                    • Opcode Fuzzy Hash: ad36a6f5cadd41de41bb845d2ab8c911c4bbbfe8d32d482b53075088177c8998
                                    • Instruction Fuzzy Hash: 2931C972604A04FADF266B52ED05D5B3AB9F7C0B50B14012BF200721B0F6BA58A1DF6F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00468436, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 392 468436-468468 __wgetmainargs
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: __wgetmainargs
                                    • String ID:
                                    • API String ID: 1709950718-0
                                    • Opcode ID: 9975a20c02b1852282d8c17ac75d379af1dc2a3a031f3165881d6f77c9428917
                                    • Instruction ID: 24cfb74cc1df5430060a96476edb6252218409a66f973878a24773e52ee082ab
                                    • Opcode Fuzzy Hash: 9975a20c02b1852282d8c17ac75d379af1dc2a3a031f3165881d6f77c9428917
                                    • Instruction Fuzzy Hash: A1D092F0642B00BFC706DB54AC02A113A60A60470037B9C26F60872161F2E820789E1F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 004657BD, Relevance: 59.9, APIs: 2, Strings: 32, Instructions: 441COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 429 4657bd-4657cc 430 4657d2-4657e0 429->430 431 465ccc-465ccd 429->431 432 4657e3-4657ea 430->432 433 4657f3-465861 printf call 468f8e printf call 463272 call 468f8e call 468fc0 432->433 434 4657ec 432->434 443 465873-465882 call 4632a1 433->443 444 465863-46586e call 4628a5 433->444 434->433 448 465cb7-465cc3 443->448 449 465888-465894 443->449 444->443 448->432 452 465cc9-465ccb 448->452 450 465896-4658a4 call 464881 449->450 451 4658a9-4658ba 449->451 450->448 454 4658cf-4658dd 451->454 455 4658bc-4658ca call 4654fa 451->455 452->431 458 4658f2-465900 454->458 459 4658df-4658ed call 46530c 454->459 455->448 460 465902-465915 call 463228 458->460 461 46591a-465928 458->461 459->448 460->448 465 46593d-46594b 461->465 466 46592a-465938 call 4646f7 461->466 470 46595d-46596b 465->470 471 46594d-46595b 465->471 466->448 474 46597d-46598b 470->474 475 46596d-46597b 470->475 473 4659db-4659e0 call 4655e2 471->473 473->448 477 46599d-4659ab 474->477 478 46598d-46599b 474->478 475->473 480 4659bd-4659cb 477->480 481 4659ad-4659bb 477->481 478->473 482 4659e5-4659f3 480->482 483 4659cd-4659d6 480->483 481->473 484 4659f5-465a03 call 462f08 482->484 485 465a08-465a16 482->485 483->473 484->448 487 465a2b-465a39 485->487 488 465a18-465a26 call 4645c9 485->488 491 465a4e-465a5c 487->491 492 465a3b-465a49 call 464571 487->492 488->448 493 465a71-465a7f 491->493 494 465a5e-465a6c call 462d86 491->494 492->448 498 465a81-465a94 call 462c72 493->498 499 465a99-465aa7 493->499 494->448 498->448 503 465abc-465aca 499->503 504 465aa9-465ab7 call 46516d 499->504 507 465adf-465aed 503->507 508 465acc-465ada call 462b61 503->508 504->448 509 465b02-465b10 507->509 510 465aef-465afd call 462bfa 507->510 508->448 514 465b25-465b33 509->514 515 465b12-465b20 call 462a90 509->515 510->448 519 465b35-465b43 call 462a6e 514->519 520 465b48-465b56 514->520 515->448 519->448 523 465b6b-465b79 520->523 524 465b58-465b66 call 4644a1 520->524 525 465b8e-465b9c 523->525 526 465b7b-465b89 call 462ff4 523->526 524->448 530 465bb6-465bc4 525->530 531 465b9e-465bb1 call 463155 525->531 526->448 535 465bc6-465bd4 530->535 536 465bd9-465be7 530->536 531->448 538 465c9a-465c9f call 4630d1 535->538 539 465bfc-465c0a 536->539 540 465be9-465bf7 536->540 538->448 542 465c1c-465c2a 539->542 543 465c0c-465c1a 539->543 540->538 545 465c3c-465c4a 542->545 546 465c2c-465c3a 542->546 543->538 547 465c5c-465c6a 545->547 548 465c4c-465c5a 545->548 546->538 549 465c7c-465c8a 547->549 550 465c6c-465c7a 547->550 548->538 551 465ca1-465ca5 549->551 552 465c8c-465c95 549->552 550->538 551->448 553 465ca7-465cb2 call 4628a5 551->553 552->538 553->448
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf
                                    • String ID: $1.2.840.113549.1.9.15$1.3.6.1.4.1.311.10.2$1.3.6.1.4.1.311.2.1.10$1.3.6.1.4.1.311.2.1.26$1.3.6.1.4.1.311.2.1.27$2.16.840.1.113730.1.1$2.16.840.1.113730.1.12$2.16.840.1.113730.1.13$2.16.840.1.113730.1.2$2.16.840.1.113730.1.3$2.16.840.1.113730.1.4$2.16.840.1.113730.1.7$2.16.840.1.113730.1.8$2.5.29.1$2.5.29.10$2.5.29.14$2.5.29.15$2.5.29.17$2.5.29.18$2.5.29.19$2.5.29.2$2.5.29.21$2.5.29.31$2.5.29.32$2.5.29.35$2.5.29.37$2.5.29.4$2.5.29.7$2.5.29.8$2.5.4.3$<NULL>
                                    • API String ID: 3524737521-359703846
                                    • Opcode ID: c53d6fccb1420c6b0994dcaade7b7f247e1c7b2af8f3b90a3d62217c9921661b
                                    • Instruction ID: 9845df8d84ada1f10c7fcd9fd1861909b27ad06a6c6bd3b355c068a76957d342
                                    • Opcode Fuzzy Hash: c53d6fccb1420c6b0994dcaade7b7f247e1c7b2af8f3b90a3d62217c9921661b
                                    • Instruction Fuzzy Hash: 1BE1C337604608BBEF159E91CD419667B23EB44320F1CC197FA041E1A6F77A8C62BB5B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00465CD6, Relevance: 35.5, APIs: 15, Strings: 5, Instructions: 493encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 37%
                                    			E00465CD6(void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				char _v28;
				char* _v32;
				void* _v36;
				long* _v40;
				char _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t123;
				void* _t159;
				char* _t171;
				int _t174;
				void* _t179;
				intOrPtr _t188;
				intOrPtr* _t256;
				char* _t257;
				intOrPtr* _t258;
				void* _t261;
				void* _t263;
				void* _t304;
				void* _t305;
				intOrPtr* _t306;
				signed int _t308;
				char* _t309;
				signed int _t311;
				void* _t312;
				void* _t314;
				void* _t315;
				void* _t316;
				void* _t317;

				_t304 = __edx;
				_t123 =  *0x46a078; // 0x4cbb1deb
				_v8 = _t123 ^ _t311;
				_v40 = _v40 & 0x00000000;
				_t310 = _a4;
				_t256 = 0x14;
				_push(0x1b5c);
				_push( *0x46a7f8);
				_v36 = _t256;
				E00468F8E();
				_pop(_t261);
				E00464254(_t261, _t305,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x34)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x30)), _a8);
				_push(0x1b5d);
				_push( *0x46a7f8);
				E00468F8E();
				_pop(_t263);
				E00464254(_t263, _t305,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x1c)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x18)), _a8);
				E00468F8E();
				E004683AA( *((intOrPtr*)(_t310 + 0xc)) + 4);
				printf("\n");
				_t306 = __imp__CertGetCertificateContextProperty;
				 *_t306(_t310, 3,  &_v28,  &_v36,  *0x46a7f8, 0x1b5e);
				E0046297C("SHA1",  &_v28, _v36);
				_v36 = _t256;
				 *_t306(_t310, 4,  &_v28,  &_v36);
				E0046297C("MD5",  &_v28, _v36);
				CryptAcquireContextA( &_v40, 0, 0, 1, 0);
				if(_v40 != 0) {
					_v36 = _t256;
					__imp__CryptHashPublicKeyInfo(0x8003, 0,  *0x46a064,  *((intOrPtr*)(_t310 + 0xc)) + 0x38,  &_v28,  &_v36);
					E00468F8E( *0x46a7f8, 0x1b5f, _v40);
					E0046297C("MD5",  &_v28, _v36);
					CryptReleaseContext(_v40, 0);
				}
				_v32 = _v32 & 0x00000000;
				 *_t306(_t310, 2, 0,  &_v32);
				if(_v32 == 0) {
					L17:
					E00468F8E( *0x46a7f8, 0x1b66, E00463E22(_t304, _t306,  *((intOrPtr*)(_t310 + 0xc)) + 0x20));
					_t159 = E00468F8E( *0x46a7f8, 0x1b67, E00463E22(_t304, _t306,  *((intOrPtr*)(_t310 + 0xc)) + 0x28));
					_t314 = _t312 + 0x18;
					_t308 = _a8 & 0x00010000;
					if(_t308 != 0) {
						E00463FFA(_t159, _t310, _a8);
					}
					if(_t308 == 0) {
						L54:
						return E004686C7(1, _t256, _v8 ^ _t311, _t304, _t308, _t310);
					} else {
						E00468F8E( *0x46a7f8, 0x1b68,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)))));
						_t309 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0xc));
						_t315 = _t314 + 0xc;
						if(_t309 == 0) {
							_t309 = "<NULL>";
						}
						_push(0x1b69);
						_push( *0x46a7f8);
						_push(E00463272(E00468F8E(), _t309, 4));
						_push(_t309);
						_t257 = "%s (%S)\n";
						printf(_t257);
						_t316 = _t315 + 0xc;
						_t308 = L"    ";
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x10)) != 0) {
							_push(0x1b6a);
							_push( *0x46a7f8);
							E00468F8E();
							E004628A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x14)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x10)));
						}
						_t171 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x38));
						_v32 = _t171;
						if(_t171 == 0) {
							_v32 = "<NULL>";
						}
						_push(0x1b6b);
						_push( *0x46a7f8);
						_push(E00463272(E00468F8E(), _v32, 3));
						_push(_v32);
						_t174 = printf(_t257);
						_t317 = _t316 + 0xc;
						_v32 = E004681A9(_t174, _v32, 3);
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x3c)) != 0) {
							_push(0x1b6c);
							_push( *0x46a7f8);
							E00468F8E();
							E004628A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x40)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x3c)));
							if(_v32 == 0x2200) {
								_t259 = E004682C8( &_v44, 0x27,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x40)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x3c)),  &_v44);
								if(_t219 != 0) {
									E00468F8E( *0x46a7f8, 0x1b6d,  *_t259);
									E00468F8E( *0x46a7f8, 0x1b6e,  *_t259 << 3);
									_t317 = _t317 + 0x18;
									E004628A5(_t308, _t259[1],  *_t259);
									_push(0x1b6f);
									E00468F8E();
									E004628A5(_t308, _t259[3], _t259[2]);
									E00468F8E( *0x46a7f8, 0x1b70,  *0x46a7f8);
									E00468F35(E004628A5(_t308, _t259[5], _t259[4]), _t259);
								}
							}
						}
						E00468F8E();
						_t179 =  *((intOrPtr*)(_t310 + 0xc)) + 0x38;
						__imp__CertGetPublicKeyLength( *0x46a064, _t179,  *0x46a7f8, 0x1b71);
						if(_t179 != 0) {
							E00468F8E( *0x46a7f8, 0x1b72, _t179);
							_t317 = _t317 + 0xc;
						}
						_t181 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x4c));
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x4c)) != 0) {
							E00468F8E( *0x46a7f8, 0x1b73, _t181);
							_t317 = _t317 + 0xc;
						}
						printf("\n");
						_t183 =  *((intOrPtr*)(_t310 + 0xc));
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x44)) == 0) {
							_push(0x1b76);
							_push( *0x46a7f8);
							E00468F8E();
							goto L44;
						} else {
							E004628A5(_t308,  *((intOrPtr*)(_t183 + 0x48)),  *((intOrPtr*)(_t183 + 0x44)));
							if(_v32 == 0x2400 || _v32 == 0xa400) {
								_push(0x1b74);
								_push( *0x46a7f8);
								E00468F8E();
								_t258 = E004682C8( &_v32, 0x13,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x44)),  &_v32);
								if(_t258 == 0) {
									goto L44;
								}
								_push(_v32);
								_push(_t258);
								goto L40;
							} else {
								if(_v32 != 0x2200) {
									L44:
									_push(_a8);
									E004640DE( *((intOrPtr*)(_t310 + 4)),  *((intOrPtr*)(_t310 + 8)));
									_t256 = 0;
									if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x50)) != 0) {
										_push(0x1b77);
										_push( *0x46a7f8);
										E00468F8E();
										_t199 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x58));
										if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x58)) != 0) {
											E00468F8E( *0x46a7f8, 0x1b73, _t199);
											_t317 = _t317 + 0xc;
										}
										printf("\n");
										E004628A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x54)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x50)));
									}
									if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x5c)) != _t256) {
										_push(0x1b78);
										_push( *0x46a7f8);
										E00468F8E();
										_t192 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x64));
										if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x64)) != _t256) {
											E00468F8E( *0x46a7f8, 0x1b73, _t192);
										}
										printf("\n");
										E004628A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x60)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x5c)));
									}
									_t188 =  *((intOrPtr*)(_t310 + 0xc));
									if( *((intOrPtr*)(_t188 + 0x68)) != _t256) {
										_t310 = _t188;
										E004657BD( *((intOrPtr*)(_t188 + 0x68)),  *((intOrPtr*)(_t188 + 0x6c)), _a8);
									}
									goto L54;
								}
								_push(0x1b75);
								_push( *0x46a7f8);
								E00468F8E();
								_t258 = E004682C8( &_v44, 0x26,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x44)),  &_v44);
								if(_t258 == 0) {
									goto L44;
								}
								_push( *_t258);
								_push( *((intOrPtr*)(_t258 + 4)));
								L40:
								_push(_t308);
								E00468F35(E004628A5(), _t258);
								goto L44;
							}
						}
					}
				}
				_t256 = E00469241(_v32, 0, 0);
				if(_t256 == 0) {
					goto L17;
				}
				_push( &_v32);
				_push(_t256);
				_push(2);
				_push(_t310);
				if( *_t306() == 0) {
					L16:
					E00468F35(_t235, _t256);
					goto L17;
				}
				E00468F8E( *0x46a7f8, 0x1b60,  *((intOrPtr*)(_t256 + 8)));
				_t238 =  *((intOrPtr*)(_t256 + 4));
				_t312 = _t312 + 0xc;
				if( *((intOrPtr*)(_t256 + 4)) != 0) {
					E00468F8E( *0x46a7f8, 0x1b61, _t238);
					_t312 = _t312 + 0xc;
				}
				_t239 =  *((intOrPtr*)(_t256 + 0xc));
				if( *((intOrPtr*)(_t256 + 0xc)) != 0) {
					E00468F8E( *0x46a7f8, 0x1b62, _t239);
					_t312 = _t312 + 0xc;
				}
				_t240 =  *_t256;
				if( *_t256 != 0) {
					E00468F8E( *0x46a7f8, 0x1b63, _t240);
					_t312 = _t312 + 0xc;
				}
				_t241 =  *((intOrPtr*)(_t256 + 0x10));
				if( *((intOrPtr*)(_t256 + 0x10)) != 0) {
					E00468F8E( *0x46a7f8, 0x1bc2, _t241);
					_t312 = _t312 + 0xc;
				}
				_t242 =  *((intOrPtr*)(_t256 + 0x18));
				if( *((intOrPtr*)(_t256 + 0x18)) != 0) {
					E00468F8E( *0x46a7f8, 0x1b65, _t242);
					_t312 = _t312 + 0xc;
				}
				_t235 = printf("\n");
				goto L16;
			}


































                                    0x00465cd6
                                    0x00465cde
                                    0x00465ce5
                                    0x00465ce8
                                    0x00465cee
                                    0x00465cf4
                                    0x00465cf5
                                    0x00465cfa
                                    0x00465d00
                                    0x00465d03
                                    0x00465d0c
                                    0x00465d16
                                    0x00465d1b
                                    0x00465d20
                                    0x00465d26
                                    0x00465d2f
                                    0x00465d39
                                    0x00465d49
                                    0x00465d57
                                    0x00465d61
                                    0x00465d67
                                    0x00465d79
                                    0x00465d87
                                    0x00465d97
                                    0x00465d9a
                                    0x00465da8
                                    0x00465db8
                                    0x00465dc2
                                    0x00465dd9
                                    0x00465de6
                                    0x00465df7
                                    0x00465e0a
                                    0x00465e14
                                    0x00465e14
                                    0x00465e1a
                                    0x00465e27
                                    0x00465e2e
                                    0x00465f08
                                    0x00465f20
                                    0x00465f40
                                    0x00465f48
                                    0x00465f4b
                                    0x00465f51
                                    0x00465f57
                                    0x00465f57
                                    0x00465f5e
                                    0x004662ee
                                    0x004662ff
                                    0x00465f64
                                    0x00465f74
                                    0x00465f7c
                                    0x00465f7f
                                    0x00465f84
                                    0x00465f86
                                    0x00465f86
                                    0x00465f8b
                                    0x00465f90
                                    0x00465fa5
                                    0x00465fa6
                                    0x00465fa7
                                    0x00465fad
                                    0x00465fb6
                                    0x00465fbd
                                    0x00465fc2
                                    0x00465fc4
                                    0x00465fc9
                                    0x00465fcf
                                    0x00465fe0
                                    0x00465fe0
                                    0x00465fe8
                                    0x00465feb
                                    0x00465ff0
                                    0x00465ff2
                                    0x00465ff2
                                    0x00465ff9
                                    0x00465ffe
                                    0x00466015
                                    0x00466016
                                    0x0046601a
                                    0x00466020
                                    0x0046602d
                                    0x00466037
                                    0x0046603d
                                    0x00466042
                                    0x00466048
                                    0x00466059
                                    0x00466065
                                    0x0046607f
                                    0x00466083
                                    0x00466099
                                    0x004660a9
                                    0x004660ae
                                    0x004660b7
                                    0x004660bc
                                    0x004660c7
                                    0x004660d5
                                    0x004660e5
                                    0x004660f9
                                    0x004660f9
                                    0x00466083
                                    0x00466065
                                    0x00466109
                                    0x00466113
                                    0x0046611d
                                    0x00466125
                                    0x00466133
                                    0x00466138
                                    0x00466138
                                    0x0046613e
                                    0x00466143
                                    0x00466151
                                    0x00466156
                                    0x00466156
                                    0x0046615e
                                    0x00466164
                                    0x0046616c
                                    0x0046620e
                                    0x00466213
                                    0x00466219
                                    0x00000000
                                    0x00466172
                                    0x00466179
                                    0x00466185
                                    0x004661dc
                                    0x004661e1
                                    0x004661e7
                                    0x00466202
                                    0x00466206
                                    0x00000000
                                    0x00000000
                                    0x00466208
                                    0x0046620b
                                    0x00000000
                                    0x00466190
                                    0x00466197
                                    0x00466220
                                    0x00466220
                                    0x00466229
                                    0x00466231
                                    0x00466236
                                    0x00466238
                                    0x0046623d
                                    0x00466243
                                    0x0046624b
                                    0x00466252
                                    0x00466260
                                    0x00466265
                                    0x00466265
                                    0x0046626d
                                    0x0046627e
                                    0x0046627e
                                    0x00466289
                                    0x0046628b
                                    0x00466290
                                    0x00466296
                                    0x0046629e
                                    0x004662a5
                                    0x004662b3
                                    0x004662b8
                                    0x004662c0
                                    0x004662d1
                                    0x004662d1
                                    0x004662d6
                                    0x004662dc
                                    0x004662e1
                                    0x004662e9
                                    0x004662e9
                                    0x00000000
                                    0x004662dc
                                    0x0046619d
                                    0x004661a2
                                    0x004661a8
                                    0x004661c3
                                    0x004661c7
                                    0x00000000
                                    0x00000000
                                    0x004661c9
                                    0x004661cb
                                    0x004661ce
                                    0x004661ce
                                    0x004661d5
                                    0x00000000
                                    0x004661d5
                                    0x00466185
                                    0x0046616c
                                    0x00465f5e
                                    0x00465e3e
                                    0x00465e42
                                    0x00000000
                                    0x00000000
                                    0x00465e4b
                                    0x00465e4c
                                    0x00465e4d
                                    0x00465e4f
                                    0x00465e54
                                    0x00465f02
                                    0x00465f03
                                    0x00000000
                                    0x00465f03
                                    0x00465e68
                                    0x00465e6d
                                    0x00465e70
                                    0x00465e75
                                    0x00465e83
                                    0x00465e88
                                    0x00465e88
                                    0x00465e8b
                                    0x00465e90
                                    0x00465e9e
                                    0x00465ea3
                                    0x00465ea3
                                    0x00465ea6
                                    0x00465eaa
                                    0x00465eb8
                                    0x00465ebd
                                    0x00465ebd
                                    0x00465ec0
                                    0x00465ec5
                                    0x00465ed3
                                    0x00465ed8
                                    0x00465ed8
                                    0x00465edb
                                    0x00465ee0
                                    0x00465eee
                                    0x00465ef3
                                    0x00465ef3
                                    0x00465efb
                                    0x00000000

                                    APIs
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                      • Part of subcall function 00464254: printf.MSVCRT ref: 004642F5
                                      • Part of subcall function 00464254: printf.MSVCRT ref: 00464324
                                      • Part of subcall function 00464254: CertRDNValueToStrA.CRYPT32(?,?,00000000,00000000), ref: 00464338
                                      • Part of subcall function 00464254: CertRDNValueToStrA.CRYPT32(?,?,00000000,?), ref: 0046435E
                                      • Part of subcall function 00464254: printf.MSVCRT ref: 00464378
                                      • Part of subcall function 00464254: CertRDNValueToStrW.CRYPT32(?,?,00000000,00000000), ref: 00464396
                                    • printf.MSVCRT ref: 00465D61
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000003,?,?), ref: 00465D79
                                      • Part of subcall function 0046297C: printf.MSVCRT ref: 004629B0
                                      • Part of subcall function 0046297C: printf.MSVCRT ref: 004629F0
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000004,?,?), ref: 00465D9A
                                      • Part of subcall function 0046297C: printf.MSVCRT ref: 004629E3
                                    • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,00000000), ref: 00465DB8
                                    • CryptHashPublicKeyInfo.CRYPT32(00000000,00008003,00000000,?,?,?), ref: 00465DE6
                                      • Part of subcall function 0046297C: printf.MSVCRT ref: 004629D2
                                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00465E14
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000002,00000000,00000000), ref: 00465E27
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000002,00000000,00000000), ref: 00465E50
                                    • printf.MSVCRT ref: 00465EFB
                                    • printf.MSVCRT ref: 00465FAD
                                    • CertGetPublicKeyLength.CRYPT32(?,00000003), ref: 0046611D
                                    • printf.MSVCRT ref: 0046615E
                                    • printf.MSVCRT ref: 0046626D
                                    • printf.MSVCRT ref: 004662C0
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 004682FF
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0046832B
                                    • printf.MSVCRT ref: 0046601A
                                      • Part of subcall function 004628A5: wprintf.MSVCRT ref: 004628E2
                                      • Part of subcall function 004628A5: wprintf.MSVCRT ref: 00462907
                                      • Part of subcall function 004628A5: wprintf.MSVCRT ref: 0046291E
                                      • Part of subcall function 004628A5: wprintf.MSVCRT ref: 00462929
                                      • Part of subcall function 004628A5: wprintf.MSVCRT ref: 00462949
                                      • Part of subcall function 004628A5: wprintf.MSVCRT ref: 00462963
                                      • Part of subcall function 00468F35: free.MSVCRT(00000000,?,004692E1,00461A8A,?,00000000,?,?,00461A8A), ref: 00468F43
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$Cert$Contextwprintf$Crypt$CertificateProperty$Value$DecodeObjectPublic$AcquireHashInfoLengthLoadReleaseStringfreevwprintf
                                    • String ID: $%s (%S)$<NULL>$MD5$SHA1
                                    • API String ID: 110794591-2100278587
                                    • Opcode ID: 72095640bdf3d767418bff2b12ff4aef6b98f21d2abbeee485070e5439a82bec
                                    • Instruction ID: 5074139e55ad18e8ef2bb6d4731f1d9f85356cbf5066e5e89d42bf48984e2898
                                    • Opcode Fuzzy Hash: 72095640bdf3d767418bff2b12ff4aef6b98f21d2abbeee485070e5439a82bec
                                    • Instruction Fuzzy Hash: 6EF1A071600605FFEB15AF51DC42EAE77B9FF04314B05402EF610AA1A2FBB9D9609B1B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00461A5B, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190encryptionstringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 17%
                                    			E00461A5B(void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char* _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char _v24;
				char* _v28;
				char* _v32;
				intOrPtr _v36;
				char _v40;
				char* _t71;
				char* _t80;
				char _t82;
				char* _t84;
				intOrPtr* _t86;
				signed int _t88;
				char* _t89;
				char* _t90;
				char* _t94;
				intOrPtr* _t96;
				signed int* _t97;
				signed int _t98;
				intOrPtr* _t99;

				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				_v8 = 0;
				if(E00469279( *0x46a824,  &_v16) == 0) {
					_t84 = ",";
					if(strtok(_v16, _t84) == 0) {
						L5:
						_push(2);
						_t58 = 0;
						asm("repe cmpsb");
						if(0 != 0) {
							asm("sbb eax, eax");
							asm("sbb eax, 0xffffffff");
						}
						if(_t58 != 0) {
							L27:
							if(_v16 != 0) {
								_t58 = E00468F35(_t58, _v16);
							}
							_t94 = _v20;
							if(_t94 != 0) {
								_t61 =  *((intOrPtr*)(_t94 + 4));
								if( *((intOrPtr*)(_t94 + 4)) != 0) {
									_t61 = E00468F35(_t61, _t61);
								}
								_t58 = E00468F35(_t61, _t94);
							}
							if(_v28 != 0) {
								E00468F35(_t58, _v28);
							}
							if(_v8 != 0) {
								__imp__CertFreeCertificateContext(_v8);
							}
							return _v32;
						} else {
							L20:
							_t86 = __imp__CertEnumCertificatesInStore;
							_t58 =  *_t86(_a4, 0);
							_v8 = _t58;
							if(_t58 == 0) {
								L26:
								_v32 = 1;
								goto L27;
							}
							_t96 = __imp__CertSetCertificateContextProperty;
							while(1) {
								_push(0);
								_push(0);
								_push(9);
								_push(_v8);
								if( *_t96() == 0) {
									goto L27;
								}
								if(_v12 == 0) {
									L25:
									_t58 =  *_t86(_a4, _v8);
									_v8 = _t58;
									if(_t58 != 0) {
										continue;
									}
									goto L26;
								}
								_v40 = _v24;
								_v36 = _v28;
								_push( &_v40);
								_push(0);
								_push(9);
								_push(_v8);
								if( *_t96() == 0) {
									goto L27;
								}
								goto L25;
							}
							goto L27;
						}
					} else {
						goto L3;
					}
					do {
						L3:
						_v12 =  &(_v12[1]);
					} while (strtok(0, _t84) != 0);
					if(_v12 != 0) {
						_t97 = E00469241(8, 0, 0);
						_v20 = _t97;
						if(_t97 == 0) {
							goto L27;
						}
						_t58 = 0;
						asm("stosd");
						asm("stosd");
						_t88 = _v12;
						if(_t88 <= 0x1fffffff) {
							 *_t97 = _t88;
							_t58 = E00469241(_t88 << 2, 0, 0);
							_t97[1] = 0;
							if(0 == 0) {
								goto L27;
							}
							_t80 = _v16;
							_t98 = 0;
							if(_t88 <= 0) {
								L17:
								_t99 = __imp__CryptEncodeObject;
								_push( &_v24);
								_push(0);
								_push(_v20);
								_t89 = "2.5.29.37";
								_push(_t89);
								_push(1);
								if( *_t99() == 0) {
									goto L27;
								}
								_t58 = E00469241(_v24, 0, 0);
								_v28 = _t58;
								if(_t58 == 0) {
									goto L27;
								}
								_push( &_v24);
								_push(_t58);
								_push(_v20);
								_push(_t89);
								_push(1);
								if( *_t99() == 0) {
									goto L27;
								}
								goto L20;
							} else {
								goto L14;
							}
							do {
								L14:
								 *(_v20[1] + _t98 * 4) = _t80;
								_t71 = _t80;
								_t90 =  &(_t71[1]);
								do {
									_t82 =  *_t71;
									_t71 =  &(_t71[1]);
								} while (_t82 != 0);
								_t98 = _t98 + 1;
								_t80 =  &(_t80[_t71 - _t90 + 1]);
							} while (_t98 < _v12);
							goto L17;
						}
						SetLastError(0x80070057);
						goto L27;
					}
					goto L5;
				}
				return 0;
			}

























                                    0x00461a70
                                    0x00461a73
                                    0x00461a76
                                    0x00461a79
                                    0x00461a7c
                                    0x00461a7f
                                    0x00461a82
                                    0x00461a8c
                                    0x00461a9d
                                    0x00461aac
                                    0x00461ac0
                                    0x00461ac3
                                    0x00461ac6
                                    0x00461ac8
                                    0x00461aca
                                    0x00461acc
                                    0x00461ace
                                    0x00461ace
                                    0x00461ad3
                                    0x00461bf4
                                    0x00461bf7
                                    0x00461bfc
                                    0x00461bfc
                                    0x00461c01
                                    0x00461c06
                                    0x00461c08
                                    0x00461c0d
                                    0x00461c10
                                    0x00461c10
                                    0x00461c16
                                    0x00461c16
                                    0x00461c20
                                    0x00461c25
                                    0x00461c25
                                    0x00461c2d
                                    0x00461c32
                                    0x00461c32
                                    0x00000000
                                    0x00461ad9
                                    0x00461b97
                                    0x00461b97
                                    0x00461ba1
                                    0x00461ba3
                                    0x00461ba8
                                    0x00461bed
                                    0x00461bed
                                    0x00000000
                                    0x00461bed
                                    0x00461baa
                                    0x00461bb0
                                    0x00461bb0
                                    0x00461bb1
                                    0x00461bb2
                                    0x00461bb4
                                    0x00461bbb
                                    0x00000000
                                    0x00000000
                                    0x00461bc0
                                    0x00461bde
                                    0x00461be4
                                    0x00461be6
                                    0x00461beb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00461beb
                                    0x00461bc5
                                    0x00461bcb
                                    0x00461bd1
                                    0x00461bd2
                                    0x00461bd3
                                    0x00461bd5
                                    0x00461bdc
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00461bdc
                                    0x00000000
                                    0x00461bb0
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00461aae
                                    0x00461aae
                                    0x00461aae
                                    0x00461ab7
                                    0x00461abe
                                    0x00461ae7
                                    0x00461ae9
                                    0x00461aee
                                    0x00000000
                                    0x00000000
                                    0x00461af4
                                    0x00461af8
                                    0x00461af9
                                    0x00461afa
                                    0x00461b03
                                    0x00461b1d
                                    0x00461b1f
                                    0x00461b24
                                    0x00461b29
                                    0x00000000
                                    0x00000000
                                    0x00461b2f
                                    0x00461b32
                                    0x00461b36
                                    0x00461b59
                                    0x00461b59
                                    0x00461b62
                                    0x00461b63
                                    0x00461b64
                                    0x00461b67
                                    0x00461b6c
                                    0x00461b6d
                                    0x00461b73
                                    0x00000000
                                    0x00000000
                                    0x00461b7a
                                    0x00461b7f
                                    0x00461b84
                                    0x00000000
                                    0x00000000
                                    0x00461b89
                                    0x00461b8a
                                    0x00461b8b
                                    0x00461b8e
                                    0x00461b8f
                                    0x00461b95
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00461b38
                                    0x00461b38
                                    0x00461b3e
                                    0x00461b41
                                    0x00461b43
                                    0x00461b46
                                    0x00461b46
                                    0x00461b48
                                    0x00461b49
                                    0x00461b4f
                                    0x00461b50
                                    0x00461b54
                                    0x00000000
                                    0x00461b38
                                    0x00461b0a
                                    0x00000000
                                    0x00461b0a
                                    0x00000000
                                    0x00461abe
                                    0x00000000

                                    APIs
                                    • strtok.MSVCRT ref: 00461AA6
                                    • strtok.MSVCRT ref: 00461AB3
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00461BA1
                                    • CertSetCertificateContextProperty.CRYPT32(?,00000009,00000000,00000000), ref: 00461BB7
                                    • CertSetCertificateContextProperty.CRYPT32(?,00000009,00000000,?), ref: 00461BD8
                                    • CertEnumCertificatesInStore.CRYPT32(?,?), ref: 00461BE4
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00461C32
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$CertificateContext$CertificatesEnumPropertyStorestrtok$Free
                                    • String ID: 2.5.29.37
                                    • API String ID: 2615395459-3842544949
                                    • Opcode ID: 422784d4adf36ff9247a3d670db0dd1b7c0866e00a04c0b560ff5fc40536ea4f
                                    • Instruction ID: 0fd8720e34a2c8198f9a2ce2ff82f56102dc35fba6f97f5de3513ac826dd1132
                                    • Opcode Fuzzy Hash: 422784d4adf36ff9247a3d670db0dd1b7c0866e00a04c0b560ff5fc40536ea4f
                                    • Instruction Fuzzy Hash: 44518072D0010AAFCF109FE5CD819AFBBB9EB44704F18446BE511B3260F7399D419BAA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0046644E, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 205encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 32%
                                    			E0046644E(void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				char* _v24;
				void* __ebx;
				void* __esi;
				char* _t50;
				char* _t58;
				void* _t82;
				int _t84;
				void* _t96;
				void* _t97;
				void* _t110;
				char* _t111;
				char* _t112;
				char* _t113;
				void* _t116;
				intOrPtr* _t117;
				intOrPtr* _t118;
				void* _t119;
				void* _t120;
				void* _t121;

				_t110 = __edx;
				_t111 = 0;
				_v24 = 0;
				_v16 = 0;
				_v8 = 0;
				if(_a4 != 0) {
					_t50 =  &_v16;
					_v12 = 4;
					__imp__CryptMsgGetParam(_a4, 5, 0, _t50,  &_v12);
					__eflags = _t50;
					if(_t50 != 0) {
						__eflags = _v16;
						if(_v16 != 0) {
							_v8 = 0;
							__eflags = _v16;
							if(_v16 <= 0) {
								L24:
								_v24 = 1;
								L25:
								return _v24;
							}
							_t96 = printf;
							while(1) {
								E00468F8E( *0x46a7f8, 0x1b8b, _v8 + 1);
								_t120 = _t119 + 0xc;
								_t116 = E004681D0(_t97, _a4, 6, _v8,  &_v12);
								__eflags = _t116 - _t111;
								if(_t116 != _t111) {
									_t112 =  *((intOrPtr*)(_t116 + 0x14));
									__eflags = _t112;
									if(_t112 == 0) {
										_t112 = "<NULL>";
									}
									_push(0x1c15);
									_push( *0x46a7f8);
									_push(E00463272(E00468F8E(), _t112, 1));
									_push(_t112);
									printf("%s (%S)\n");
									_t121 = _t120 + 0xc;
									__eflags =  *((intOrPtr*)(_t116 + 0x18));
									if( *((intOrPtr*)(_t116 + 0x18)) != 0) {
										_push(0x1c16);
										_push( *0x46a7f8);
										E00468F8E();
										E004628A5(L"    ",  *((intOrPtr*)(_t116 + 0x1c)),  *((intOrPtr*)(_t116 + 0x18)));
									}
									_t113 =  *((intOrPtr*)(_t116 + 0x20));
									__eflags = _t113;
									if(_t113 == 0) {
										_t113 = "<NULL>";
									}
									_push(0x1c17);
									_push( *0x46a7f8);
									_t82 = E00468F8E();
									_pop(_t97);
									_push(E00463272(_t82, _t113, 4));
									_push(_t113);
									_t84 = printf("%s (%S)\n");
									_t120 = _t121 + 0xc;
									__eflags =  *((intOrPtr*)(_t116 + 0x24));
									if( *((intOrPtr*)(_t116 + 0x24)) != 0) {
										_push(0x1c18);
										_push( *0x46a7f8);
										E00468F8E();
										_pop(_t97);
										_t84 = E004628A5(L"    ",  *((intOrPtr*)(_t116 + 0x28)),  *((intOrPtr*)(_t116 + 0x24)));
									}
									E00468F35(_t84, _t116);
									_t111 = 0;
									__eflags = 0;
								}
								_t58 =  &_v20;
								__imp__CryptMsgGetAndVerifySigner(_a4, _t111, _t111, 4, _t58,  &_v8);
								__eflags = _t58;
								if(__eflags == 0) {
									break;
								}
								E00468F8E( *0x46a7f8, 0x1c19, _v8 + 1);
								_t119 = _t120 + 0xc;
								E00465CD6(_t110, __eflags, _v20, _a8);
								__imp__CertFreeCertificateContext(_v20);
								_t117 = E004681D0(_t97, _a4, 9, _v8,  &_v12);
								__eflags = _t117 - _t111;
								if(_t117 != _t111) {
									_t75 = _v8 + 1;
									__eflags = _v8 + 1;
									E00468F8E( *0x46a7f8, 0x1b8c, _t75);
									_t119 = _t119 + 0xc;
									E00468F35(E0046560E(_t96, _t110, _t117,  *_t117,  *((intOrPtr*)(_t117 + 4)), _a8), _t117);
								}
								_t118 = E004681D0(_t97, _a4, 0xa, _v8,  &_v12);
								__eflags = _t118 - _t111;
								if(_t118 != _t111) {
									_t70 = _v8 + 1;
									__eflags = _v8 + 1;
									E00468F8E( *0x46a7f8, 0x1b8d, _t70);
									_t119 = _t119 + 0xc;
									E00468F35(E0046560E(_t96, _t110, _t118,  *_t118,  *((intOrPtr*)(_t118 + 4)), _a8), _t118);
								}
								_v8 = _v8 + 1;
								__eflags = _v8 - _v16;
								if(_v8 < _v16) {
									continue;
								} else {
									goto L24;
								}
							}
							_push(0x17d3);
							_push( *0x46a7f8);
							E00468F8E();
							goto L25;
						}
						_push(0x1b8a);
						_push( *0x46a7f8);
						E00468F8E();
						return 1;
					}
					_push(0x17d2);
					_push( *0x46a7f8);
					E00468F8E();
				}
				return 0;
			}


























                                    0x0046644e
                                    0x00466457
                                    0x00466459
                                    0x0046645c
                                    0x0046645f
                                    0x00466465
                                    0x00466472
                                    0x0046647c
                                    0x00466483
                                    0x00466489
                                    0x0046648b
                                    0x004664a1
                                    0x004664a4
                                    0x004664c2
                                    0x004664c5
                                    0x004664c8
                                    0x0046669f
                                    0x0046669f
                                    0x004666a6
                                    0x00000000
                                    0x004666aa
                                    0x004664ce
                                    0x004664d4
                                    0x004664e4
                                    0x004664e9
                                    0x004664fd
                                    0x004664ff
                                    0x00466501
                                    0x00466507
                                    0x0046650a
                                    0x0046650c
                                    0x0046650e
                                    0x0046650e
                                    0x00466513
                                    0x00466518
                                    0x0046652d
                                    0x0046652e
                                    0x00466534
                                    0x00466536
                                    0x00466539
                                    0x0046653d
                                    0x0046653f
                                    0x00466544
                                    0x0046654a
                                    0x0046655c
                                    0x0046655c
                                    0x00466561
                                    0x00466564
                                    0x00466566
                                    0x00466568
                                    0x00466568
                                    0x0046656d
                                    0x00466572
                                    0x00466578
                                    0x0046657e
                                    0x00466587
                                    0x00466588
                                    0x0046658e
                                    0x00466590
                                    0x00466593
                                    0x00466597
                                    0x00466599
                                    0x0046659e
                                    0x004665a4
                                    0x004665aa
                                    0x004665b6
                                    0x004665b6
                                    0x004665bc
                                    0x004665c1
                                    0x004665c1
                                    0x004665c1
                                    0x004665c7
                                    0x004665d2
                                    0x004665d8
                                    0x004665da
                                    0x00000000
                                    0x00000000
                                    0x004665f0
                                    0x004665f5
                                    0x004665fe
                                    0x00466606
                                    0x0046661d
                                    0x0046661f
                                    0x00466621
                                    0x00466626
                                    0x00466626
                                    0x00466633
                                    0x00466638
                                    0x00466649
                                    0x00466649
                                    0x0046665f
                                    0x00466661
                                    0x00466663
                                    0x00466668
                                    0x00466668
                                    0x00466675
                                    0x0046667a
                                    0x0046668b
                                    0x0046668b
                                    0x00466690
                                    0x00466696
                                    0x00466699
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00466699
                                    0x004666b0
                                    0x004666b5
                                    0x004666bb
                                    0x00000000
                                    0x004666c1
                                    0x004664a6
                                    0x004664ab
                                    0x004664b1
                                    0x00000000
                                    0x004664ba
                                    0x0046648d
                                    0x00466492
                                    0x00466498
                                    0x0046649e
                                    0x00000000

                                    APIs
                                    • CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 00466483
                                    • printf.MSVCRT ref: 00466534
                                    • printf.MSVCRT ref: 0046658E
                                    • CryptMsgGetAndVerifySigner.CRYPT32(00000004,00000000,00000000,00000004,?,?), ref: 004665D2
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cryptprintf$LoadParamSignerStringVerifyvwprintf
                                    • String ID: $%s (%S)$<NULL>
                                    • API String ID: 4044473539-2923719891
                                    • Opcode ID: 6c781d090b0bf74ee2f3498f9aa22e1ba170725f6489d8ec32a1d69978f5e951
                                    • Instruction ID: 7d533a5a8972d6ff272e6bb44d70c30d0754bb23969f19a1424f2b5ba0804388
                                    • Opcode Fuzzy Hash: 6c781d090b0bf74ee2f3498f9aa22e1ba170725f6489d8ec32a1d69978f5e951
                                    • Instruction Fuzzy Hash: C961D371900608FEEF11AF51DD02DAE7BBAEB40704F11012FF901A61A1FB799E919B5B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00463C7E, Relevance: 13.6, APIs: 9, Instructions: 144encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptSIPRetrieveSubjectGuid.CRYPT32(?,00000000,?), ref: 00463CAE
                                    • CryptSIPLoad.CRYPT32(?,00000000,?), ref: 00463CD5
                                    • memset.MSVCRT ref: 00463CEE
                                      • Part of subcall function 00469241: malloc.MSVCRT ref: 0046924A
                                    • CertOpenStore.CRYPT32(00000005,00000000,00000000,?), ref: 00463D7E
                                    • CryptMsgOpenToDecode.CRYPT32(00000000,?,00000000,00000000,00000000), ref: 00463DB0
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00463DC1
                                    • CryptMsgUpdate.CRYPT32(00000000,?,?,00000001), ref: 00463DD5
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00463DE1
                                    • CryptMsgClose.CRYPT32 ref: 00463DF0
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Crypt$CertCloseStore$Open$DecodeGuidLoadRetrieveSubjectUpdatemallocmemset
                                    • String ID:
                                    • API String ID: 2179762507-0
                                    • Opcode ID: 4a38cd95a4b698c70ad66325e33e565a7be54ca3c94cd94bc9324e02b88ca4e7
                                    • Instruction ID: 9f74e7cd076201fc923f05a3dbae30c56f6a9d9d66db765ae71de782954aff2f
                                    • Opcode Fuzzy Hash: 4a38cd95a4b698c70ad66325e33e565a7be54ca3c94cd94bc9324e02b88ca4e7
                                    • Instruction Fuzzy Hash: CD510871D01219ABDF119FA1DD45AEFBFBDEB48710F00002AF505F2250EB749A55CBAA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004632A1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptGetOIDFunctionAddress.CRYPT32(?,00000000,?,?), ref: 004632EF
                                    • wprintf.MSVCRT ref: 0046334F
                                    • CryptFreeOIDFunctionAddress.CRYPT32(?,00000000), ref: 0046336E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: AddressCryptFunction$Freewprintf
                                    • String ID: %s
                                    • API String ID: 1836932162-620797490
                                    • Opcode ID: 56cf460b6468cd153b63c5c20cd9d1bc845d6c3d25780f240233ef8d8fa891d0
                                    • Instruction ID: ecad8876a1f35626acc55a6193290bb3218aab3ae9d7db273475d6fce18ba50e
                                    • Opcode Fuzzy Hash: 56cf460b6468cd153b63c5c20cd9d1bc845d6c3d25780f240233ef8d8fa891d0
                                    • Instruction Fuzzy Hash: FD213732900268BFCF118F95DC48DEF7FB9EB45755B14402AF914A1220EB758A90DFAA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00462FF4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptDecodeObject.CRYPT32(2.5.29.21,?,?,00000000,?,?), ref: 0046301C
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    • printf.MSVCRT ref: 00463097
                                    • printf.MSVCRT ref: 004630A0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CryptDecodeLoadObjectStringvwprintf
                                    • String ID: 2.5.29.21
                                    • API String ID: 1886321042-359661889
                                    • Opcode ID: 5f86467e814f108e313bb41f50a686a44e52db9ed9639f3b5d482d2ae24caace
                                    • Instruction ID: 1bc91428184fadd6717a64c0f01d36026f27db17db9c0a87b4b2643c6e1fa198
                                    • Opcode Fuzzy Hash: 5f86467e814f108e313bb41f50a686a44e52db9ed9639f3b5d482d2ae24caace
                                    • Instruction Fuzzy Hash: 8B01C431248244FAE7205F40ED02FD937A4F70572AF24806BF702651E4FBB99B169A5F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004617F3, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleA.KERNEL32(00000000,00467EB0), ref: 004617F5
                                    • CryptInitOIDFunctionSet.CRYPT32(CryptDllFormatObject,00000000), ref: 0046180E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptFunctionHandleInitModule
                                    • String ID: CryptDllFormatObject
                                    • API String ID: 188214945-3973519293
                                    • Opcode ID: 77b1ebaf629bbc1e6484f4a10c928a9fe94fa6e1e7c68040f4bb67c547fda7f1
                                    • Instruction ID: bb0875dafd0b9d3fd2587ae2fc81ef3312be1e66680ff9f1c694550e7af8bf9f
                                    • Opcode Fuzzy Hash: 77b1ebaf629bbc1e6484f4a10c928a9fe94fa6e1e7c68040f4bb67c547fda7f1
                                    • Instruction Fuzzy Hash: 05F05E35288712AAEB112F617C05F823BA5E714717F080037FA06E52B0F6B984909AAF
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004622DB, Relevance: 6.1, APIs: 4, Instructions: 74encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E004622DB(void* __ecx, char* _a4, int _a8, BYTE** _a12, intOrPtr* _a16) {
				int _v8;
				signed int _t24;
				BYTE* _t29;

				 *_a12 = 0;
				 *_a16 = 0;
				_v8 = 0;
				if(CryptStringToBinaryA(_a4, _a8, 7, 0,  &_v8, 0, 0) != 0) {
					if(_v8 != 0) {
						_t29 = E00469241(_v8, 0, 0);
						if(_t29 != 0) {
							if(CryptStringToBinaryA(_a4, _a8, 7, _t29,  &_v8, 0, 0) != 0) {
								 *_a12 = _t29;
								 *_a16 = _v8;
								_t24 = 0;
							} else {
								E00468F35(_t21, _t29);
								_t24 = GetLastError();
								if(_t24 > 0) {
									_t24 = _t24 & 0x0000ffff | 0x80070000;
								}
							}
						} else {
							_t24 = 0x8007000e;
						}
					} else {
						_t24 = 0;
					}
				} else {
					_t24 = GetLastError();
					if(_t24 > 0) {
						_t24 = _t24 & 0x0000ffff | 0x80070000;
					}
				}
				return _t24;
			}






                                    0x004622ef
                                    0x004622f5
                                    0x00462301
                                    0x0046230b
                                    0x00462326
                                    0x00462337
                                    0x0046233b
                                    0x00462357
                                    0x0046237b
                                    0x00462380
                                    0x00462382
                                    0x00462359
                                    0x0046235a
                                    0x0046235f
                                    0x00462367
                                    0x0046236e
                                    0x0046236e
                                    0x00462367
                                    0x0046233d
                                    0x0046233d
                                    0x0046233d
                                    0x00462328
                                    0x00462328
                                    0x00462328
                                    0x0046230d
                                    0x0046230d
                                    0x00462315
                                    0x0046231c
                                    0x0046231c
                                    0x00462315
                                    0x00462388

                                    APIs
                                    • CryptStringToBinaryA.CRYPT32(?,?,00000007,00000000,?,00000000,00000000), ref: 00462307
                                    • GetLastError.KERNEL32 ref: 0046230D
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: BinaryCryptErrorLastString
                                    • String ID:
                                    • API String ID: 1279426848-0
                                    • Opcode ID: 8266933b223bb19f6ae7b9f730fe83ef486c0b86c84420cc2a86dc8ff055c85d
                                    • Instruction ID: e7cd73a3d5d7cd3fab5ef363e0d9fd6d88525cdf02d1418961f21ce75351f892
                                    • Opcode Fuzzy Hash: 8266933b223bb19f6ae7b9f730fe83ef486c0b86c84420cc2a86dc8ff055c85d
                                    • Instruction Fuzzy Hash: 12216F71500119FBCB218F65CE449AF7BACEF49750B100426F905D6250E3BCDD40D6A6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00462390, Relevance: 6.1, APIs: 4, Instructions: 74encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptStringToBinaryW.CRYPT32(?,?,00000007,00000000,?,00000000,00000000), ref: 004623BC
                                    • GetLastError.KERNEL32 ref: 004623C2
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: BinaryCryptErrorLastString
                                    • String ID:
                                    • API String ID: 1279426848-0
                                    • Opcode ID: ace5bbc7b557e2a4f9d99d15b111695bb10d80f6bcacfc807258c525fa57e90f
                                    • Instruction ID: 03a3a147075bc74276b7d3d20d0b11e1a7cd4dfdb98df7eb18494363d47efff6
                                    • Opcode Fuzzy Hash: ace5bbc7b557e2a4f9d99d15b111695bb10d80f6bcacfc807258c525fa57e90f
                                    • Instruction Fuzzy Hash: A8219071540129FBCB218F56DD40EAF3FACEF49794F104426F805D6210E6B9CE40DAA6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004686C7, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 92%
                                    			E004686C7(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr* _t26;
				void* _t29;

				_t29 = __ecx -  *0x46a078; // 0x4cbb1deb
				if(_t29 != 0) {
					 *0x46aab8 = __eax;
					 *0x46aab4 = __ecx;
					 *0x46aab0 = __edx;
					 *0x46aaac = __ebx;
					 *0x46aaa8 = __esi;
					 *0x46aaa4 = __edi;
					 *0x46aad0 = ss;
					 *0x46aac4 = cs;
					 *0x46aaa0 = ds;
					 *0x46aa9c = es;
					 *0x46aa98 = fs;
					 *0x46aa94 = gs;
					asm("pushfd");
					_pop( *0x46aac8);
					 *0x46aabc =  *_t26;
					 *0x46aac0 = _v0;
					 *0x46aacc =  &_a4;
					 *0x46aa08 = 0x10001;
					_t11 =  *0x46aac0; // 0x0
					 *0x46a9c4 = _t11;
					 *0x46a9b8 = 0xc0000409;
					 *0x46a9bc = 1;
					_t12 =  *0x46a078; // 0x4cbb1deb
					_v812 = _t12;
					_t13 =  *0x46a07c; // 0xb344e214
					_v808 = _t13;
					SetUnhandledExceptionFilter(0);
					UnhandledExceptionFilter(0x461670);
					return TerminateProcess(GetCurrentProcess(), 0xc0000409);
				} else {
					return __eax;
				}
			}












                                    0x004686c7
                                    0x004686cd
                                    0x00468d42
                                    0x00468d47
                                    0x00468d4d
                                    0x00468d53
                                    0x00468d59
                                    0x00468d5f
                                    0x00468d65
                                    0x00468d6c
                                    0x00468d73
                                    0x00468d7a
                                    0x00468d81
                                    0x00468d88
                                    0x00468d8f
                                    0x00468d90
                                    0x00468d99
                                    0x00468da1
                                    0x00468da9
                                    0x00468db4
                                    0x00468dbe
                                    0x00468dc3
                                    0x00468dc8
                                    0x00468dd2
                                    0x00468ddc
                                    0x00468de1
                                    0x00468de7
                                    0x00468dec
                                    0x00468df4
                                    0x00468dff
                                    0x00468e18
                                    0x004686cf
                                    0x004686cf
                                    0x004686cf

                                    APIs
                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00468DF4
                                    • UnhandledExceptionFilter.KERNEL32(00461670), ref: 00468DFF
                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00468E0A
                                    • TerminateProcess.KERNEL32(00000000), ref: 00468E11
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                    • String ID:
                                    • API String ID: 3231755760-0
                                    • Opcode ID: e6cc64179c77a48a59c3836b26f4edf1da25f157cf2bc8e384401f756b3e23b7
                                    • Instruction ID: dc7a47db9b56d8c0e361100d44e19f0d6a4214a508688a6bb1365b39c62af6c8
                                    • Opcode Fuzzy Hash: e6cc64179c77a48a59c3836b26f4edf1da25f157cf2bc8e384401f756b3e23b7
                                    • Instruction Fuzzy Hash: 9B21ABB9811A00DFD301CFA9EA846457BA4BB58304B14403BE50AA3B60F7F465A9CF1F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00462B61, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptDecodeObject.CRYPT32(1.3.6.1.4.1.311.2.1.27,?,?,00000000,?,?), ref: 00462B8B
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    • printf.MSVCRT ref: 00462BEA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeLoadObjectStringprintfvwprintf
                                    • String ID: 1.3.6.1.4.1.311.2.1.27
                                    • API String ID: 1959750101-3254324927
                                    • Opcode ID: da361024f27a8d63454c58798f49940e5af8ef25ff4c57eac5449886d7ee6bfe
                                    • Instruction ID: 4aa575489578043e686774e1fc100973d414ac6b2957aec5b32544842fbd939e
                                    • Opcode Fuzzy Hash: da361024f27a8d63454c58798f49940e5af8ef25ff4c57eac5449886d7ee6bfe
                                    • Instruction Fuzzy Hash: 07017C35244604FAEB145F51ED06F8D37B5EB00B06F28402BFA10744E0FFF9A6909A4B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00462BFA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptDecodeObject.CRYPT32(1.3.6.1.4.1.311.2.1.26,?,?,00000000,?,?), ref: 00462C22
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    • printf.MSVCRT ref: 00462C62
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeLoadObjectStringprintfvwprintf
                                    • String ID: 1.3.6.1.4.1.311.2.1.26
                                    • API String ID: 1959750101-3070115369
                                    • Opcode ID: 13ab7f1a8c251a95dc1431dcf235e4973cafa28b595d05501d29ad9b52b396d6
                                    • Instruction ID: c8824d1af788ca5d92bb2d458c9a514340cc7a63f7fb2587f82b504292738755
                                    • Opcode Fuzzy Hash: 13ab7f1a8c251a95dc1431dcf235e4973cafa28b595d05501d29ad9b52b396d6
                                    • Instruction Fuzzy Hash: D6F06236200208FADB155B51DE06F8E3BB5E704715F24802BF611654F0FBF596509A5F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00468355, Relevance: 4.5, APIs: 3, Instructions: 33timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00468355(intOrPtr _a4) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				intOrPtr _t9;
				FILETIME* _t14;
				void* _t16;
				intOrPtr _t20;

				_t9 = _a4;
				_t2 = _t9 + 0xc; // 0xe80046a7
				_t20 =  *_t2;
				GetSystemTime( &_v28);
				SystemTimeToFileTime( &_v28,  &_v12);
				_t6 = _t20 + 0x24; // 0xe80046cb
				_t14 = _t6;
				if(_t14->dwLowDateTime != 0 ||  *((intOrPtr*)(_t20 + 0x28)) != 0) {
					if(CompareFileTime(_t14,  &_v12) < 0) {
						_t16 = 0;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t16 = 1;
				}
				return _t16;
			}









                                    0x0046835a
                                    0x00468361
                                    0x00468361
                                    0x00468368
                                    0x00468376
                                    0x0046837c
                                    0x0046837c
                                    0x00468382
                                    0x00468397
                                    0x0046839e
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00468399
                                    0x00468399
                                    0x0046839b
                                    0x0046839b
                                    0x004683a2

                                    APIs
                                    • GetSystemTime.KERNEL32(?,?,?,?,?,?,004668AD,?), ref: 00468368
                                    • SystemTimeToFileTime.KERNEL32(?,004668AD,?,?,?,?,004668AD,?), ref: 00468376
                                    • CompareFileTime.KERNEL32(E80046CB,004668AD,?,?,?,?,004668AD,?), ref: 0046838F
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Time$FileSystem$Compare
                                    • String ID:
                                    • API String ID: 2701012859-0
                                    • Opcode ID: f992afe211264b9533973754b6316280d1458a67de73ceee51149d9686eaa103
                                    • Instruction ID: 6cd5fabc7dba19ea1bda3fd57d1fb94eac70bb5d16a250ca125fb18aa6eb089a
                                    • Opcode Fuzzy Hash: f992afe211264b9533973754b6316280d1458a67de73ceee51149d9686eaa103
                                    • Instruction Fuzzy Hash: 0AF03072510209DFCB109BA4C849ADB77FCEB09715F04056AEA02D3210FA74E585CBA6
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00468163, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 28encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptFindOIDInfo.CRYPT32(00000001,?,00000004), ref: 0046817D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptFindInfo
                                    • String ID:
                                    • API String ID: 4232373045-399585960
                                    • Opcode ID: 5ffcfb2958429afe16978fa289b7e1c033158e0f2051107b5b7419e43bda5f72
                                    • Instruction ID: 4037047ca8f214ee14d663fafec14de0894badc9b2b6e7fcfb04ade9cb131728
                                    • Opcode Fuzzy Hash: 5ffcfb2958429afe16978fa289b7e1c033158e0f2051107b5b7419e43bda5f72
                                    • Instruction Fuzzy Hash: 02F06D72200306AFDB248F49D805F96B7F9FF95321F214459E6419F364E7B0E851CBA9
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00463272, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptFindOIDInfo.CRYPT32(00000001,?,?), ref: 0046327F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptFindInfo
                                    • String ID: <UNKNOWN OID>
                                    • API String ID: 4232373045-3377398671
                                    • Opcode ID: a005f73fd8746e16d62ff98705f143431b46bdd368dfd3aeb05b5b2839d3764e
                                    • Instruction ID: 9190056c1fe424e2f7b6a6f9615683487c1cd933e30bd3d472b624b63b5d2dd4
                                    • Opcode Fuzzy Hash: a005f73fd8746e16d62ff98705f143431b46bdd368dfd3aeb05b5b2839d3764e
                                    • Instruction Fuzzy Hash: 63D05E312041486BDF001F92D818A563B55EB54760B488062F6098E2A0EAB5C990D75A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004681A9, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptFindOIDInfo.CRYPT32(00000001,?,-`F), ref: 004681B6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptFindInfo
                                    • String ID: -`F
                                    • API String ID: 4232373045-899056547
                                    • Opcode ID: ae5de5931acfb63ee655fc4434e5f7b400a0af090fb11e788a9f11324169944a
                                    • Instruction ID: a8d7330835aa4da74b60d05097d8463edf0f7d211b60c29ff98c25a5f2fbe8d5
                                    • Opcode Fuzzy Hash: ae5de5931acfb63ee655fc4434e5f7b400a0af090fb11e788a9f11324169944a
                                    • Instruction Fuzzy Hash: 15D02232208208BFCF404E91CC00EC33B68FB50350F008412F508CA060EEB6C811DB56
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004682C8, Relevance: 3.1, APIs: 2, Instructions: 61encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 004682FF
                                    • CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0046832B
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeObject
                                    • String ID:
                                    • API String ID: 1207547050-0
                                    • Opcode ID: 2bc9474c2c205611bbce1b73c28e559f7532343f35989d7f1540c3386e890c47
                                    • Instruction ID: 22ff33e8a565ce3d9324a82fe73fc63f170789753d1a8a6174aa697871a71582
                                    • Opcode Fuzzy Hash: 2bc9474c2c205611bbce1b73c28e559f7532343f35989d7f1540c3386e890c47
                                    • Instruction Fuzzy Hash: 87117C7260024EFFDF118E91CD80DAF7BBDEB44784B10007ABE04A6310EA76CE51AB25
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004681D0, Relevance: 3.0, APIs: 2, Instructions: 50encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptMsgGetParam.CRYPT32(?,00000006,00000004,00000000,00000004), ref: 004681F2
                                      • Part of subcall function 00469241: malloc.MSVCRT ref: 0046924A
                                    • CryptMsgGetParam.CRYPT32(?,00000006,00000004,00000000,00000004), ref: 0046821B
                                      • Part of subcall function 00468F35: free.MSVCRT(00000000,?,004692E1,00461A8A,?,00000000,?,?,00461A8A), ref: 00468F43
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptParam$freemalloc
                                    • String ID:
                                    • API String ID: 2367485992-0
                                    • Opcode ID: b5f05097753cb11f58744065cf281ac3cdbae3e9f107aded7484e796eeb57f4c
                                    • Instruction ID: 2189997df3281faf7e196c52012cbdedeaf0d2fdacf6e43a330a735953a0be46
                                    • Opcode Fuzzy Hash: b5f05097753cb11f58744065cf281ac3cdbae3e9f107aded7484e796eeb57f4c
                                    • Instruction Fuzzy Hash: 5A017C7650010DFF9F019F95DC90CAF3BBDEB88384B14446AF90093210EB358E11AB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004673E5, Relevance: 43.9, APIs: 29, Instructions: 436encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 555 4673e5-467428 556 467915-467927 call 468f8e 555->556 557 46742e-467435 555->557 566 467929-46792c 556->566 557->556 558 46743b-467451 CertOpenStore 557->558 560 467453-46745a 558->560 561 46745f-46746a 558->561 563 467900-46790f call 468f8e 560->563 564 4674d6-4674dd 561->564 565 46746c-467473 561->565 588 467910-467913 563->588 570 4674e3-4674ea 564->570 571 4675e1-4675e8 564->571 567 46751e-467525 565->567 568 467479-4674a0 CertFindCertificateInStore 565->568 572 467527-46753a call 461fb6 567->572 573 467548-46755b call 461fb6 567->573 574 4674a2-4674a9 568->574 575 4674ae-4674bc CertAddCertificateContextToStore 568->575 579 467630-467642 call 462100 570->579 580 4674f0-46750c call 461cd9 570->580 576 4675ee-4675f5 571->576 577 4676c8-4676d1 571->577 606 46753c-467543 572->606 607 467569-46756e 572->607 573->607 609 46755d-467564 573->609 583 467818-46781b 574->583 584 4674be-4674c5 575->584 585 4674ca-4674d3 CertFreeCertificateContext 575->585 586 467710-467722 call 4621ed 576->586 587 4675fb-467622 CertFindCTLInStore 576->587 590 4676d7-4676f3 CertSaveStore 577->590 591 467782-467789 577->591 618 467644-46764b 579->618 619 467650-467655 579->619 620 467512-467519 580->620 621 4675bb-4675c9 CertAddCRLContextToStore 580->621 604 467842-467845 583->604 605 46781d-467826 CertFreeCertificateContext 583->605 584->583 585->564 631 467724-46772b 586->631 632 467730-467735 586->632 596 467624-46762b 587->596 597 4676a2-4676b0 CertAddCRLContextToStore 587->597 588->566 599 467815 590->599 600 4676f9-46770b call 468f8e 590->600 602 4677bb-4677bd 591->602 603 46778b-46779a CertEnumCertificatesInStore 591->603 617 467837-467839 596->617 610 4676b2-4676b9 597->610 611 4676be-4676c5 CertFreeCRLContext 597->611 599->583 625 46786c-467877 600->625 608 4677bf-4677c6 602->608 622 4677b3-4677b9 603->622 623 46779c-4677ae call 468f8e 603->623 615 467847-46784a CertFreeCertificateContext 604->615 616 467850-467853 604->616 613 467829-46782b 605->613 606->625 607->606 628 467570-467573 607->628 626 4677e4-4677eb 608->626 627 4677c8-4677dc CertGetCRLFromStore 608->627 609->625 610->617 611->577 613->604 630 46782d-467834 CertFreeCRLContext 613->630 615->616 636 467855-467858 CertFreeCRLContext 616->636 637 46785e-467861 616->637 617->604 633 46783b-46783c CertFreeCRLContext 617->633 618->625 619->618 638 467657-46765a 619->638 620->613 634 4675d7-4675de CertFreeCRLContext 621->634 635 4675cb-4675d2 621->635 622->608 623->604 647 46789c-4678a1 625->647 648 467879-46787f 625->648 641 467804-467806 626->641 642 4677ed-4677fc CertEnumCTLsInStore 626->642 627->623 640 4677de-4677e1 627->640 643 467575-46757a 628->643 644 467599 628->644 630->617 631->625 632->631 645 467737-46773a 632->645 633->604 634->571 635->613 636->637 637->625 646 467863-467866 CertFreeCRLContext 637->646 649 467680 638->649 650 46765c-467661 638->650 640->626 654 46780c call 469192 641->654 642->623 653 4677fe-467801 642->653 655 46757c-467587 CertAddCertificateContextToStore 643->655 644->564 656 46759f-4675af call 4666c9 644->656 657 467760 645->657 658 46773c-467741 645->658 646->625 661 4678c6-4678cb 647->661 662 4678a3-4678a9 647->662 659 467881-467896 CertFreeCertificateContext 648->659 660 467898-46789b free 648->660 649->571 652 467686-467696 call 466b9f 649->652 651 467663-46766e CertAddCRLContextToStore 650->651 651->571 665 467674-46767b 651->665 652->665 680 467698-4676a0 652->680 653->641 669 467811-467813 654->669 655->564 670 46758d-467594 655->670 656->670 681 4675b1-4675b9 656->681 657->577 673 467766-467776 call 466c6b 657->673 672 467743-46774e CertAddCRLContextToStore 658->672 659->659 659->660 660->647 666 4678f0-4678fe CertCloseStore 661->666 667 4678cd-4678d3 661->667 663 4678c2-4678c5 free 662->663 664 4678ab-4678c0 CertFreeCRLContext 662->664 663->661 664->663 664->664 665->625 666->563 666->588 674 4678d5-4678ea CertFreeCRLContext 667->674 675 4678ec-4678ef free 667->675 669->599 669->623 670->625 672->577 678 467754-46775b 672->678 673->678 683 467778-467780 673->683 674->674 674->675 675->666 678->625 680->651 681->655 683->672
                                    APIs
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 00467446
                                    • CertFindCertificateInStore.CRYPT32(?,00000000,00010000,?,00000000), ref: 00467495
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00467820
                                    • CertFreeCRLContext.CRYPT32(?), ref: 0046782E
                                    • CertFreeCRLContext.CRYPT32(?), ref: 0046783C
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 0046784A
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00467858
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00467866
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00467887
                                    • free.MSVCRT(?,00000000), ref: 00467899
                                    • CertFreeCRLContext.CRYPT32(?), ref: 004678B1
                                    • free.MSVCRT(?,00000000), ref: 004678C3
                                    • CertFreeCRLContext.CRYPT32(?), ref: 004678DB
                                    • free.MSVCRT(?,00000000), ref: 004678ED
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextFree$Certificate$free$Store$FindLoadOpenStringvwprintf
                                    • String ID:
                                    • API String ID: 22078982-0
                                    • Opcode ID: 7bee6d3a3d47be07b91a38257ae020cb3e4c3183095f764046345c106095e5c1
                                    • Instruction ID: 76b994045fdab3e0c18fb0894d58d599bd19d3364a859f55688ae7feb8e2c248
                                    • Opcode Fuzzy Hash: 7bee6d3a3d47be07b91a38257ae020cb3e4c3183095f764046345c106095e5c1
                                    • Instruction Fuzzy Hash: 95F16C70D08208EFDF119F95DD889AEBBB9FB44348F24416BE401A7220F7799E41DB5A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00467934, Relevance: 37.9, APIs: 25, Instructions: 411encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 004679AA
                                    • CertFindCertificateInStore.CRYPT32(?,00000000,00010000,?,00000000), ref: 00467A3F
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 00467D8A
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00467D98
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00467DA6
                                      • Part of subcall function 00461EB2: CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00461EFC
                                      • Part of subcall function 00461EB2: CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 00461F30
                                      • Part of subcall function 00461EB2: CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 00461F6D
                                      • Part of subcall function 00461EB2: CertFreeCertificateContext.CRYPT32(?), ref: 00461F85
                                      • Part of subcall function 00461EB2: CertFreeCRLContext.CRYPT32(?), ref: 00461F93
                                      • Part of subcall function 00461EB2: CertFreeCRLContext.CRYPT32(00000004), ref: 00461FA4
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00467DC7
                                    • free.MSVCRT(?), ref: 00467DD9
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00467DF1
                                    • free.MSVCRT(?), ref: 00467E03
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00467E1B
                                    • free.MSVCRT(?), ref: 00467E2D
                                    • CertCloseStore.CRYPT32(?,00000000), ref: 00467E3F
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextFree$Store$Certificate$free$Enum$CertificatesCloseFindFromOpen
                                    • String ID:
                                    • API String ID: 3594960610-0
                                    • Opcode ID: 018060092f2e98f32061d30ee89f436986008852d912977857b9bd935cee9531
                                    • Instruction ID: 48706a64e50cd3ef551bb83124ebbe18f032bc70ed8b31bbd7fad8f43761332c
                                    • Opcode Fuzzy Hash: 018060092f2e98f32061d30ee89f436986008852d912977857b9bd935cee9531
                                    • Instruction Fuzzy Hash: BDF14670908208EBDF119F95DD849AEBBB5FF44308F24456BE501A3220F7BA5E819F5B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00464254, Relevance: 31.7, APIs: 10, Strings: 8, Instructions: 201encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 43%
                                    			E00464254(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr* _t58;
				intOrPtr* _t68;
				intOrPtr _t79;
				intOrPtr _t81;
				intOrPtr _t83;
				void* _t86;
				intOrPtr _t88;
				int _t92;
				intOrPtr _t94;
				char* _t95;
				unsigned int _t97;
				intOrPtr* _t98;
				intOrPtr* _t99;
				intOrPtr* _t101;
				intOrPtr _t103;
				void* _t112;
				intOrPtr* _t113;
				void* _t114;

				_t94 = 0;
				_t58 = E004682C8(__ecx, 7, _a4, _a8, 0);
				_v24 = _t58;
				if(_t58 != 0) {
					_t101 =  *((intOrPtr*)(_t58 + 4));
					_a4 = 0;
					_v12 = _t101;
					if( *_t58 <= 0) {
						L30:
						_t112 = 1;
						E00468F35(_t58, _t58);
						goto L31;
					} else {
						do {
							_t113 =  *((intOrPtr*)(_t101 + 4));
							_a8 = _t94;
							if( *_t101 <= _t94) {
								goto L28;
							}
							_v16 = _a12 & 0x00010000;
							do {
								_t95 =  *_t113;
								if(_t95 == 0) {
									_t95 = "<NULL>";
								}
								if(_v16 != 0) {
									L25:
									_push(E00463272(0, _t95, 0));
									_push(_t95);
									_push(_a8);
									_push(_a4);
									printf("  [%d,%d] %s (%S) ");
									E00468F8E( *0x46a7f8, 0x1baa,  *((intOrPtr*)(_t113 + 4)));
									_t114 = _t114 + 0x20;
									E004628A5(L"    ",  *((intOrPtr*)(_t113 + 0xc)),  *(_t113 + 8));
								} else {
									_t103 =  *((intOrPtr*)(_t113 + 4));
									if(_t103 == 1 || _t103 == 2) {
										goto L25;
									} else {
										if(_t103 != 0xb) {
											_push( *((intOrPtr*)(_t113 + 0xc)));
											_push(0);
											_push(_t95);
											if(_t103 != 0xc) {
												E00463272(0);
												_push(_a8);
												_push(_a4);
												_push("  [%d,%d] %s (%S) %s\n");
											} else {
												E00463272(0);
												_push(_a8);
												_push(_a4);
												_push("  [%d,%d] %s (%S) %S\n");
											}
											printf();
											_t114 = _t114 + 0x18;
											goto L26;
										}
										_push(E00463272(0, _t95, 0));
										_push(_t95);
										_push(_a8);
										_push(_a4);
										printf("  [%d,%d] %s (%S)");
										_t114 = _t114 + 0x14;
										_t97 =  *(_t113 + 8) >> 2;
										_v8 =  *((intOrPtr*)(_t113 + 0xc));
										while(_t97 > 0) {
											_push( *_v8);
											printf(" 0x%08X");
											_t97 = _t97 - 1;
											_v8 = _v8 + 4;
										}
										printf("\n");
										_t98 = __imp__CertRDNValueToStrA;
										_t79 =  *_t98( *((intOrPtr*)(_t113 + 4)), _t113 + 8, 0, 0);
										_v20 = _t79;
										if(_t79 > 1) {
											_t88 = E00469241(_t79, 0, 0);
											_v8 = _t88;
											if(_t88 != 0) {
												 *_t98(_t113 + 8, _t88, _v20);
												E00468F8E( *0x46a7f8, 0x1bab,  *((intOrPtr*)(_t113 + 4)));
												_push(_v8);
												_t92 = printf("%s\n");
												_t114 = _t114 + 0x10;
												E00468F35(_t92, _v8);
											}
										}
										_t99 = __imp__CertRDNValueToStrW;
										_t81 =  *_t99( *((intOrPtr*)(_t113 + 4)), _t113 + 8, 0, 0);
										_v20 = _t81;
										if(_t81 > 1) {
											_t83 = E00469241(_t81 + _t81, 0, 0);
											_v8 = _t83;
											if(_t83 != 0) {
												 *_t99( *((intOrPtr*)(_t113 + 4)), _t113 + 8, _t83, _v20);
												_t86 = E00468F8E( *0x46a7f8, 0x1bac, _v8);
												_t114 = _t114 + 0xc;
												E00468F35(_t86, _v8);
											}
										}
										goto L26;
									}
								}
								L26:
								_a8 = _a8 + 1;
								_t68 = _v12;
								_t113 = _t113 + 0x10;
							} while (_a8 <  *_t68);
							_t101 = _t68;
							_t58 = _v24;
							_t94 = 0;
							L28:
							_a4 = _a4 + 1;
							_t101 = _t101 + 8;
							_v12 = _t101;
						} while (_a4 <  *_t58);
						goto L30;
					}
				} else {
					_t112 = 0;
					L31:
					return _t112;
				}
			}


























                                    0x0046425e
                                    0x00464269
                                    0x0046426e
                                    0x00464273
                                    0x0046427c
                                    0x0046427f
                                    0x00464282
                                    0x00464287
                                    0x0046448b
                                    0x0046448e
                                    0x0046448f
                                    0x00000000
                                    0x0046428d
                                    0x00464294
                                    0x00464294
                                    0x00464297
                                    0x0046429c
                                    0x00000000
                                    0x00000000
                                    0x004642aa
                                    0x004642ad
                                    0x004642ad
                                    0x004642b3
                                    0x004642b5
                                    0x004642b5
                                    0x004642bd
                                    0x0046441f
                                    0x00464426
                                    0x00464427
                                    0x00464428
                                    0x0046442b
                                    0x00464433
                                    0x00464443
                                    0x00464448
                                    0x00464456
                                    0x004642c3
                                    0x004642c3
                                    0x004642c9
                                    0x00000000
                                    0x004642d8
                                    0x004642db
                                    0x004643e8
                                    0x004643eb
                                    0x004643ec
                                    0x004643f0
                                    0x00464406
                                    0x0046440d
                                    0x00464410
                                    0x00464413
                                    0x004643f2
                                    0x004643f2
                                    0x004643f9
                                    0x004643fc
                                    0x004643ff
                                    0x004643ff
                                    0x00464418
                                    0x0046441a
                                    0x00000000
                                    0x0046441a
                                    0x004642e8
                                    0x004642e9
                                    0x004642ea
                                    0x004642ed
                                    0x004642f5
                                    0x004642fd
                                    0x00464300
                                    0x00464303
                                    0x0046431b
                                    0x0046430b
                                    0x00464312
                                    0x00464315
                                    0x00464316
                                    0x0046431a
                                    0x00464324
                                    0x00464326
                                    0x00464338
                                    0x0046433a
                                    0x00464340
                                    0x00464347
                                    0x0046434c
                                    0x00464351
                                    0x0046435e
                                    0x0046436b
                                    0x00464370
                                    0x00464378
                                    0x0046437a
                                    0x00464380
                                    0x00464380
                                    0x00464351
                                    0x00464385
                                    0x00464396
                                    0x00464398
                                    0x0046439e
                                    0x004643ab
                                    0x004643b0
                                    0x004643b5
                                    0x004643c6
                                    0x004643d6
                                    0x004643db
                                    0x004643e1
                                    0x004643e1
                                    0x004643b5
                                    0x00000000
                                    0x0046439e
                                    0x004642c9
                                    0x0046445b
                                    0x0046445b
                                    0x0046445e
                                    0x00464464
                                    0x00464467
                                    0x0046446f
                                    0x00464471
                                    0x00464474
                                    0x00464476
                                    0x00464476
                                    0x0046447c
                                    0x0046447f
                                    0x00464482
                                    0x00000000
                                    0x0046448a
                                    0x00464275
                                    0x00464275
                                    0x00464494
                                    0x00464499
                                    0x00464499

                                    APIs
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 004682FF
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0046832B
                                    • printf.MSVCRT ref: 004642F5
                                    • printf.MSVCRT ref: 00464324
                                    • CertRDNValueToStrA.CRYPT32(?,?,00000000,00000000), ref: 00464338
                                    • CertRDNValueToStrA.CRYPT32(?,?,00000000,?), ref: 0046435E
                                    • printf.MSVCRT ref: 00464378
                                    • CertRDNValueToStrW.CRYPT32(?,?,00000000,00000000), ref: 00464396
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertValueprintf$CryptDecodeObject
                                    • String ID: $ [%d,%d] %s (%S)$ [%d,%d] %s (%S) $ [%d,%d] %s (%S) %S$ [%d,%d] %s (%S) %s$ 0x%08X$%s$<NULL>
                                    • API String ID: 4228225058-790891399
                                    • Opcode ID: 704ab62c28d54719655ad8c3e4997929f6eaf9bab2c572a282f6cabc94e8534a
                                    • Instruction ID: 994a6f9c02019114d0247a334d8c5cbfdaf33fe7bf5b67d811fea11c28d66494
                                    • Opcode Fuzzy Hash: 704ab62c28d54719655ad8c3e4997929f6eaf9bab2c572a282f6cabc94e8534a
                                    • Instruction Fuzzy Hash: 5D61D771600204BFDF10AFA1CC82EAE7779EF44304F10842AFA1596261FB759E509B5B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00466795, Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 184encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    • printf.MSVCRT ref: 004667FC
                                    • printf.MSVCRT ref: 0046685D
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,?,00000014), ref: 004668D4
                                    • CertGetCRLContextProperty.CRYPT32(?,00000004,?,00000014), ref: 004668F9
                                    • printf.MSVCRT ref: 0046694C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CertContextProperty$LoadStringvwprintf
                                    • String ID: $ [%d] %s$%s $<NULL>$MD5$SHA1
                                    • API String ID: 1489666178-2308969636
                                    • Opcode ID: c3d1217fc060380e3013d9384df456c53728d0ac4114928df0089dee3567b6d3
                                    • Instruction ID: 9d46c2bd6081a63d7f1347768941c32cdb62e12ab0cc49a9329e18ab780faa07
                                    • Opcode Fuzzy Hash: c3d1217fc060380e3013d9384df456c53728d0ac4114928df0089dee3567b6d3
                                    • Instruction Fuzzy Hash: 5E51D0B1500209AFDB10AF62DC02E9E77BAFB04315F14012EF501661A1FBB9A9A5CF1F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00461EB2, Relevance: 18.1, APIs: 12, Instructions: 93encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertDuplicateCertificateContext.CRYPT32(?), ref: 00461EE3
                                    • CertDeleteCRLFromStore.CRYPT32(00000000), ref: 00461EEA
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00461EFC
                                    • CertDuplicateCRLContext.CRYPT32(?), ref: 00461F17
                                    • CertDeleteCRLFromStore.CRYPT32(00000000), ref: 00461F22
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 00461F30
                                    • CertDuplicateCRLContext.CRYPT32(00000004), ref: 00461F4F
                                    • CertDeleteCRLFromStore.CRYPT32(00000000), ref: 00461F5A
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 00461F6D
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00461F85
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00461F93
                                    • CertFreeCRLContext.CRYPT32(00000004), ref: 00461FA4
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextStore$From$DeleteDuplicateFree$CertificateEnum$Certificates
                                    • String ID:
                                    • API String ID: 3778652152-0
                                    • Opcode ID: c2788f876d1736ea3044c19aa6cbc12485f87e00ad1cbfa4e3bb2118bfc2efdd
                                    • Instruction ID: b36a2918a42c91d06e2ac77eefac53647ac0b32b75a573d648fc3621b842dfb4
                                    • Opcode Fuzzy Hash: c2788f876d1736ea3044c19aa6cbc12485f87e00ad1cbfa4e3bb2118bfc2efdd
                                    • Instruction Fuzzy Hash: 00314B71D04249EBCF119FA5DC489AEBBB9BB44341F2C8466E501E2130F7B98A84DF5A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004628A5, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 85COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 93%
                                    			E004628A5(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t15;
				int _t18;
				signed char _t20;
				intOrPtr _t30;
				void* _t42;
				void* _t43;
				void* _t44;
				intOrPtr _t46;

				if(_a12 == 0) {
					return E00468F8E( *0x46a7f8, 0x1b8e, _a4);
				}
				if(__eflags > 0) {
					do {
						_push(_a4);
						wprintf(L"%s");
						_t30 = 0x10;
						__eflags = _a12 - _t30;
						if(_a12 <= _t30) {
							_t30 = _a12;
						}
						_a12 = _a12 - _t30;
						_t42 = 0;
						__eflags = _t30;
						if(_t30 <= 0) {
							L8:
							_t43 = 0x10;
							__eflags = _t30 - _t43;
							if(_t30 >= _t43) {
								L11:
								wprintf(L"    \'");
								_t44 = 0;
								__eflags = _t30;
								if(_t30 <= 0) {
									goto L17;
								} else {
									goto L12;
								}
								do {
									L12:
									_t20 =  *((intOrPtr*)(_t44 + _a8));
									__eflags = _t20 - 0x20;
									if(_t20 < 0x20) {
										L15:
										wprintf(".");
										goto L16;
									}
									__eflags = _t20 - 0x7f;
									if(_t20 > 0x7f) {
										goto L15;
									}
									_push(_t20 & 0x000000ff);
									wprintf(L"%c");
									L16:
									_t44 = _t44 + 1;
									__eflags = _t44 - _t30;
								} while (_t44 < _t30);
								goto L17;
							}
							_t46 = _t43 - _t30;
							__eflags = _t46;
							do {
								wprintf(L"   ");
								_t46 = _t46 - 1;
								__eflags = _t46;
							} while (_t46 != 0);
							goto L11;
						} else {
							do {
								_push( *(_t42 + _a8) & 0x000000ff);
								wprintf(L" %02X");
								_t42 = _t42 + 1;
								__eflags = _t42 - _t30;
							} while (_t42 < _t30);
							goto L8;
						}
						L17:
						_a8 = _a8 + _t30;
						_t18 = wprintf(L"\'\n");
						__eflags = _a12;
					} while (_a12 > 0);
					return _t18;
				}
				return _t15;
			}











                                    0x004628ae
                                    0x00000000
                                    0x004628c3
                                    0x004628cb
                                    0x004628da
                                    0x004628da
                                    0x004628e2
                                    0x004628e8
                                    0x004628e9
                                    0x004628ec
                                    0x004628ee
                                    0x004628ee
                                    0x004628f1
                                    0x004628f4
                                    0x004628f6
                                    0x004628f8
                                    0x00462910
                                    0x00462912
                                    0x00462913
                                    0x00462915
                                    0x00462924
                                    0x00462929
                                    0x0046292b
                                    0x0046292e
                                    0x00462930
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00462932
                                    0x00462932
                                    0x00462935
                                    0x00462938
                                    0x0046293a
                                    0x0046294e
                                    0x00462953
                                    0x00000000
                                    0x00462953
                                    0x0046293c
                                    0x0046293e
                                    0x00000000
                                    0x00000000
                                    0x00462943
                                    0x00462949
                                    0x00462955
                                    0x00462955
                                    0x00462957
                                    0x00462957
                                    0x00000000
                                    0x00462932
                                    0x00462917
                                    0x00462917
                                    0x00462919
                                    0x0046291e
                                    0x00462920
                                    0x00462920
                                    0x00462921
                                    0x00000000
                                    0x004628fa
                                    0x004628fa
                                    0x00462901
                                    0x00462907
                                    0x00462909
                                    0x0046290c
                                    0x0046290c
                                    0x00000000
                                    0x004628fa
                                    0x0046295b
                                    0x0046295b
                                    0x00462963
                                    0x00462965
                                    0x00462969
                                    0x00000000
                                    0x00462972
                                    0x00462974

                                    APIs
                                    • wprintf.MSVCRT ref: 004628E2
                                    • wprintf.MSVCRT ref: 00462907
                                    • wprintf.MSVCRT ref: 0046291E
                                    • wprintf.MSVCRT ref: 00462929
                                    • wprintf.MSVCRT ref: 00462949
                                    • wprintf.MSVCRT ref: 00462963
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: wprintf$LoadStringvwprintf
                                    • String ID: $ '$ %02X
                                    • API String ID: 2851814717-3839679036
                                    • Opcode ID: 21d8019cb2de4b53c4e31fa162e16732c151d9bdd4dffa26ebd3a632aa37063a
                                    • Instruction ID: 969455962f6716474121de6a3a07b5a14b6b281986fa17d10f80c4c086497d28
                                    • Opcode Fuzzy Hash: 21d8019cb2de4b53c4e31fa162e16732c151d9bdd4dffa26ebd3a632aa37063a
                                    • Instruction Fuzzy Hash: 8E216873700B0EBAE7105E659E41BBE3715FBC1721F24003BFE1146290BAF848954AAF
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004669E9, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 138encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 20%
                                    			E004669E9(void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				char _v28;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				char _t83;
				void* _t86;
				void* _t95;
				void* _t96;
				char* _t97;
				intOrPtr _t98;
				signed int _t99;

				_t95 = __edx;
				_t42 =  *0x46a078; // 0x4cbb1deb
				_v8 = _t42 ^ _t99;
				_t98 = _a4;
				_t83 = 0x14;
				_push(0x1b5d);
				_push( *0x46a7f8);
				_v32 = _t83;
				E00468F8E();
				_pop(_t86);
				E00464254(_t86, _t96,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x14)),  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x10)), _a8);
				E00468F8E( *0x46a7f8, 0x1b7d, E00463E22(_t95, _t96,  *((intOrPtr*)(_t98 + 0xc)) + 0x18));
				E00468F8E( *0x46a7f8, 0x1b7e, E00463E22(_t95, _t96,  *((intOrPtr*)(_t98 + 0xc)) + 0x20));
				_t97 = __imp__CertGetCRLContextProperty;
				 *_t97(_t98, 3,  &_v28,  &_v32);
				E0046297C("SHA1",  &_v28, _v32);
				_v32 = _t83;
				 *_t97(_t98, 4,  &_v28,  &_v32);
				E0046297C("MD5",  &_v28, _v32);
				if((_a8 & 0x00010000) != 0) {
					E00468F8E( *0x46a7f8, 0x1b68,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)))));
					_t97 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 4));
					if(_t97 == 0) {
						_t97 = "<NULL>";
					}
					_push(0x1b69);
					_push( *0x46a7f8);
					E00468F8E();
					_push(_t97);
					printf("%s \n");
					if( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 8)) != 0) {
						_push(0x1b6a);
						_push( *0x46a7f8);
						E00468F8E();
						E004628A5(L"    ",  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0xc)),  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 8)));
					}
					_t78 =  *((intOrPtr*)(_t98 + 0xc));
					if( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x30)) != 0) {
						E004657BD( *((intOrPtr*)(_t78 + 0x30)),  *((intOrPtr*)(_t78 + 0x34)), _a8);
					}
				}
				if( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x28)) != 0) {
					_push(0x1b83);
					_push( *0x46a7f8);
					E00468F8E();
					E00466391(_t95,  *((intOrPtr*)(_t98 + 0x28)),  *((intOrPtr*)(_t98 + 0x2c)), _a8);
				} else {
					_push(0x1b82);
					_push( *0x46a7f8);
					E00468F8E();
				}
				return E004686C7(1, 0, _v8 ^ _t99, _t95, _t97, _t98);
			}

















                                    0x004669e9
                                    0x004669f1
                                    0x004669f8
                                    0x004669fd
                                    0x00466a03
                                    0x00466a04
                                    0x00466a09
                                    0x00466a0f
                                    0x00466a12
                                    0x00466a1b
                                    0x00466a25
                                    0x00466a42
                                    0x00466a62
                                    0x00466a67
                                    0x00466a7b
                                    0x00466a89
                                    0x00466a99
                                    0x00466a9c
                                    0x00466aaa
                                    0x00466ab8
                                    0x00466ace
                                    0x00466ad6
                                    0x00466ade
                                    0x00466ae0
                                    0x00466ae0
                                    0x00466ae5
                                    0x00466aea
                                    0x00466af0
                                    0x00466af5
                                    0x00466afb
                                    0x00466b0a
                                    0x00466b0c
                                    0x00466b11
                                    0x00466b17
                                    0x00466b2c
                                    0x00466b2c
                                    0x00466b31
                                    0x00466b37
                                    0x00466b42
                                    0x00466b42
                                    0x00466b37
                                    0x00466b4d
                                    0x00466b63
                                    0x00466b68
                                    0x00466b6e
                                    0x00466b81
                                    0x00466b4f
                                    0x00466b4f
                                    0x00466b54
                                    0x00466b5a
                                    0x00466b60
                                    0x00466b97

                                    APIs
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                      • Part of subcall function 00463E22: LoadStringW.USER32(00001C0C,0046A870,00000064), ref: 00463E62
                                      • Part of subcall function 00463E22: LoadStringW.USER32(00001B9D,?,00000032), ref: 00463E8A
                                      • Part of subcall function 00463E22: LoadStringW.USER32(00001B9E,?,00000032), ref: 00463EA5
                                      • Part of subcall function 00463E22: FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00463EB7
                                      • Part of subcall function 00463E22: FileTimeToSystemTime.KERNEL32(?,?), ref: 00463ECB
                                      • Part of subcall function 00463E22: _wasctime.MSVCRT ref: 00463F4D
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,?,?), ref: 00466A7B
                                      • Part of subcall function 0046297C: printf.MSVCRT ref: 004629B0
                                      • Part of subcall function 0046297C: printf.MSVCRT ref: 004629F0
                                    • CertGetCRLContextProperty.CRYPT32(?,00000004,?,?), ref: 00466A9C
                                      • Part of subcall function 0046297C: printf.MSVCRT ref: 004629E3
                                    • printf.MSVCRT ref: 00466AFB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadStringTimeprintf$File$CertContextProperty$LocalSystem_wasctimevwprintf
                                    • String ID: $%s $<NULL>$MD5$SHA1
                                    • API String ID: 1904437375-3298317204
                                    • Opcode ID: 298fbb8e37ff97c6a0577729891d05798175341ba780583688594dce565c8a6f
                                    • Instruction ID: 99aeba3eecd9b02e659ae11b48996e95359cdb8e2d2096fd1f1886d05da0a20c
                                    • Opcode Fuzzy Hash: 298fbb8e37ff97c6a0577729891d05798175341ba780583688594dce565c8a6f
                                    • Instruction Fuzzy Hash: 0141C171600608EFDB10AF95DC42C9A77B9FF04324B05802EF514A71A1FB79E961CF4A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00466D37, Relevance: 13.7, APIs: 9, Instructions: 154encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCertificatesInStore.CRYPT32(?,?), ref: 00466DAD
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00466D65
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                      • Part of subcall function 00465CD6: printf.MSVCRT ref: 00465D61
                                      • Part of subcall function 00465CD6: CertGetCertificateContextProperty.CRYPT32(?,00000003,?,?), ref: 00465D79
                                      • Part of subcall function 00465CD6: CertGetCertificateContextProperty.CRYPT32(?,00000004,?,?), ref: 00465D9A
                                      • Part of subcall function 00465CD6: CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,00000000), ref: 00465DB8
                                      • Part of subcall function 00465CD6: CryptHashPublicKeyInfo.CRYPT32(00000000,00008003,00000000,?,?,?), ref: 00465DE6
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 00466DE1
                                    • CertEnumCTLsInStore.CRYPT32(?,?), ref: 00466E29
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 00466E62
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,?,?), ref: 00466EAF
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00466ED6
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00466EE4
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00466EF5
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextStore$Enum$CertificateFree$CertificatesCryptFromProperty$AcquireHashInfoLoadPublicStringprintfvwprintf
                                    • String ID:
                                    • API String ID: 2852249584-0
                                    • Opcode ID: c8b44247fee76b6e0831579f1ff7553cdf1780cd585eee9771f447835df54eaf
                                    • Instruction ID: a33bd639f93f8a8f43cda7cf185d186b2bad3e885d83a010faa18bf37369fe4b
                                    • Opcode Fuzzy Hash: c8b44247fee76b6e0831579f1ff7553cdf1780cd585eee9771f447835df54eaf
                                    • Instruction Fuzzy Hash: F351AD71A04609BEDF126FA1DC4189E7FB6FB40705B29412BF500A6170FBB64EA19F4B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00461FB6, Relevance: 13.6, APIs: 9, Instructions: 115encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • realloc.MSVCRT ref: 00462007
                                    • CertDuplicateCertificateContext.CRYPT32(?), ref: 0046201C
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 0046203A
                                    • realloc.MSVCRT ref: 00462055
                                    • CertDuplicateCertificateContext.CRYPT32(?), ref: 00462066
                                    • CertFindCertificateInStore.CRYPT32(?,00000000,00080007,?,00000000), ref: 0046208F
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 004620B4
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 004620D5
                                    • free.MSVCRT(?), ref: 004620E3
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Certificate$Context$DuplicateFreeStorerealloc$CertificatesEnumFindfree
                                    • String ID:
                                    • API String ID: 3052196173-0
                                    • Opcode ID: 81215cfa21c05558d4d0c4b853b7e9196b5844292cb95527cd280f4ef9d52071
                                    • Instruction ID: 475933fbcba68db1833842e2a810b725e3b5aa3d59b5b3d5d397316ab2a6e69a
                                    • Opcode Fuzzy Hash: 81215cfa21c05558d4d0c4b853b7e9196b5844292cb95527cd280f4ef9d52071
                                    • Instruction Fuzzy Hash: E2416C7550024AFFCF219F94DA8489E7BF1FB08301B24487EEA9193221E7B69D90DF16
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0046560E, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 140COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 21%
                                    			E0046560E(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8, signed int _a12) {
				char* _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* __edi;
				intOrPtr _t42;
				char* _t43;
				void* _t57;
				intOrPtr* _t65;
				intOrPtr _t67;
				void* _t72;
				void* _t74;
				void* _t77;
				char _t78;
				intOrPtr* _t83;
				void* _t90;
				void* _t93;

				_t77 = __edx;
				_t78 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_a4 <= 0) {
					L26:
					return _t42;
				} else {
					goto L3;
					L6:
					_v20 = _t78;
					if(_t93 <= 0) {
						L23:
						_v12 = _v12 + 1;
						_t42 = _v12;
						_a8 = _t83 + 0xc;
						if(_t42 < _a4) {
							_t78 = 0;
							L3:
							_t83 = _a8;
							_t43 =  *_t83;
							_t67 =  *((intOrPtr*)(_t83 + 4));
							_t65 =  *((intOrPtr*)(_t83 + 8));
							_v24 = _t67;
							_v8 = _t43;
							if(_t43 == _t78) {
								_v8 = "<NULL>";
							}
							_t93 = _t67 - _t78;
							if(_t93 == 0) {
								goto L20;
							} else {
								goto L6;
							}
						}
						if(_v16 == 0) {
							goto L26;
						}
						return E00468F35(_t42, _v16);
					} else {
						goto L7;
					}
					do {
						L7:
						_push(_v8);
						_push(_v20);
						_push(_v12);
						printf("  [%d,%d] %s\n");
						_t49 =  *_t65;
						_t90 = _t90 + 0x10;
						if( *_t65 == 0) {
							_push(0x1b90);
							_push( *0x46a7f8);
							E00468F8E();
						} else {
							if((_a12 & 0x00010000) != 0) {
								E004628A5(L"    ",  *((intOrPtr*)(_t65 + 4)), _t49);
							}
							_push(0x15);
							asm("repe cmpsb");
							if(0 == 0) {
								_push(0x1b8f);
								_push( *0x46a7f8);
								E00468F8E();
								E004655AE( *((intOrPtr*)(_t65 + 4)),  *_t65, _a12);
							}
							_push(0x15);
							asm("repe cmpsb");
							if(0 == 0) {
								_push(0x1c13);
								_push( *0x46a7f8);
								E00468F8E();
								_pop(_t74);
								E00464F00(_t74, "1.2.840.113549.1.9.6",  *((intOrPtr*)(_t65 + 4)),  *_t65, _a12);
							}
							_t72 = 0x15;
							asm("repe cmpsb");
							if(0 == 0) {
								_t89 = E004682C8(_t72, 0x11,  *((intOrPtr*)(_t65 + 4)),  *_t65, 0);
								if(_t55 != 0) {
									_t57 = E00468F8E( *0x46a7f8, 0x1c14, E00463E22(_t77, "1.2.840.113549.1.9.5", _t89));
									_t90 = _t90 + 0xc;
									E00468F35(_t57, _t89);
								}
							}
						}
						_v20 = _v20 + 1;
						_t65 = _t65 + 8;
					} while (_v20 < _v24);
					_t83 = _a8;
					goto L23;
					L20:
					if(E00468241(_v8,  &_v16) != 0) {
						_v16 = _t78;
					} else {
						_push(_v16);
						E00468F8E( *0x46a7f8, 0x1b91, _v12);
						_t90 = _t90 + 0x10;
					}
					goto L23;
				}
			}





















                                    0x0046560e
                                    0x00465617
                                    0x00465619
                                    0x0046561c
                                    0x00465622
                                    0x004657b5
                                    0x004657b5
                                    0x00465628
                                    0x0046562a
                                    0x00465652
                                    0x00465652
                                    0x00465655
                                    0x0046578e
                                    0x0046578e
                                    0x00465791
                                    0x00465797
                                    0x0046579d
                                    0x0046562c
                                    0x0046562e
                                    0x0046562e
                                    0x00465631
                                    0x00465633
                                    0x00465636
                                    0x00465639
                                    0x0046563c
                                    0x00465641
                                    0x00465643
                                    0x00465643
                                    0x0046564a
                                    0x0046564c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0046564c
                                    0x004657a9
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0046565b
                                    0x0046565b
                                    0x0046565e
                                    0x0046565f
                                    0x00465662
                                    0x0046566a
                                    0x00465670
                                    0x00465672
                                    0x00465677
                                    0x00465737
                                    0x0046573c
                                    0x00465742
                                    0x0046567d
                                    0x00465684
                                    0x0046568f
                                    0x0046568f
                                    0x00465694
                                    0x0046569e
                                    0x004656a0
                                    0x004656a2
                                    0x004656a7
                                    0x004656ad
                                    0x004656bc
                                    0x004656bc
                                    0x004656c4
                                    0x004656ce
                                    0x004656d0
                                    0x004656d2
                                    0x004656d7
                                    0x004656dd
                                    0x004656e3
                                    0x004656ec
                                    0x004656ec
                                    0x004656fb
                                    0x004656fe
                                    0x00465700
                                    0x0046570f
                                    0x00465713
                                    0x00465727
                                    0x0046572c
                                    0x00465730
                                    0x00465730
                                    0x00465713
                                    0x00465700
                                    0x00465749
                                    0x0046574f
                                    0x00465752
                                    0x0046575b
                                    0x00000000
                                    0x00465760
                                    0x0046576e
                                    0x0046578b
                                    0x00465770
                                    0x00465770
                                    0x00465781
                                    0x00465786
                                    0x00465786
                                    0x00000000
                                    0x0046576e

                                    APIs
                                    • printf.MSVCRT ref: 0046566A
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadStringprintfvwprintf
                                    • String ID: $ [%d,%d] %s$1.2.840.113549.1.9.5$1.2.840.113549.1.9.6$1.3.6.1.4.1.311.10.2$<NULL>
                                    • API String ID: 3914510563-3034289211
                                    • Opcode ID: ad4ede0193b826e98ca7c15384737e5b6db8299fe9e27043f495a4bf01b49e64
                                    • Instruction ID: cd4f6e69672593af7e7118cbc8c1539a1f13b8f9151d2a393cef9d01bbcc110f
                                    • Opcode Fuzzy Hash: ad4ede0193b826e98ca7c15384737e5b6db8299fe9e27043f495a4bf01b49e64
                                    • Instruction Fuzzy Hash: A341F231900A09FFDF01AF81CD418AEBB76FF44311F14406BF9156A261FB799A909B5B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00462C72, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 92COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 24%
                                    			E00462C72(intOrPtr _a4, signed int _a8, signed int _a12) {
				intOrPtr _v8;
				intOrPtr* _v12;
				void* __ecx;
				intOrPtr* _t29;
				intOrPtr _t39;
				void* _t42;
				void* _t52;
				intOrPtr* _t53;
				intOrPtr* _t56;
				intOrPtr _t58;
				intOrPtr* _t59;
				void* _t60;

				_push(_t42);
				_push(_t42);
				_t29 = E004682C8(_t42, 0x10, _a8, _a12, 0);
				_t56 = _t29;
				_v12 = _t56;
				if(_t56 != 0) {
					_t39 =  *_t56;
					_t53 =  *((intOrPtr*)(_t56 + 4));
					_v8 = _t39;
					_t30 = E00468F8E( *0x46a7f8, _a4, _t52);
					if(_t39 == 0) {
						_push(0x1bc1);
						_push( *0x46a7f8);
						_t30 = E00468F8E();
					}
					_a8 = _a8 & 0x00000000;
					if(_t39 > 0) {
						do {
							_push( *_t53);
							_t58 =  *((intOrPtr*)(_t53 + 4));
							_push(_a8);
							_a4 = _t58;
							printf("    [%d] %s");
							_t60 = _t60 + 0xc;
							if(_t58 != 0) {
								_push(0x1bda);
								_push( *0x46a7f8);
								E00468F8E();
							}
							_a12 = _a12 & 0x00000000;
							_t59 =  *((intOrPtr*)(_t53 + 8));
							if(_a4 > 0) {
								do {
									_push( *_t59);
									_push(_a12);
									printf("      [%d] %s");
									_t60 = _t60 + 0xc;
									if( *((intOrPtr*)(_t59 + 4)) == 0) {
										printf("\n");
									} else {
										_push(0x1bdb);
										_push( *0x46a7f8);
										E00468F8E();
										E004628A5(L"    ",  *((intOrPtr*)(_t59 + 8)),  *((intOrPtr*)(_t59 + 4)));
									}
									_a12 = _a12 + 1;
									_t59 = _t59 + 0xc;
								} while (_a12 < _a4);
							}
							_a8 = _a8 + 1;
							_t30 = _a8;
							_t53 = _t53 + 0xc;
						} while (_a8 < _v8);
						_t56 = _v12;
					}
					_t29 = E00468F35(_t30, _t56);
				}
				return _t29;
			}















                                    0x00462c77
                                    0x00462c78
                                    0x00462c84
                                    0x00462c89
                                    0x00462c8b
                                    0x00462c90
                                    0x00462c97
                                    0x00462c9d
                                    0x00462ca6
                                    0x00462ca9
                                    0x00462cb2
                                    0x00462cb4
                                    0x00462cb9
                                    0x00462cbf
                                    0x00462cc5
                                    0x00462cc6
                                    0x00462ccc
                                    0x00462cd8
                                    0x00462cd8
                                    0x00462cda
                                    0x00462cdd
                                    0x00462ce0
                                    0x00462ce8
                                    0x00462cea
                                    0x00462cef
                                    0x00462cf1
                                    0x00462cf6
                                    0x00462cfc
                                    0x00462d02
                                    0x00462d03
                                    0x00462d0b
                                    0x00462d0e
                                    0x00462d10
                                    0x00462d10
                                    0x00462d12
                                    0x00462d1a
                                    0x00462d1c
                                    0x00462d23
                                    0x00462d4e
                                    0x00462d25
                                    0x00462d25
                                    0x00462d2a
                                    0x00462d30
                                    0x00462d42
                                    0x00462d42
                                    0x00462d51
                                    0x00462d57
                                    0x00462d5a
                                    0x00462d10
                                    0x00462d5f
                                    0x00462d62
                                    0x00462d65
                                    0x00462d68
                                    0x00462d71
                                    0x00462d71
                                    0x00462d75
                                    0x00462d7b
                                    0x00462d7e

                                    APIs
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 004682FF
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0046832B
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    • printf.MSVCRT ref: 00462CE8
                                    • printf.MSVCRT ref: 00462D1A
                                    • printf.MSVCRT ref: 00462D4E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CryptDecodeObject$LoadStringvwprintf
                                    • String ID: $ [%d] %s$ [%d] %s
                                    • API String ID: 1559741091-2298187835
                                    • Opcode ID: 11a684b93c41c1bebedaf1c99c3c160cad6b6da6ae55be9ca03f6ccf27d2ccc0
                                    • Instruction ID: 928f42e77b739314620d9fc54579ced239c8ffcb82bfea08ed701d0d3290084e
                                    • Opcode Fuzzy Hash: 11a684b93c41c1bebedaf1c99c3c160cad6b6da6ae55be9ca03f6ccf27d2ccc0
                                    • Instruction Fuzzy Hash: 8B31CF36500A05FBDB105F41DE42A9E7BB1FF04320F24451BFD14272A0E7B9A9A08B9B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004621ED, Relevance: 10.6, APIs: 7, Instructions: 88encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 00462223
                                    • realloc.MSVCRT ref: 0046223E
                                    • CertDuplicateCRLContext.CRYPT32(?), ref: 0046224F
                                    • CertEnumCTLsInStore.CRYPT32(?,?), ref: 0046226A
                                    • CertFreeCRLContext.CRYPT32(00000000), ref: 0046228C
                                    • CertFreeCRLContext.CRYPT32(00000000), ref: 004622AE
                                    • free.MSVCRT(?), ref: 004622BC
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Context$EnumFreeStore$Duplicatefreerealloc
                                    • String ID:
                                    • API String ID: 2405492650-0
                                    • Opcode ID: 620a31caaa5d28f953768d9c5a46fcebc9fd0b47100f25116a4044560a0ac97f
                                    • Instruction ID: ea5fb3381bfc4f2f5e532c4652954543525a03df86c4f74bae274bb04d67f3eb
                                    • Opcode Fuzzy Hash: 620a31caaa5d28f953768d9c5a46fcebc9fd0b47100f25116a4044560a0ac97f
                                    • Instruction Fuzzy Hash: D131FF75500604FFCB21CF59DA54A9EBBF1FF84311F2484AAE84497260E3B59E81DF1A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00463155, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 71%
                                    			E00463155(void* __ebx, void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _t8;
				intOrPtr _t10;
				int _t11;
				char* _t22;
				void* _t32;
				intOrPtr* _t36;

				_t8 = E004682C8(__ecx, 0x1a, _a8, _a12, 0);
				_t36 = _t8;
				if(_t36 != 0) {
					E00468F8E( *0x46a7f8, _a4, _t32);
					_t10 =  *_t36;
					if(_t10 != 1) {
						if(_t10 == 0) {
							_push(0x1bc1);
							_push( *0x46a7f8);
							_t11 = E00468F8E();
							L8:
							L9:
							return E00468F35(_t11, _t36);
						}
						_t22 = "\n";
						printf(_t22);
						E004628A5(L"    ",  *(_t36 + 4),  *_t36);
						E00468F8E( *0x46a7f8, 0x1b73,  *((intOrPtr*)(_t36 + 8)));
						_t11 = printf(_t22);
						goto L9;
					}
					_push( *( *(_t36 + 4)) & 0x000000ff);
					printf(" %02X");
					_t19 =  *((intOrPtr*)(_t36 + 8));
					if( *((intOrPtr*)(_t36 + 8)) != 0) {
						E00468F8E( *0x46a7f8, 0x1b73, _t19);
					}
					_t11 = printf("\n");
					goto L8;
				}
				return _t8;
			}









                                    0x00463165
                                    0x0046316a
                                    0x0046316e
                                    0x0046317e
                                    0x00463183
                                    0x0046318a
                                    0x004631c8
                                    0x00463205
                                    0x0046320a
                                    0x00463210
                                    0x00463216
                                    0x00463217
                                    0x00000000
                                    0x0046321d
                                    0x004631d1
                                    0x004631d7
                                    0x004631e4
                                    0x004631f7
                                    0x004631fd
                                    0x00000000
                                    0x00463202
                                    0x00463198
                                    0x0046319e
                                    0x004631a0
                                    0x004631a7
                                    0x004631b5
                                    0x004631ba
                                    0x004631c2
                                    0x00000000
                                    0x004631c2
                                    0x00463220

                                    APIs
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 004682FF
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0046832B
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    • printf.MSVCRT ref: 0046319E
                                    • printf.MSVCRT ref: 004631C2
                                    • printf.MSVCRT ref: 004631D7
                                    • printf.MSVCRT ref: 004631FD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CryptDecodeObject$LoadStringvwprintf
                                    • String ID: $ %02X
                                    • API String ID: 1559741091-2119626176
                                    • Opcode ID: e06e3fc280e54c3d64050778e11f57e9b2555b3e5b0f3e58c4d6ae8e1eb19bfe
                                    • Instruction ID: 40d00ff5b4861d0b692f6c445b3715771fb9e182ab691b5145775499fc82b9bc
                                    • Opcode Fuzzy Hash: e06e3fc280e54c3d64050778e11f57e9b2555b3e5b0f3e58c4d6ae8e1eb19bfe
                                    • Instruction Fuzzy Hash: A9113832204644BBD7102F52EC02DAA3BB6EF44711B29042FFA00561B1FF69D9609B5F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0046297C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E0046297C(intOrPtr _a4, signed char* _a8, signed char* _a12) {
				signed char* _t13;
				signed char* _t21;

				E00468F8E( *0x46a7f8, 0x1b9c, _a4);
				_t13 = _a12;
				if(_t13 != 0) {
					if(__eflags > 0) {
						do {
							_t21 = 4;
							__eflags = _t13 - _t21;
							if(_t13 <= _t21) {
								_t21 = _t13;
							}
							_t13 = _t13 - _t21;
							while(1) {
								__eflags = _t21;
								if(_t21 <= 0) {
									goto L9;
								}
								_push( *_a8 & 0x000000ff);
								printf("%02X");
								_t21 = _t21 - 1;
								_t4 =  &_a8;
								 *_t4 =  &(_a8[1]);
								__eflags =  *_t4;
							}
							L9:
							printf(" ");
							__eflags = _t13;
						} while (_t13 > 0);
					}
				} else {
					_push("<NULL>");
					printf("%s");
				}
				return printf("\n");
			}





                                    0x00462991
                                    0x00462996
                                    0x004629a4
                                    0x004629b6
                                    0x004629b9
                                    0x004629bb
                                    0x004629bc
                                    0x004629be
                                    0x004629c0
                                    0x004629c0
                                    0x004629c2
                                    0x004629da
                                    0x004629da
                                    0x004629dc
                                    0x00000000
                                    0x00000000
                                    0x004629cc
                                    0x004629d2
                                    0x004629d5
                                    0x004629d6
                                    0x004629d6
                                    0x004629d6
                                    0x004629d9
                                    0x004629de
                                    0x004629e3
                                    0x004629e6
                                    0x004629e6
                                    0x004629ea
                                    0x004629a6
                                    0x004629a6
                                    0x004629b0
                                    0x004629b3
                                    0x004629f6

                                    APIs
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    • printf.MSVCRT ref: 004629B0
                                    • printf.MSVCRT ref: 004629E3
                                    • printf.MSVCRT ref: 004629F0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$LoadStringvwprintf
                                    • String ID: %02X$<NULL>
                                    • API String ID: 3594943052-3318528641
                                    • Opcode ID: 11236bfd1bf1f8aba3bb027874504ba5b89afe3b97b9ac2a5af1cd74abd02a47
                                    • Instruction ID: 5570eecedd2981ca3e6df6fb1b1a8ad78ed74655c3faafce98f361bc6c94a0ad
                                    • Opcode Fuzzy Hash: 11236bfd1bf1f8aba3bb027874504ba5b89afe3b97b9ac2a5af1cd74abd02a47
                                    • Instruction Fuzzy Hash: E80149B2700B49BAA6106A81AD42E6B7B24EBD07F1F380037FE0445690F9F55851866F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0046900B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 53%
                                    			E0046900B(struct HINSTANCE__* _a4, int _a8, int _a12, int _a16, int _a20) {

				LoadStringW(_a4, _a8, "CertMgr Succeeded",  *0x46a390);
				LoadStringW(_a4, _a12, 0x46b4d8,  *0x46a390);
				LoadStringW(_a4, _a16, 0x46b0d8,  *0x46a390);
				LoadStringW(_a4, _a20, 0x46bcd8,  *0x46a390);
				_push(0x46bcd8);
				_push(0x46b0d8);
				_push(0x46b4d8);
				return wprintf("CertMgr Succeeded");
			}



                                    0x0046902a
                                    0x0046903d
                                    0x00469051
                                    0x00469065
                                    0x00469067
                                    0x00469068
                                    0x00469069
                                    0x0046907f

                                    APIs
                                    • LoadStringW.USER32(0000177F,0000177E,CertMgr Succeeded,?), ref: 0046902A
                                    • LoadStringW.USER32(0000177F,0000177D,0046B4D8), ref: 0046903D
                                    • LoadStringW.USER32(0000177F,00461936,0046B0D8), ref: 00469051
                                    • LoadStringW.USER32(0000177F,?,0046BCD8), ref: 00469065
                                    • wprintf.MSVCRT ref: 00469073
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString$wprintf
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 698749725-2974366063
                                    • Opcode ID: b8a659e9a0412a31f8bd79bfc434ad07510598c16eddf5d86eea5b258bdb9069
                                    • Instruction ID: 5a8fca9512b0d619246599b48c760aa6341b5dfd3d791533ba9e56d44bc58fd8
                                    • Opcode Fuzzy Hash: b8a659e9a0412a31f8bd79bfc434ad07510598c16eddf5d86eea5b258bdb9069
                                    • Instruction Fuzzy Hash: C5F04F32540108BBCF126F41DC05C9B3F2AEB957A47044027FA0821530E77249B1EFEB
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004626A9, Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E004626A9(signed short* _a4, signed int* _a8, intOrPtr* _a12) {
				intOrPtr* _t21;
				intOrPtr* _t22;
				signed int _t28;
				char _t42;
				signed int _t45;
				signed char _t56;
				signed int* _t59;
				void* _t60;
				void* _t61;
				signed int* _t65;
				void* _t66;
				intOrPtr _t72;
				long _t73;
				long _t75;
				signed int _t77;
				signed short* _t80;
				void* _t81;

				if(_a4 == 0) {
					L27:
					return 0x80070057;
				}
				_t59 = _a8;
				if(_t59 == 0) {
					goto L27;
				}
				_t21 = _a12;
				if(_t21 == 0) {
					goto L27;
				}
				 *_t59 = 0;
				 *_t21 = 0;
				_t22 = _a4;
				_t60 = _t22 + 2;
				do {
					_t72 =  *_t22;
					_t22 = _t22 + 2;
				} while (_t72 != 0);
				if(_t22 - _t60 >> 1 == 0x28) {
					_t77 = E00469241(0x14, 0, 0);
					 *_t59 = _t77;
					if(_t77 == 0) {
						goto L27;
					}
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_a8 = 0;
					_t80 = _a4;
					do {
						_t73 =  *_t80 & 0x0000ffff;
						_t28 = _t73 & 0x0000ffff;
						_t8 = _t28 - 0x30; // -48
						_t61 = _t8;
						if(_t61 > 9 || _t61 < 0) {
							if((towupper(_t73) & 0x0000ffff) - 0x41 < 0 || (towupper( *_t80 & 0x0000ffff) & 0x0000ffff) - 0x41 > 5) {
								goto L24;
							} else {
								_t42 = (towupper( *_t80 & 0x0000ffff) & 0x0000ffff) - 0x37;
								goto L15;
							}
						} else {
							_t42 = _t28 + 0xffffffd0;
							L15:
							_t65 = _a8;
							 *((char*)(_t65 +  *_t59)) = _t42;
							 *( *_t59 + _t65) =  *( *_t59 + _t65) << 4;
							_t75 = _t80[1] & 0x0000ffff;
							_t45 = _t75 & 0x0000ffff;
							_t66 = _t45 - 0x30;
							if(_t66 > 9 || _t66 < 0) {
								if((towupper(_t75) & 0x0000ffff) - 0x41 < 0 || (towupper(_t80[1] & 0x0000ffff) & 0x0000ffff) - 0x41 > 5) {
									L24:
									_t32 =  *_t59;
									_t81 = 0x80070057;
									if( *_t59 != 0) {
										E00468F35(_t32, _t32);
									}
									 *_t59 =  *_t59 & 0x00000000;
									L23:
									return _t81;
								} else {
									_t56 = (towupper(_t80[1] & 0x0000ffff) & 0x0000ffff) - 0x37;
									goto L21;
								}
							} else {
								_t56 = _t45 + 0xffffffd0;
								goto L21;
							}
						}
						L21:
						 *(_a8 +  *_t59) =  *(_a8 +  *_t59) | _t56;
						_a8 =  &(_a8[0]);
						_t80 =  &(_t80[2]);
					} while (_a8 < 0x14);
					_t81 = 0;
					 *_a12 = 0x14;
					goto L23;
				}
				return 0x80004005;
			}




















                                    0x004626b6
                                    0x004627fd
                                    0x00000000
                                    0x004627fd
                                    0x004626bc
                                    0x004626c1
                                    0x00000000
                                    0x00000000
                                    0x004626c7
                                    0x004626cc
                                    0x00000000
                                    0x00000000
                                    0x004626d2
                                    0x004626d4
                                    0x004626d6
                                    0x004626d9
                                    0x004626dc
                                    0x004626dc
                                    0x004626e0
                                    0x004626e1
                                    0x004626ed
                                    0x00462702
                                    0x00462704
                                    0x00462708
                                    0x00000000
                                    0x00000000
                                    0x00462710
                                    0x00462711
                                    0x00462712
                                    0x00462713
                                    0x00462714
                                    0x0046271b
                                    0x0046271e
                                    0x00462721
                                    0x00462721
                                    0x00462724
                                    0x00462727
                                    0x00462727
                                    0x0046272d
                                    0x00462742
                                    0x00000000
                                    0x0046275e
                                    0x00462768
                                    0x00000000
                                    0x00462768
                                    0x00462733
                                    0x00462733
                                    0x0046276b
                                    0x0046276d
                                    0x00462770
                                    0x00462777
                                    0x0046277a
                                    0x0046277e
                                    0x00462781
                                    0x00462787
                                    0x0046279c
                                    0x004627e7
                                    0x004627e7
                                    0x004627e9
                                    0x004627f0
                                    0x004627f3
                                    0x004627f3
                                    0x004627f8
                                    0x004627e3
                                    0x00000000
                                    0x004627b1
                                    0x004627bc
                                    0x00000000
                                    0x004627bc
                                    0x0046278d
                                    0x0046278d
                                    0x00000000
                                    0x0046278d
                                    0x00462787
                                    0x004627bf
                                    0x004627c6
                                    0x004627c8
                                    0x004627cb
                                    0x004627ce
                                    0x004627db
                                    0x004627dd
                                    0x00000000
                                    0x004627dd
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: towupper$malloc
                                    • String ID:
                                    • API String ID: 655879201-0
                                    • Opcode ID: 291e2bbb816bc1b2a1fd31dc2a87a5758cb49d5a307996031c13b73e63ad440a
                                    • Instruction ID: b8a414d6b17e44f29c9da700235b67a14e930e17e1461c2a219ce43b6867de36
                                    • Opcode Fuzzy Hash: 291e2bbb816bc1b2a1fd31dc2a87a5758cb49d5a307996031c13b73e63ad440a
                                    • Instruction Fuzzy Hash: 804126751006B1ABCB149F29CD80D3A77E8BF55722B14805BF891CF294E2BCD841EB66
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00463E22, Relevance: 9.1, APIs: 6, Instructions: 136timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 52%
                                    			E00463E22(short* __edx, void* __edi, FILETIME* _a4) {
				signed int _v8;
				short _v108;
				short _v208;
				struct _SYSTEMTIME _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				signed int _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				struct _FILETIME _v268;
				void* __ebx;
				void* __esi;
				signed int _t38;
				WCHAR* _t43;
				WCHAR* _t65;
				WCHAR* _t69;
				signed int _t72;
				short _t80;
				short _t82;
				void* _t85;
				short* _t87;
				void* _t88;
				signed int _t91;

				_t88 = __edi;
				_t87 = __edx;
				_t38 =  *0x46a078; // 0x4cbb1deb
				_v8 = _t38 ^ _t91;
				_t90 = _a4;
				 *0x46a870 = 0;
				if(_t90->dwLowDateTime != 0 || _t90->dwHighDateTime != 0) {
					_push(_t88);
					if(LoadStringW( *0x46a7f8, 0x1b9d,  &_v208, 0x32) == 0 || LoadStringW( *0x46a7f8, 0x1b9e,  &_v108, 0x32) == 0) {
						_t43 = 0x46a870;
					} else {
						FileTimeToLocalFileTime(_t90,  &_v268);
						if(FileTimeToSystemTime( &_v268,  &_v224) == 0) {
							_push(_t90->dwLowDateTime);
							_t90 = 0x46a870;
							E0046341A(0x46a870, 0x64,  &_v208,  *0x0046A874);
						} else {
							_v260 = _v224.wSecond & 0x0000ffff;
							_v256 = _v224.wMinute & 0x0000ffff;
							_v252 = _v224.wHour & 0x0000ffff;
							_v248 = _v224.wDay & 0x0000ffff;
							_v244 = (_v224.wMonth & 0x0000ffff) - 1;
							_v240 = (_v224.wYear & 0x0000ffff) - 0x76c;
							_v236 = _v224.wDayOfWeek & 0x0000ffff;
							_v232 = 0;
							_v228 = 0;
							__imp___wasctime( &_v260);
							_t90 = 0x46a870;
							E00463386(0x46a870, 0x64,  &_v260);
							_t65 = 0x46a870;
							_t26 =  &(_t65[1]); // 0x46a872
							_t87 = _t26;
							do {
								_t80 =  *_t65;
								_t65 =  &(_t65[1]);
							} while (_t80 != 0);
							 *((short*)(0x46a86e + (_t65 - _t87 >> 1) * 2)) = 0;
							if(_v224.wMilliseconds != 0) {
								_t69 = 0x46a870;
								_t30 =  &(_t69[1]); // 0x46a872
								_t87 = _t30;
								do {
									_t82 =  *_t69;
									_t69 =  &(_t69[1]);
								} while (_t82 != 0);
								_push(_v224.wMilliseconds & 0x0000ffff);
								_push( &_v108);
								_t72 = _t69 - _t87 >> 1;
								_t85 = 0x64;
								_push(_t85 - _t72);
								_push( &(0x46a870[_t72]));
								E0046341A();
							}
						}
						_t43 = _t90;
					}
					_pop(_t88);
				} else {
					_t90 = 0x46a870;
					LoadStringW( *0x46a7f8, 0x1c0c, 0x46a870, 0x64);
					_t43 = 0x46a870;
				}
				return E004686C7(_t43, 0, _v8 ^ _t91, _t87, _t88, _t90);
			}






























                                    0x00463e22
                                    0x00463e22
                                    0x00463e2d
                                    0x00463e34
                                    0x00463e3b
                                    0x00463e40
                                    0x00463e48
                                    0x00463e6f
                                    0x00463e8e
                                    0x00463fdf
                                    0x00463eaf
                                    0x00463eb7
                                    0x00463ed3
                                    0x00463fbf
                                    0x00463fca
                                    0x00463fd3
                                    0x00463ed9
                                    0x00463ee0
                                    0x00463eed
                                    0x00463efa
                                    0x00463f07
                                    0x00463f15
                                    0x00463f27
                                    0x00463f34
                                    0x00463f41
                                    0x00463f47
                                    0x00463f4d
                                    0x00463f57
                                    0x00463f5d
                                    0x00463f62
                                    0x00463f64
                                    0x00463f64
                                    0x00463f67
                                    0x00463f67
                                    0x00463f6b
                                    0x00463f6c
                                    0x00463f77
                                    0x00463f86
                                    0x00463f88
                                    0x00463f8a
                                    0x00463f8a
                                    0x00463f8d
                                    0x00463f8d
                                    0x00463f91
                                    0x00463f92
                                    0x00463f9e
                                    0x00463fa2
                                    0x00463fa7
                                    0x00463fa9
                                    0x00463fac
                                    0x00463fb4
                                    0x00463fb5
                                    0x00463fba
                                    0x00463f86
                                    0x00463fdb
                                    0x00463fdb
                                    0x00463fe4
                                    0x00463e4f
                                    0x00463e51
                                    0x00463e62
                                    0x00463e68
                                    0x00463e68
                                    0x00463ff2

                                    APIs
                                    • LoadStringW.USER32(00001C0C,0046A870,00000064), ref: 00463E62
                                    • LoadStringW.USER32(00001B9D,?,00000032), ref: 00463E8A
                                    • LoadStringW.USER32(00001B9E,?,00000032), ref: 00463EA5
                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00463EB7
                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00463ECB
                                    • _wasctime.MSVCRT ref: 00463F4D
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Time$FileLoadString$LocalSystem_wasctime
                                    • String ID:
                                    • API String ID: 3399651677-0
                                    • Opcode ID: 21d9f8bc9b17a65944462e60757f500bcf29c8257587f4465d3d7192b16da2c1
                                    • Instruction ID: 48766401777444f0f4cd0626ab3364f3ff006309c380f1f05e23badf24fc1e83
                                    • Opcode Fuzzy Hash: 21d9f8bc9b17a65944462e60757f500bcf29c8257587f4465d3d7192b16da2c1
                                    • Instruction Fuzzy Hash: D45171719002699ADB249F65CC04FFAB7B8EB08701F0044BBE549E7250F7759E85CF6A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00462100, Relevance: 9.1, APIs: 6, Instructions: 89encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • realloc.MSVCRT ref: 0046214C
                                    • CertDuplicateCRLContext.CRYPT32(?), ref: 0046215D
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 0046217C
                                    • CertFreeCRLContext.CRYPT32(?), ref: 004621A1
                                    • CertFreeCRLContext.CRYPT32(00000000), ref: 004621C2
                                    • free.MSVCRT(?), ref: 004621D0
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Context$Free$DuplicateFromStorefreerealloc
                                    • String ID:
                                    • API String ID: 420543247-0
                                    • Opcode ID: 0c5542a2610ac3c0d8976b875127cbc3d9db5cc84a1887940274588353d7bb2d
                                    • Instruction ID: 555bbe2df5d491357c29a572c13147d13524f9e636591d590241cd6273481265
                                    • Opcode Fuzzy Hash: 0c5542a2610ac3c0d8976b875127cbc3d9db5cc84a1887940274588353d7bb2d
                                    • Instruction Fuzzy Hash: 46316976908249FFCB218F94C9808DEBBF5FB06350B24847EEA9197220E7B49E41DF05
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004640DE, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 121COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 004682FF
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0046832B
                                    • printf.MSVCRT ref: 0046412D
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeObject$LoadStringprintfvwprintf
                                    • String ID: $%s (%S)$($<NULL>
                                    • API String ID: 3576710509-3389890325
                                    • Opcode ID: 704fbba6491fd678ed3e35f6a8535ca5a1eca90c680d4ec4630221eece638d48
                                    • Instruction ID: f0d2edc178ecae5799292ccc4f23246da9f9f0d590bd8c53bcca971070653708
                                    • Opcode Fuzzy Hash: 704fbba6491fd678ed3e35f6a8535ca5a1eca90c680d4ec4630221eece638d48
                                    • Instruction Fuzzy Hash: 1731FA72104704BEEB252B52DC46DAB37BAEF44755F10422FF200250A1FFB9A9919B2F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00463FFA, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCertificateContextProperties.CRYPT32(?,00000000), ref: 00464008
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000000,00000000,?), ref: 0046404B
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000000,00000000,?), ref: 0046406B
                                    • CertEnumCertificateContextProperties.CRYPT32(?,00000000), ref: 004640C0
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertCertificateContext$EnumPropertiesProperty$LoadStringvwprintf
                                    • String ID:
                                    • API String ID: 1334782540-399585960
                                    • Opcode ID: 70b356da458449dd1b47ae3e4eb3d6fd5c24f5249f57b5d19f4949ab6765f322
                                    • Instruction ID: ac4f5af9f6181094bfedaa15ef4bba82d2e7ebe5e2f7da2a70e55d03dcf3c34e
                                    • Opcode Fuzzy Hash: 70b356da458449dd1b47ae3e4eb3d6fd5c24f5249f57b5d19f4949ab6765f322
                                    • Instruction Fuzzy Hash: 66219672900128FE9F207B96DC85CAF7AAEEF40394715013FF60462161FA768E90966B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00462F08, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 39%
                                    			E00462F08(void* __ecx, void* __esi, intOrPtr* _a4, char _a8) {
				void* __ebx;
				intOrPtr* _t19;
				char* _t28;
				intOrPtr _t30;
				intOrPtr* _t38;
				intOrPtr* _t40;
				void* _t42;

				_t30 = 0;
				_t19 = E004682C8(__ecx, 0xb, _a4, _a8, 0);
				_t38 = _t19;
				if(_t38 != 0) {
					_push(0x1beb);
					_push( *0x46a7f8);
					_t20 = E00468F8E();
					if( *_t38 == 0) {
						L11:
						if( *((intOrPtr*)(_t38 + 8)) != 0) {
							_push(0x1bed);
							_push( *0x46a7f8);
							_a8 =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 0xc))));
							E00468F8E();
							_t20 = E00462E33(_t30, _a8);
						}
						return E00468F35(_t20, _t38);
					}
					_t20 = E00468F8E( *0x46a7f8, 0x1bec, __esi);
					_t40 =  *((intOrPtr*)(_t38 + 4));
					_a8 = 0;
					if( *_t38 <= 0) {
						L10:
						goto L11;
					} else {
						goto L3;
					}
					do {
						L3:
						_t30 = 0;
						if( *_t40 == 0) {
							_push("<NULL>");
							_push(_a8);
							printf("     [%d,*] %s\n");
							_t42 = _t42 + 0xc;
						}
						_a4 =  *((intOrPtr*)(_t40 + 4));
						if( *_t40 > 0) {
							do {
								_t28 =  *_a4;
								if(_t28 == 0) {
									_t28 = "<NULL>";
								}
								_push(_t28);
								_push(_t30);
								_push(_a8);
								printf("     [%d,%d] %s\n");
								_a4 = _a4 + 4;
								_t42 = _t42 + 0x10;
								_t30 = _t30 + 1;
							} while (_t30 <  *_t40);
						}
						_a8 = _a8 + 1;
						_t20 = _a8;
						_t40 = _t40 + 8;
					} while (_a8 <  *_t38);
					goto L10;
				}
				return _t19;
			}










                                    0x00462f0f
                                    0x00462f1a
                                    0x00462f1f
                                    0x00462f23
                                    0x00462f29
                                    0x00462f2e
                                    0x00462f34
                                    0x00462f3d
                                    0x00462fbb
                                    0x00462fbf
                                    0x00462fc6
                                    0x00462fcb
                                    0x00462fd1
                                    0x00462fd4
                                    0x00462fde
                                    0x00462fde
                                    0x00000000
                                    0x00462fe4
                                    0x00462f4b
                                    0x00462f50
                                    0x00462f55
                                    0x00462f5a
                                    0x00462fba
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00462f5c
                                    0x00462f5c
                                    0x00462f5c
                                    0x00462f60
                                    0x00462f62
                                    0x00462f67
                                    0x00462f6f
                                    0x00462f75
                                    0x00462f75
                                    0x00462f7e
                                    0x00462f81
                                    0x00462f83
                                    0x00462f86
                                    0x00462f8a
                                    0x00462f8c
                                    0x00462f8c
                                    0x00462f91
                                    0x00462f92
                                    0x00462f93
                                    0x00462f9b
                                    0x00462fa1
                                    0x00462fa5
                                    0x00462fa8
                                    0x00462fa9
                                    0x00462f83
                                    0x00462fad
                                    0x00462fb0
                                    0x00462fb3
                                    0x00462fb6
                                    0x00000000
                                    0x00462f5c
                                    0x00462fec

                                    APIs
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 004682FF
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0046832B
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    • printf.MSVCRT ref: 00462F6F
                                    • printf.MSVCRT ref: 00462F9B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeObjectprintf$LoadStringvwprintf
                                    • String ID: [%d,%d] %s$ [%d,*] %s$<NULL>
                                    • API String ID: 3954790218-3661550745
                                    • Opcode ID: 90d3869b0ba68f36f81fa54b9a5d1a73b99194ec86ce567c27d32e14cfd12014
                                    • Instruction ID: 02bf504477ba202d5b4c1703abc3afd4106ffcced1361a867e4e54fc8fb3004a
                                    • Opcode Fuzzy Hash: 90d3869b0ba68f36f81fa54b9a5d1a73b99194ec86ce567c27d32e14cfd12014
                                    • Instruction Fuzzy Hash: 63212F35208605FFDB045F51DD81D9A7BB1FF00325B24802FF9184A261FBB9A8A0DB5B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00461CD9, Relevance: 7.6, APIs: 5, Instructions: 91encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 00461D0D
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,00000000,?), ref: 00461D2F
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,00000000,?), ref: 00461D50
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,?,?), ref: 00461D79
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00461DAB
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Context$FromPropertyStore$Free
                                    • String ID:
                                    • API String ID: 1268920413-0
                                    • Opcode ID: ff8c43fbb199975bdd8f5b2da6afbeada9b4ecdc80078c56f1235a280f422b2f
                                    • Instruction ID: 64b549e2f69a6a930cc8c87dfa494101741057b12148c755f2f6d79cad8ec175
                                    • Opcode Fuzzy Hash: ff8c43fbb199975bdd8f5b2da6afbeada9b4ecdc80078c56f1235a280f422b2f
                                    • Instruction Fuzzy Hash: 06310671D01229FBCF21DF95CD448EEBBB9EF08760F184466E805A2220E774AE41DB96
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00461C45, Relevance: 7.6, APIs: 5, Instructions: 61encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00461C82
                                    • CertSetCertificateContextProperty.CRYPT32(00000000,0000000B,00000000,00000000), ref: 00461C97
                                    • CertSetCertificateContextProperty.CRYPT32(00000000,0000000B,00000000,?), ref: 00461CA6
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00461CB0
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 00461CC4
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$CertificateContext$CertificatesEnumPropertyStore$Free
                                    • String ID:
                                    • API String ID: 1316045383-0
                                    • Opcode ID: 6f947e9c496b9ef22e8a616d8203cc1b10469af77b4bca020ba76a3560200b9b
                                    • Instruction ID: 5b5c2ba21b43d1db13fde8e4a4ab5c51e1ee69078a0420c3ecdc858dedcd8718
                                    • Opcode Fuzzy Hash: 6f947e9c496b9ef22e8a616d8203cc1b10469af77b4bca020ba76a3560200b9b
                                    • Instruction Fuzzy Hash: D511C836540205BBDB229B98CC45FAF77B9EBC4740F194026E504E73A0FBB8DE019B59
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00468CA1, Relevance: 7.5, APIs: 5, Instructions: 49timethreadCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00468CA1() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t22;
				signed int _t23;
				signed int _t32;

				_t14 =  *0x46a078; // 0x4cbb1deb
				_v12.dwLowDateTime = _v12.dwLowDateTime & 0x00000000;
				_v12.dwHighDateTime = _v12.dwHighDateTime & 0x00000000;
				if(_t14 == 0xbb40e64e || (0xffff0000 & _t14) == 0) {
					GetSystemTimeAsFileTime( &_v12);
					_t16 = GetCurrentProcessId();
					_t17 = GetCurrentThreadId();
					_t18 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t22 = _v16 ^ _v20.LowPart;
					_t32 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t16 ^ _t17 ^ _t18 ^ _t22;
					if(_t32 == 0xbb40e64e || ( *0x46a078 & 0xffff0000) == 0) {
						_t32 = 0xbb40e64f;
					}
					 *0x46a078 = _t32;
					 *0x46a07c =  !_t32;
					return _t22;
				} else {
					_t23 =  !_t14;
					 *0x46a07c = _t23;
					return _t23;
				}
			}













                                    0x00468ca9
                                    0x00468cae
                                    0x00468cb2
                                    0x00468cc4
                                    0x00468cd8
                                    0x00468ce4
                                    0x00468cec
                                    0x00468cf4
                                    0x00468d00
                                    0x00468d09
                                    0x00468d0c
                                    0x00468d10
                                    0x00468d1a
                                    0x00468d1a
                                    0x00468d1f
                                    0x00468d27
                                    0x00000000
                                    0x00468cca
                                    0x00468cca
                                    0x00468ccc
                                    0x00000000
                                    0x00468ccc

                                    APIs
                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00468CD8
                                    • GetCurrentProcessId.KERNEL32 ref: 00468CE4
                                    • GetCurrentThreadId.KERNEL32 ref: 00468CEC
                                    • GetTickCount.KERNEL32 ref: 00468CF4
                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00468D00
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                    • String ID:
                                    • API String ID: 1445889803-0
                                    • Opcode ID: 4b2df9cadde69dc21f9c254dda6f71e1fb2e99ee3eaf37f8309828046a90963f
                                    • Instruction ID: fde3917758230b08d6830c71af8b3d81b0421fcd3de1c59eef759bd7b60ae0a3
                                    • Opcode Fuzzy Hash: 4b2df9cadde69dc21f9c254dda6f71e1fb2e99ee3eaf37f8309828046a90963f
                                    • Instruction Fuzzy Hash: EE01A132C006149BCB109FB4E84869BB7B8EF08351F560536E801F7220FAB499848F9A
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004644A1, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 40%
                                    			E004644A1(intOrPtr _a4, signed int _a8) {
				intOrPtr* _v8;
				void* __ecx;
				intOrPtr* _t15;
				int _t16;
				intOrPtr _t21;
				void* _t24;
				intOrPtr* _t33;
				intOrPtr _t35;
				signed int _t36;
				signed int _t37;
				void* _t38;
				intOrPtr* _t39;
				void* _t41;

				_push(_t24);
				_t15 = E004682C8(_t24, 0x2a, _a4, _a8, 0);
				_t33 = _t15;
				_v8 = _t33;
				if(_t33 != 0) {
					_t21 =  *_t33;
					_t39 =  *((intOrPtr*)(_t33 + 4));
					_a4 = _t21;
					_t16 = E00468F8E( *0x46a7f8, 0x1bc0, _t38);
					if(_t21 == 0) {
						_push(0x1bc1);
						_push( *0x46a7f8);
						_t16 = E00468F8E();
					}
					_a8 = _a8 & 0x00000000;
					if(_t21 > 0) {
						do {
							_t35 =  *_t39;
							_push(E00463272(_t16, _t35, 0));
							_push(_t35);
							_t36 = _a8;
							_push(_t36);
							printf("    [%d] %s (%S)");
							_t41 = _t41 + 0x10;
							if( *((intOrPtr*)(_t39 + 4)) == 0) {
								_t16 = printf("\n");
							} else {
								_push(0x1b64);
								_push( *0x46a7f8);
								E00468F8E();
								_t16 = E004628A5(L"      ",  *((intOrPtr*)(_t39 + 8)),  *((intOrPtr*)(_t39 + 4)));
							}
							_t37 = _t36 + 1;
							_t39 = _t39 + 0xc;
							_a8 = _t37;
						} while (_t37 < _a4);
						_t33 = _v8;
					}
					_t15 = E00468F35(_t16, _t33);
				}
				return _t15;
			}
















                                    0x004644a6
                                    0x004644b2
                                    0x004644b7
                                    0x004644b9
                                    0x004644be
                                    0x004644c5
                                    0x004644c8
                                    0x004644d6
                                    0x004644d9
                                    0x004644e2
                                    0x004644e4
                                    0x004644e9
                                    0x004644ef
                                    0x004644f5
                                    0x004644f6
                                    0x004644fc
                                    0x00464504
                                    0x00464504
                                    0x0046450e
                                    0x0046450f
                                    0x00464510
                                    0x00464513
                                    0x00464519
                                    0x0046451b
                                    0x00464522
                                    0x0046454d
                                    0x00464524
                                    0x00464524
                                    0x00464529
                                    0x0046452f
                                    0x00464541
                                    0x00464541
                                    0x00464550
                                    0x00464551
                                    0x00464554
                                    0x00464557
                                    0x0046455c
                                    0x0046455c
                                    0x00464560
                                    0x00464566
                                    0x00464569

                                    APIs
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 004682FF
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0046832B
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    • printf.MSVCRT ref: 00464519
                                    • printf.MSVCRT ref: 0046454D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeObjectprintf$LoadStringvwprintf
                                    • String ID: $ [%d] %s (%S)
                                    • API String ID: 3954790218-4092857480
                                    • Opcode ID: bfc9fec8576f8ebf735d7b24c7a2456e24ae9812962aaf792468f8fd3cf06396
                                    • Instruction ID: a45b1191e9d69b65ffd8a9c4b59462f7ec677800e7460b1f8eb263a8efb0a4eb
                                    • Opcode Fuzzy Hash: bfc9fec8576f8ebf735d7b24c7a2456e24ae9812962aaf792468f8fd3cf06396
                                    • Instruction Fuzzy Hash: F211C376100300BBDB106F45DC42FAE77B6EB85724F25811FFA1427190FAB9A9418B5B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00468FC0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 68%
                                    			E00468FC0(struct HINSTANCE__* _a4, int _a8, int _a12) {

				LoadStringW(_a4, _a8, 0x46acd8,  *0x46a390);
				LoadStringW(_a4, _a12, 0x46b4d8,  *0x46a390);
				_push(0x46b4d8);
				return wprintf(0x46acd8);
			}



                                    0x00468fe0
                                    0x00468ff4
                                    0x00468ff6
                                    0x00469003

                                    APIs
                                    • LoadStringW.USER32(00001BB1,0046585D,CertMgr Succeeded,-00001BAE), ref: 00468FE0
                                    • LoadStringW.USER32(00001BB1,?,0046B4D8), ref: 00468FF4
                                    • wprintf.MSVCRT ref: 00468FF8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString$wprintf
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 698749725-2974366063
                                    • Opcode ID: 68121979d93140d8fff218a5b5cf7bd3c6a9b962a775661f6c77398204a892bb
                                    • Instruction ID: a97e619bb24618d35ec73850de9146ecb71e5b7335c9f567e2a81447acaf3f52
                                    • Opcode Fuzzy Hash: 68121979d93140d8fff218a5b5cf7bd3c6a9b962a775661f6c77398204a892bb
                                    • Instruction Fuzzy Hash: 46E012771042587B9B115F42EC44C5B3F2DE7C6374714802BF91812631AA725C71EBAA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00462A90, Relevance: 6.1, APIs: 4, Instructions: 77encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 43%
                                    			E00462A90(void* __ebx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				void* __ecx;
				intOrPtr* _t9;
				intOrPtr _t18;
				void* _t22;
				void* _t24;
				intOrPtr* _t33;
				intOrPtr _t34;
				intOrPtr* _t36;

				_push(_t24);
				_v8 = 0;
				_t9 = E004682C8(_t24, 6, _a4, _a8, 0);
				_t36 = _t9;
				if(_t36 == 0) {
					L9:
					return _t9;
				}
				E00468F8E( *0x46a7f8, 0x1bc4, __ebx);
				_t33 = __imp__CertRDNValueToStrW;
				_t4 = _t36 + 4; // 0x4
				_t22 =  *_t33( *_t36, _t4, 0, 0);
				if(_t22 > 1) {
					_t18 = E00469241(_t22 + _t22, 0, 0);
					_v8 = _t18;
					if(_t18 != 0) {
						_t7 = _t36 + 4; // 0x4
						 *_t33( *_t36, _t7, _t18, _t22);
					}
				}
				E00468F8E( *0x46a7f8, 0x1bc5,  *_t36);
				_t34 = _v8;
				if(_t34 == 0) {
					_push(0x1b58);
					_push( *0x46a7f8);
					E00468F8E();
				} else {
					_push(_t34);
					wprintf(L"%s");
				}
				_t9 = E00468F35(printf("\n"), _t36);
				if(_t34 != 0) {
					_t9 = E00468F35(_t9, _t34);
				}
				goto L9;
			}












                                    0x00462a95
                                    0x00462a9e
                                    0x00462aa6
                                    0x00462aab
                                    0x00462aaf
                                    0x00462b56
                                    0x00462b59
                                    0x00462b59
                                    0x00462ac1
                                    0x00462aca
                                    0x00462ad0
                                    0x00462ad8
                                    0x00462add
                                    0x00462ae7
                                    0x00462aec
                                    0x00462af1
                                    0x00462af5
                                    0x00462afb
                                    0x00462afb
                                    0x00462af1
                                    0x00462b0a
                                    0x00462b0f
                                    0x00462b18
                                    0x00462b28
                                    0x00462b2d
                                    0x00462b33
                                    0x00462b1a
                                    0x00462b1a
                                    0x00462b20
                                    0x00462b20
                                    0x00462b47
                                    0x00462b4e
                                    0x00462b51
                                    0x00462b51
                                    0x00000000

                                    APIs
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 004682FF
                                      • Part of subcall function 004682C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0046832B
                                      • Part of subcall function 00468F8E: LoadStringW.USER32(?,00461A8A,CertMgr Succeeded,00000000), ref: 00468FA6
                                      • Part of subcall function 00468F8E: vwprintf.MSVCRT ref: 00468FB1
                                    • CertRDNValueToStrW.CRYPT32(00000000,00000004,00000000,00000000), ref: 00462AD6
                                    • CertRDNValueToStrW.CRYPT32(00000000,00000004,00000000,00000000), ref: 00462AFB
                                    • wprintf.MSVCRT ref: 00462B20
                                    • printf.MSVCRT ref: 00462B3F
                                      • Part of subcall function 00469241: malloc.MSVCRT ref: 0046924A
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertCryptDecodeObjectValue$LoadStringmallocprintfvwprintfwprintf
                                    • String ID:
                                    • API String ID: 626385143-0
                                    • Opcode ID: dfa69fb71825a1e2b245ee2c21001915401f5842222c76384879780cf79582fb
                                    • Instruction ID: 7cc52094d14cdc72283692e86cd8eccaf894e6af096e30491fc1e1d098feb498
                                    • Opcode Fuzzy Hash: dfa69fb71825a1e2b245ee2c21001915401f5842222c76384879780cf79582fb
                                    • Instruction Fuzzy Hash: 6011E431100A05BAE7216F52DD06E9F7BBEEBC0B50B24012FF500A6160FEF5AD50DA6B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00469192, Relevance: 6.1, APIs: 4, Instructions: 62fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 62%
                                    			E00469192(void* __eax, void* __ecx, intOrPtr _a4, void* _a8, long _a12) {
				long _v8;
				signed int _t12;
				signed int _t16;
				signed int _t18;
				void* _t22;
				signed int _t30;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0) {
					_t12 = 0x80070057;
				} else {
					_push(0);
					_push(0);
					_push(2);
					_push(0);
					_push(0);
					_push(0x40000000);
					_push(_a4);
					E00469349();
					_t22 = __eax;
					if(__eax != 0xffffffff) {
						if(WriteFile(__eax, _a8, _a12,  &_v8, 0) != 0) {
							asm("sbb esi, esi");
							_t30 =  ~(_v8 - _a12) & 0x80004005;
						} else {
							_t16 = GetLastError();
							if(_t16 > 0) {
								_t16 = _t16 & 0x0000ffff | 0x80070000;
							}
							_t30 = _t16;
						}
						CloseHandle(_t22);
					} else {
						_t18 = GetLastError();
						if(_t18 > 0) {
							_t18 = _t18 & 0x0000ffff | 0x80070000;
						}
						_t30 = _t18;
					}
					_t12 = _t30;
				}
				return _t12;
			}









                                    0x0046919b
                                    0x004691a1
                                    0x00469232
                                    0x004691b5
                                    0x004691b6
                                    0x004691b7
                                    0x004691b8
                                    0x004691ba
                                    0x004691bb
                                    0x004691bc
                                    0x004691c1
                                    0x004691c4
                                    0x004691c9
                                    0x004691ce
                                    0x004691fc
                                    0x0046921e
                                    0x00469220
                                    0x004691fe
                                    0x004691fe
                                    0x00469206
                                    0x0046920d
                                    0x0046920d
                                    0x00469212
                                    0x00469212
                                    0x00469227
                                    0x004691d0
                                    0x004691d0
                                    0x004691d8
                                    0x004691df
                                    0x004691df
                                    0x004691e4
                                    0x004691e4
                                    0x0046922d
                                    0x0046922f
                                    0x00469239

                                    APIs
                                    • GetLastError.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00000001,00000000,?,00467811,00000000,00000000), ref: 004691D0
                                    • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00000001,00000000), ref: 004691F4
                                    • GetLastError.KERNEL32(?,00467811,00000000,00000000), ref: 004691FE
                                    • CloseHandle.KERNEL32(00000000,?,00467811,00000000,00000000), ref: 00469227
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: ErrorLast$CloseFileHandleWrite
                                    • String ID:
                                    • API String ID: 2639859636-0
                                    • Opcode ID: 6eb85a3f1f5f87d4c222451d45b2e7a59cc123910c309e0b281723406ee0ef6a
                                    • Instruction ID: 38cc3e9fad9b7e9852bf11daa0e0ec3f13dd83137649c20b0b0d6c345b87e0bb
                                    • Opcode Fuzzy Hash: 6eb85a3f1f5f87d4c222451d45b2e7a59cc123910c309e0b281723406ee0ef6a
                                    • Instruction Fuzzy Hash: 3F11E372940125FBCB204E559C08AEF3B2CEF46BA0F244966F915D6150F2BC8D01D7DB
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00464FD3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf
                                    • String ID: $%s
                                    • API String ID: 3524737521-1620431320
                                    • Opcode ID: 09bae8b77290ce3461bd6cd52c5bc3543c43844f15bee1d66aab1a7f25bc4f50
                                    • Instruction ID: 2310c4a18d5aa74be98c87ba416ee6ddeb359e338d80faf032c185208f2424e0
                                    • Opcode Fuzzy Hash: 09bae8b77290ce3461bd6cd52c5bc3543c43844f15bee1d66aab1a7f25bc4f50
                                    • Instruction Fuzzy Hash: EF11B631548B04FFEB252B41DD02C6577B2EB04715B10402FF356290F1FBAA9562AB4F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004650E4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: wprintf
                                    • String ID: $%s
                                    • API String ID: 3614878089-1620431320
                                    • Opcode ID: 666f24d77a46b369091fbe4af0c0c455484f08e1c37ca44c2fa6bc3e2d4fac56
                                    • Instruction ID: b9f19a01d2719c1d9db5b637a0d75a3ada5c4178597984c54dd24957a7d2b6a2
                                    • Opcode Fuzzy Hash: 666f24d77a46b369091fbe4af0c0c455484f08e1c37ca44c2fa6bc3e2d4fac56
                                    • Instruction Fuzzy Hash: B201A272600B04FADB245B41ED02EE777A6EB05750F18001FF202525A0FFA9A950D76F
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 004652CB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 89%
                                    			E004652CB(intOrPtr* _a4, intOrPtr _a8) {
				void* __edi;
				intOrPtr* _t4;
				void* _t6;
				intOrPtr _t9;
				intOrPtr _t10;

				_t4 = _a4;
				_t10 =  *((intOrPtr*)(_t4 + 4));
				_t9 =  *_t4;
				_t6 = 0;
				if(_t9 > 0) {
					do {
						_push(_t6);
						wprintf(L"    [%d] ");
						_t4 = E00464FD3(_t9, _t10, _a8);
						_t6 = _t6 + 1;
						_t10 = _t10 + 0xc;
					} while (_t6 < _t9);
				}
				return _t4;
			}








                                    0x004652d0
                                    0x004652d5
                                    0x004652d9
                                    0x004652db
                                    0x004652df
                                    0x004652e1
                                    0x004652e1
                                    0x004652e7
                                    0x004652f3
                                    0x004652f8
                                    0x004652f9
                                    0x004652fc
                                    0x004652e1
                                    0x00465304

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: wprintf
                                    • String ID: [%d] $1.3.6.1.4.1.311.10.2
                                    • API String ID: 3614878089-3478931004
                                    • Opcode ID: 81f9fbf7508a89ad1da468e6af939cca0c603961318873e3898f7a05feba1765
                                    • Instruction ID: 0c1315798181724f217ec741f911a405455791b18e15dcfc8a0fca6222d2654e
                                    • Opcode Fuzzy Hash: 81f9fbf7508a89ad1da468e6af939cca0c603961318873e3898f7a05feba1765
                                    • Instruction Fuzzy Hash: 89E04F371006146F56005BC9AC85CDBB75DEAC976072A4067FA1957210AAB6BC4147AA
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00468F52, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 64%
                                    			E00468F52(struct HINSTANCE__* _a4, intOrPtr _a8, int _a12) {
				signed int _t4;

				_t4 = LoadStringW(_a4, _a12, 0x46acd8,  *0x46a390);
				if(_t4 != 0) {
					_push(0x46acd8);
					_push(_a8);
					L00469332();
					return _t4;
				}
				return _t4 | 0xffffffff;
			}




                                    0x00468f6a
                                    0x00468f72
                                    0x00468f79
                                    0x00468f7a
                                    0x00468f7d
                                    0x00000000
                                    0x00468f83
                                    0x00000000

                                    APIs
                                    • LoadStringW.USER32(?,?,CertMgr Succeeded,?), ref: 00468F6A
                                    • _wcsicmp.MSVCRT ref: 00468F7D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000007.00000002.695335884.0000000000461000.00000020.00020000.sdmp, Offset: 00460000, based on PE: true
                                    • Associated: 00000007.00000002.695326154.0000000000460000.00000002.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695353202.000000000046A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000007.00000002.695360199.000000000046D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_7_2_460000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString_wcsicmp
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 129124420-2974366063
                                    • Opcode ID: 5c626956dbcd83675a72df2cf400672b50e3a1d66cef6a7fd94c8963087d75e8
                                    • Instruction ID: d36e204db392fa18518e544a3862202cb7d3b6dc90ff683d80b8c5abd87c2e19
                                    • Opcode Fuzzy Hash: 5c626956dbcd83675a72df2cf400672b50e3a1d66cef6a7fd94c8963087d75e8
                                    • Instruction Fuzzy Hash: 36E08632104118778B115E12AC04CC73F1DEB12374714422BF828502A0BA768820EA9B
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Analysis Process: wdreg.exe PID: 6536 Parent PID: 6764 wdreg.exeCOMMON

                                    Executed Functions

                                    Function 0000000140001C10, Relevance: 238.8, APIs: 76, Strings: 60, Instructions: 831COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Version
                                    • String ID: %sCannot find the function %s in %s: %s$%sCannot load library cfgmgr32.dll: %s$%sCannot load library difxapi.dll: %s$%sCannot load library newdev.dll: %s$%sCannot load library setupapi.dll: %s$CMP_WaitNoPendingInstallEvents$CM_Get_Child$CM_Get_DevNode_Status$CM_Get_Device_IDA$CM_Get_Device_ID_Size$CM_Get_Parent$CM_Get_Sibling$CM_Locate_DevNodeA$CM_Reenumerate_DevNode$DIFXAPISetLogCallbackA$DriverPackageGetPathA$DriverPackageInstallA$DriverPackagePreinstallA$DriverPackageUninstallA$SetupCloseFileQueue$SetupCloseInfFile$SetupCommitFileQueueA$SetupCopyOEMInfA$SetupDefaultQueueCallbackA$SetupDiCallClassInstaller$SetupDiClassGuidsFromNameA$SetupDiCreateDeviceInfoA$SetupDiCreateDeviceInfoList$SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInfo$SetupDiGetClassDevsA$SetupDiGetDeviceInstallParamsA$SetupDiGetDeviceInstanceIdA$SetupDiGetDeviceRegistryPropertyA$SetupDiGetDeviceRegistryPropertyW$SetupDiGetDriverInfoDetailA$SetupDiGetINFClassA$SetupDiGetSelectedDriverA$SetupDiOpenDeviceInfoA$SetupDiRemoveDevice$SetupDiSetClassInstallParamsA$SetupDiSetDeviceRegistryPropertyA$SetupFindFirstLineA$SetupFindNextLine$SetupGetFieldCount$SetupGetInfFileListA$SetupGetInfInformationA$SetupGetStringFieldA$SetupInitDefaultQueueCallback$SetupInstallFilesFromInfSectionA$SetupOpenFileQueue$SetupOpenInfFileA$SetupQueryInfOriginalFileInformationA$SetupTermDefaultQueueCallback$SetupUninstallOEMInfA$UpdateDriverForPlugAndPlayDevicesA$cfgmgr32.dll$difxapi.dll$newdev.dll$setupapi.dll
                                    • API String ID: 1889659487-353350101
                                    • Opcode ID: 708a2418d327a5d918c486b5d1c6fa8a4eb98b6af84075268749c76278493648
                                    • Instruction ID: fc00e69a26d8d14dc85430ad4c2244c551d9f047fea17f89a634ea1af39f9a24
                                    • Opcode Fuzzy Hash: 708a2418d327a5d918c486b5d1c6fa8a4eb98b6af84075268749c76278493648
                                    • Instruction Fuzzy Hash: 74A28CB4206B04A5FE57DB17B8953E423A5BB4DBC0F940129FA4E4B374EF398999C702
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140003B20, Relevance: 42.3, APIs: 20, Strings: 4, Instructions: 311memorystringCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 762 140003b20-140003b75 763 140003b77 762->763 764 140003b7a-140003b92 SetupDiGetClassDevsA 762->764 763->764 765 140003b94-140003be7 call 1400019f0 call 140005a10 GetLastError call 140005a10 call 1400066e0 call 140005a20 764->765 766 140003bec-140003c17 SetupDiEnumDeviceInfo 764->766 793 140003fb0-140003fd1 call 140009560 765->793 767 140003f14-140003f21 GetLastError 766->767 768 140003c1d 766->768 772 140003f72 767->772 773 140003f23-140003f70 call 1400019f0 call 140005a10 * 2 call 1400066e0 call 140005a20 767->773 770 140003c20-140003c23 768->770 774 140003e83-140003e86 770->774 775 140003c29-140003c3b 770->775 776 140003f76-140003f81 772->776 773->776 779 140003e88-140003e8d 774->779 780 140003e90-140003e93 774->780 781 140003c41-140003c7d SetupDiGetDeviceRegistryPropertyA 775->781 782 140003e6e-140003e73 775->782 783 140003f83-140003fa0 call 140005a10 call 1400066e0 776->783 784 140003fa5-140003fae SetupDiDestroyDeviceInfoList 776->784 779->780 787 140003e95-140003ed2 780->787 788 140003ed6-140003ede 780->788 789 140003cf8-140003cfe 781->789 790 140003c7f 781->790 782->774 783->784 784->793 787->788 788->776 795 140003ee4 788->795 800 140003d38-140003d3b 789->800 801 140003d00-140003d0a 789->801 796 140003c80-140003c89 GetLastError 790->796 808 140003eef-140003f0e SetupDiEnumDeviceInfo 795->808 809 140003ce8-140003cf0 796->809 810 140003c8b-140003c8e 796->810 806 140003d46-140003d48 800->806 807 140003d3d-140003d40 LocalFree 800->807 801->800 803 140003d0c-140003d19 call 140009be4 801->803 829 140003d33 803->829 830 140003d1b-140003d2f lstrlenA 803->830 816 140003e75-140003e7e 806->816 817 140003d4e-140003d8a SetupDiGetDeviceRegistryPropertyA 806->817 807->806 808->767 808->770 820 140003cf4-140003cf6 809->820 818 140003cdb-140003ce6 LocalFree 810->818 819 140003c90-140003cd7 LocalAlloc SetupDiGetDeviceRegistryPropertyA 810->819 816->774 824 140003e08-140003e0e 817->824 825 140003d8c 817->825 818->820 819->796 826 140003cd9 819->826 820->789 820->800 832 140003e48-140003e4b 824->832 833 140003e10-140003e1a 824->833 834 140003d90-140003d99 GetLastError 825->834 826->789 829->800 830->801 835 140003d31 830->835 838 140003e56-140003e58 832->838 839 140003e4d-140003e50 LocalFree 832->839 833->832 837 140003e1c-140003e29 call 140009be4 833->837 840 140003df8-140003e00 834->840 841 140003d9b-140003d9e 834->841 835->800 851 140003e43 837->851 852 140003e2b-140003e3f lstrlenA 837->852 845 140003ee6-140003eeb 838->845 846 140003e5e-140003e6c 838->846 839->838 842 140003e04-140003e06 840->842 847 140003deb-140003df6 LocalFree 841->847 848 140003da0-140003de7 LocalAlloc SetupDiGetDeviceRegistryPropertyA 841->848 842->824 842->832 845->808 846->774 847->842 848->834 850 140003de9 848->850 850->824 851->832 852->833 853 140003e41 852->853 853->832
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Setup$Device$Local$ErrorFreeLastPropertyRegistry$Info$AllocEnumlstrlen$ClassDestroyDevsList
                                    • String ID: $%sCouldn't get the hardware IDs of all the devices$%sSetupDiEnumDeviceInfo failed with error: %d - %s$%sSetupDiGetClassDevs failed with error: %d - %s
                                    • API String ID: 3735440783-2713487562
                                    • Opcode ID: c6cb93a1ef6d335e67d6abd8f5307db4f856dd4929323be4471bbd9e2865b723
                                    • Instruction ID: 82ba4b4cf8874b11c31c6e6f3ac05b4117b7dc756cd5693797695ceb4312b6ee
                                    • Opcode Fuzzy Hash: c6cb93a1ef6d335e67d6abd8f5307db4f856dd4929323be4471bbd9e2865b723
                                    • Instruction Fuzzy Hash: 7CD17DB2204A8196EB63DB16F4403DAB3A5F78DBD4F540226FB4A47BA8DF39C945C700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140007260, Relevance: 28.3, APIs: 7, Strings: 9, Instructions: 258COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 854 140007260-1400072b6 call 140005eb0 * 2 call 1400070c0 861 140007308-14000732e call 140005cf0 SetupGetFieldCount 854->861 862 1400072b8-140007303 call 1400019f0 call 140005a10 call 140009150 call 140005a20 * 3 854->862 867 140007334-14000733d 861->867 868 14000758a-1400075ab call 140005f20 861->868 923 14000766b-140007686 862->923 872 140007340-140007360 SetupGetStringFieldA 867->872 879 140007604-140007636 call 140005f20 call 140005bf0 call 140005a20 * 2 868->879 880 1400075ad-1400075c5 GetSystemInfo 868->880 875 140007362-140007395 call 1400019f0 call 140005a10 call 140009150 call 140005a20 872->875 876 14000739a-1400073ac call 14000983c 872->876 912 14000741d-14000745c call 1400019f0 call 140005a10 * 2 call 140009150 call 140005a20 875->912 891 1400073c3-1400073e0 SetupGetStringFieldA 876->891 892 1400073ae-1400073c1 call 140009150 876->892 931 140007654-140007669 call 140005a20 * 2 879->931 932 140007638-140007652 call 140005a20 * 2 879->932 886 1400075f6-1400075fd 880->886 887 1400075c7-1400075ca 880->887 886->879 893 1400075e6-1400075f4 887->893 894 1400075cc-1400075e4 887->894 899 140007461-1400074a3 call 140005f20 call 140005cf0 call 140005a20 call 140009750 call 140005a50 891->899 900 1400073e2-140007418 call 1400019f0 call 140005a10 call 140009150 call 140005a20 call 140009750 891->900 892->912 893->879 894->879 954 1400074a5-1400074b7 GetSystemInfo 899->954 955 1400074f6-140007502 call 140005c60 899->955 900->912 962 140007504-140007509 912->962 931->923 932->923 958 1400074e8-1400074ef 954->958 959 1400074b9-1400074bc 954->959 955->962 964 140007511-140007585 call 140005f20 call 140006160 call 140005a10 call 140005dc0 call 140005a20 * 4 955->964 958->955 960 1400074d8-1400074e6 959->960 961 1400074be-1400074d6 959->961 960->955 961->955 962->872 965 14000750f 962->965 964->923 965->868
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: FieldSetup$String_vfwprintf_pfree$CountErrorFormatInfoLastMessageSystem
                                    • String ID: Failed retrieving model field %s$Failed retrieving platform field %d for model %s: %s$Failed to allocate %d bytes for INF field$Failed to retrieve size of INF field: %s$Failed to retrieve value of INF field: %s$ia64$ntamd64$ntx86$unknown
                                    • API String ID: 606664080-2032687059
                                    • Opcode ID: bdcc5e87c6ec83ececf1ab9dee922f6cc2157c09ca97bdb8f95051200a743432
                                    • Instruction ID: b9695af54b990543e2cef917d8ad479a1d91cc9d9caa5f0e234df83f1c24f835
                                    • Opcode Fuzzy Hash: bdcc5e87c6ec83ececf1ab9dee922f6cc2157c09ca97bdb8f95051200a743432
                                    • Instruction Fuzzy Hash: D4B18EB1315A40A1EA12EB27F8957EB6351B79E7C0F805522BB4E876B6EE38C944C740
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140001000, Relevance: 100.4, APIs: 2, Strings: 55, Instructions: 600COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _vfwprintf_p$Version
                                    • String ID: WDREG utility v10.21. Build Aug 31 2010 14:21:54Log from %s$%s: completed successfully$%s: unsupported action for this driver$-compat$-delete_files$-dont_create_virtual$-file$-inf$-log$-name$-rescan$-silent$-startup$Cannot open log file %s$Cannot use -inf for this operating system$Cannot use -inf with other flags (except -silent and -log).Run without parameters to see the correct usage.$Command line:$Creating driver failed$Failed trying to %s the driver$Initializing driver failed$Invalid parameter %s$Please reboot the computer in order to complete the action$Please specify a filename after the '-file' option$Please specify a filename after the '-inf' option$Please specify a filename after the '-log' option$Please specify a name after the '-name' option$Please specify a startup level after the '-startup' option$Please specify an enumerator after the '-rescan' option$Please specify one of those values after the '-startup' option boot, system, automatic, demand, disabled$STATUS_FAILURE$STATUS_REBOOT_REQUIRED$STATUS_SUCCESS$Unsupported operating system$WDREG utility v10.21. Build Aug 31 2010 14:21:54$WDREG utility v10.21. Build Aug 31 2010 14:21:54Jungo Confidential. Copyright (c) 2010 Jungo Ltd. http://www.jungo.comCommand usage:non-WDM Drivers: (KernelPlugin Win2000/XP/Server 2003/Vista/7; .SYS drivers on WinNT4;)%s [Options ...] $WINDRVR6$Warning: failed getting full path for %s, using it as is$You need to use one of the following flags: -inf / -name.For detailed usage information, run "wdreg".$automatic$boot$create$delete$demand$disable$disabled$enable$install$no action specified: nothing to do!$preinstall$start$stop$system$uninstall$unknown option %s$windrvr6
                                    • API String ID: 4273296281-1831385799
                                    • Opcode ID: 20464c1e8fb9bca4e3b58a73ef6449eb882bf6e9cd9adc57e59e34ae3cc8fa40
                                    • Instruction ID: 25340212d8ee0cc928dbd1660da5642d866afd2f61e288ed0b466eb40a68d397
                                    • Opcode Fuzzy Hash: 20464c1e8fb9bca4e3b58a73ef6449eb882bf6e9cd9adc57e59e34ae3cc8fa40
                                    • Instruction Fuzzy Hash: 4A4225B1218A4081FA22DF17F9903EA63A2B7CC7D4F944526FB5A8B6B5EF79C544C700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400077F0, Relevance: 56.4, APIs: 18, Strings: 14, Instructions: 372fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 579 1400077f0-140007868 call 140005eb0 * 2 call 140005a10 SetupOpenInfFileA 586 1400078c7-1400078f2 call 140005a10 SetupDiGetINFClassA 579->586 587 14000786a-1400078c2 call 1400019f0 call 140005a10 * 2 call 140009150 call 140005a20 * 3 579->587 592 1400078f4-140007950 call 1400019f0 call 140005a10 * 2 call 140009150 call 140005a20 SetupCloseInfFile call 140005a20 * 2 586->592 593 140007955-140007974 call 140005b20 586->593 652 140007dca-140007df0 call 140009560 587->652 592->652 601 140007985-140007987 593->601 602 140007976-14000797e 593->602 607 14000798a-14000798c 601->607 602->601 605 140007980-140007983 602->605 605->607 610 140007a0b-140007a52 SetupFindFirstLineA * 2 607->610 611 14000798e-1400079ae SetupDiClassGuidsFromNameA 607->611 613 140007a54-140007ab0 call 1400019f0 call 140005a10 * 2 call 140009150 call 140005a20 SetupCloseInfFile call 140005a20 * 2 610->613 614 140007ac0-140007ad4 call 140007260 610->614 611->610 616 1400079b0-140007a06 call 1400019f0 call 140005a10 call 140009150 call 140005a20 SetupCloseInfFile call 140005a20 * 2 611->616 613->652 628 140007b16-140007b39 call 140005a10 SetupFindFirstLineA 614->628 629 140007ad6-140007b11 call 1400019f0 call 140005a10 * 2 call 140009150 call 140005a20 614->629 616->652 646 140007d58-140007dc8 call 1400019f0 call 140005a10 * 3 call 140009150 call 140005a20 SetupCloseInfFile call 140005a20 * 2 628->646 647 140007b3f 628->647 703 140007cee-140007d06 SetupFindNextLine 629->703 646->652 653 140007b40-140007b69 SetupGetStringFieldA 647->653 661 140007ba3-140007bb2 call 14000983c 653->661 662 140007b6b-140007b9e call 1400019f0 call 140005a10 call 140009150 call 140005a20 653->662 684 140007bb4-140007bc4 call 140009150 661->684 685 140007bc6-140007be8 SetupGetStringFieldA 661->685 705 140007c25-140007c62 call 1400019f0 call 140005a10 * 2 call 140009150 call 140005a20 662->705 684->705 692 140007c64-140007cc0 call 140005f20 call 140005cf0 call 140005a20 call 140009750 call 140005a10 call 140009210 call 140005a10 call 140006970 685->692 693 140007bea-140007c20 call 1400019f0 call 140005a10 call 140009150 call 140005a20 call 140009750 685->693 754 140007cc3-140007cc7 692->754 693->705 703->614 710 140007d0c-140007d30 SetupCloseInfFile call 140005a20 * 2 703->710 752 140007cd0-140007ce8 SetupFindNextLine 705->752 710->652 752->653 752->703 755 140007d35-140007d56 SetupCloseInfFile call 140005a20 * 2 754->755 756 140007cc9-140007cce 754->756 755->652 756->752 756->755
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Setup$File_vfwprintf_pfree$ClassCloseErrorFormatLastMessageOpen
                                    • String ID: Processing HWID %s$CatalogFile$Failed getting device class GUID from class name %s: %s$Failed getting device class from INF file %s: %s$Failed locating Manufacturer section in INF file %s: %s$Failed opening INF file %s line %d: %s$Failed retrieving hardware ID field for manufacturer %s: %s$Failed retrieving manufacturer %s section from INF file %s: %s$Failed retrieving manufacturer field from INF file %s: %s$Failed to allocate %d bytes for INF field$Failed to retrieve size of INF field: %s$Failed to retrieve value of INF field: %s$Manufacturer$Version
                                    • API String ID: 2554268171-4125249935
                                    • Opcode ID: 4d8a5b3f59f9503d4fe620afd704710eed40e8eaf51d9daf31478d58338f5e67
                                    • Instruction ID: ed707adb9ba53dbb83a69ddb2e278601339c26ea061d83bac69a6d167badc795
                                    • Opcode Fuzzy Hash: 4d8a5b3f59f9503d4fe620afd704710eed40e8eaf51d9daf31478d58338f5e67
                                    • Instruction Fuzzy Hash: 65F14EB1315980A2EA12EB63F8957EB6350FBCA7C0F801526B74F876B6EE38C545C701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400080F0, Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 76libraryloaderserviceCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Handle_vfwprintf_p$AddressCloseCurrentErrorLastManagerModuleOpenProcProcessService
                                    • String ID: Can't identify SysWow64, Error: 0x%x$Cannot load dynamic functions%s$Cannot open service control manager.Make sure you are running with Administrator privileges$Cannot run an x86 build of this utility on x64 platform.$IsWow64Process$kernel32
                                    • API String ID: 4099843004-1036678174
                                    • Opcode ID: 4834887dfd10fc18cd39bada0a78cf618fe8674924b091f73d0110614c18cbd7
                                    • Instruction ID: 4a292ffbb9e73d38be772f7c7d9c985e1debc434c4a0b426b6182c5259f502a0
                                    • Opcode Fuzzy Hash: 4834887dfd10fc18cd39bada0a78cf618fe8674924b091f73d0110614c18cbd7
                                    • Instruction Fuzzy Hash: 48314DB130590195FA67EB63F8153EA22A4BB8C7D0F440525BB5E8B6F6EF39C546C700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400070C0, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 81COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _vfwprintf_p$ErrorFieldFormatLastMessageSetupStringfree
                                    • String ID: Failed to allocate %d bytes for INF field$Failed to retrieve size of INF field: %s$Failed to retrieve value of INF field: %s
                                    • API String ID: 67989277-4263525725
                                    • Opcode ID: d74c14611bca7e6128366a2f4fd0cfccf57cb74a7d0771070e0b8dd5a5c2f041
                                    • Instruction ID: 9f800009986c219b3d951088a813abdd2337ea09ceac5a9531093ea9918ec237
                                    • Opcode Fuzzy Hash: d74c14611bca7e6128366a2f4fd0cfccf57cb74a7d0771070e0b8dd5a5c2f041
                                    • Instruction Fuzzy Hash: 88315E71314A4192EA42EB27F8557DB6291ABDABD0F441225BB5E47BFAEF38C501CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140010890, Relevance: 10.7, APIs: 7, Instructions: 178COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1144 140010890-1400108cc GetStartupInfoW call 1400103ec 1147 1400108d6-1400108ee 1144->1147 1148 1400108ce-1400108d1 1144->1148 1150 140010929-14001092f 1147->1150 1151 1400108f0-140010921 1147->1151 1149 140010b34-140010b51 1148->1149 1153 140010935-14001093d 1150->1153 1154 140010a68-140010a6b 1150->1154 1151->1151 1152 140010923 1151->1152 1152->1150 1153->1154 1155 140010943-140010959 1153->1155 1156 140010a6d-140010a79 1154->1156 1157 1400109d9-1400109dd 1155->1157 1158 14001095b 1155->1158 1159 140010a8c-140010ab5 GetStdHandle 1156->1159 1160 140010a7b-140010a80 1156->1160 1157->1154 1163 1400109e3-1400109e8 1157->1163 1164 140010962-140010975 call 1400103ec 1158->1164 1161 140010b04-140010b09 1159->1161 1162 140010ab7-140010aba 1159->1162 1160->1159 1165 140010a82-140010a87 1160->1165 1169 140010b11-140010b20 1161->1169 1162->1161 1166 140010abc-140010ac7 GetFileType 1162->1166 1167 140010a55-140010a62 1163->1167 1168 1400109ea-1400109ef 1163->1168 1178 1400109d3 1164->1178 1179 140010977-140010992 1164->1179 1165->1169 1166->1161 1171 140010ac9-140010ad3 1166->1171 1167->1154 1167->1163 1168->1167 1172 1400109f1-1400109f6 1168->1172 1169->1156 1173 140010b26-140010b32 SetHandleCount 1169->1173 1175 140010ad5-140010ada 1171->1175 1176 140010adc-140010adf 1171->1176 1172->1167 1177 1400109f8-1400109fd 1172->1177 1173->1149 1180 140010ae6-140010af7 InitializeCriticalSectionAndSpinCount 1175->1180 1176->1180 1181 140010ae1 1176->1181 1182 140010a0d-140010a4b InitializeCriticalSectionAndSpinCount 1177->1182 1183 1400109ff-140010a0b GetFileType 1177->1183 1178->1157 1184 140010994-1400109c1 1179->1184 1185 1400109c9-1400109cf 1179->1185 1180->1148 1187 140010afd-140010b02 1180->1187 1181->1180 1182->1148 1188 140010a51 1182->1188 1183->1167 1183->1182 1184->1184 1189 1400109c3 1184->1189 1185->1164 1186 1400109d1 1185->1186 1186->1157 1187->1169 1188->1167 1189->1185
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$CountCriticalFileInfoInitializeSectionSpinStartupType
                                    • String ID:
                                    • API String ID: 2002992188-0
                                    • Opcode ID: 733255da6f6aab3817571311eb28898a459049c4c820d82072af2c92ebc85a10
                                    • Instruction ID: 1de62c766087428682dc86f9f33195338ebd0f25265c08e2eb3720650212e680
                                    • Opcode Fuzzy Hash: 733255da6f6aab3817571311eb28898a459049c4c820d82072af2c92ebc85a10
                                    • Instruction Fuzzy Hash: 7081E77270479085FB468F26D48439837A4E7097B8F598329EBB94B3F1DBBAC805C712
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140004C10, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 137COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1190 140004c10-140004c4a call 140005f20 call 140005a10 1195 140004c61-140004c6f call 140001c10 1190->1195 1196 140004c4c 1190->1196 1202 140004c71-140004c7d call 140005a20 1195->1202 1203 140004c82-140004c88 1195->1203 1197 140004c50-140004c53 1196->1197 1199 140004c55 1197->1199 1200 140004c58-140004c5f 1197->1200 1199->1200 1200->1195 1200->1197 1211 140004e47-140004e5f 1202->1211 1205 140004cf7-140004d34 call 140005a10 call 140003b20 1203->1205 1206 140004c8a-140004c97 call 140005a10 call 140002d30 1203->1206 1219 140004dc2-140004dca 1205->1219 1220 140004d3a-140004d42 1205->1220 1215 140004c9c-140004c9e 1206->1215 1217 140004ced 1215->1217 1218 140004ca0-140004ceb call 1400019f0 call 140005a10 * 2 call 1400066e0 call 140005a20 1215->1218 1217->1205 1218->1205 1222 140004dd7-140004de1 1219->1222 1223 140004dcc-140004dd5 1219->1223 1224 140004d44-140004d4d call 1400030f0 1220->1224 1225 140004dbd 1220->1225 1228 140004de3 FreeLibrary 1222->1228 1229 140004de9-140004df3 1222->1229 1223->1222 1227 140004e3b-140004e45 call 140005a20 1223->1227 1224->1219 1237 140004d4f-140004d85 call 140005a10 call 140003b20 1224->1237 1225->1219 1227->1211 1228->1229 1233 140004df5 FreeLibrary 1229->1233 1234 140004dfb-140004e05 1229->1234 1233->1234 1238 140004e07 FreeLibrary 1234->1238 1239 140004e0d-140004e17 1234->1239 1250 140004d8a-140004d8c 1237->1250 1238->1239 1243 140004e19 FreeLibrary 1239->1243 1244 140004e1f-140004e34 1239->1244 1243->1244 1244->1227 1250->1219 1252 140004d8e-140004d96 1250->1252 1252->1225 1254 140004d98-140004db8 call 140005a10 call 1400066e0 1252->1254 1254->1225
                                    APIs
                                    Strings
                                    • %sWarning: the device (hwid:%s) is not plugged-in., xrefs: 0000000140004DAA
                                    • %sWarning: cannot copy the INF file for device (hwid:%s): %s, xrefs: 0000000140004CCD
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: FreeLibrary$free
                                    • String ID: %sWarning: cannot copy the INF file for device (hwid:%s): %s$%sWarning: the device (hwid:%s) is not plugged-in.
                                    • API String ID: 573304979-930569882
                                    • Opcode ID: 6ed43d95c257d7ce751d75b075bcad246b839a001b1f6424f6f89152cc64b546
                                    • Instruction ID: eaecedc2fb57e334c04bcf02524c6857764034a5754022ba3400b9dc0714b6b8
                                    • Opcode Fuzzy Hash: 6ed43d95c257d7ce751d75b075bcad246b839a001b1f6424f6f89152cc64b546
                                    • Instruction Fuzzy Hash: 766139B1205B4095FB62EB23F8553DA72A4F7897C0F84022AFB4A876B6DF39C945C705
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000CD94, Relevance: 9.1, APIs: 6, Instructions: 63COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1258 14000cd94-14000cdc7 call 1400110c0 1261 14000ce47-14000ce49 1258->1261 1262 14000cdc9-14000cddc 1258->1262 1265 14000ce55-14000ce57 1261->1265 1266 14000ce4b-14000ce50 call 140010f9c 1261->1266 1263 14000ce33-14000ce46 call 14000cc18 1262->1263 1264 14000cdde-14000ce04 DecodePointer * 2 1262->1264 1263->1261 1269 14000ce06-14000ce12 1264->1269 1270 14000ce20-14000ce2e call 14000cc18 1264->1270 1267 14000ce59-14000ce76 call 140010f9c call 14000cbac ExitProcess 1265->1267 1268 14000ce7d-14000ce92 1265->1268 1266->1265 1269->1270 1274 14000ce14-14000ce1a 1269->1274 1270->1263 1278 14000ce1c 1274->1278 1279 14000ce1e 1274->1279 1278->1279 1279->1269
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: DecodePointer_initterm$ExitProcess_lock
                                    • String ID:
                                    • API String ID: 4044905312-0
                                    • Opcode ID: c4e020424c5edbbc4bea516e11caa18e21469d5e25634a4a5254c7cc556604ce
                                    • Instruction ID: 9ee9d997353d9f925fe1e17e1e785e858ed5d15f91d4d7f01fcfc280aa078fa9
                                    • Opcode Fuzzy Hash: c4e020424c5edbbc4bea516e11caa18e21469d5e25634a4a5254c7cc556604ce
                                    • Instruction Fuzzy Hash: 552166B022268081FB1ADB17F8017D872A4BB8CBC4F940029BB590B7B6CF79C945C740
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000B4AC, Relevance: 7.6, APIs: 5, Instructions: 125COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1282 14000b4ac-14000b4e0 GetVersionExW 1283 14000b4e2-14000b4e7 1282->1283 1284 14000b4ec-14000b501 1282->1284 1285 14000b6ae-14000b6ce call 140009560 1283->1285 1286 14000b503 1284->1286 1287 14000b508-14000b540 1284->1287 1286->1287 1289 14000b542-14000b559 1287->1289 1290 14000b595-14000b597 1287->1290 1292 14000b563-14000b569 1289->1292 1293 14000b55b-14000b561 1289->1293 1294 14000b59b-14000b5a9 call 14000b818 1290->1294 1295 14000b573-14000b57a 1292->1295 1296 14000b56b-14000b571 1292->1296 1293->1294 1301 14000b5ab-14000b5b2 1294->1301 1302 14000b5cd-14000b5d4 call 14000e0fc 1294->1302 1298 14000b584-14000b593 1295->1298 1299 14000b57c-14000b582 1295->1299 1296->1294 1298->1294 1299->1294 1303 14000b5b4 call 14000d13c 1301->1303 1304 14000b5b9-14000b5c8 call 14000cf44 call 14000cbe8 1301->1304 1310 14000b5d6-14000b5dd 1302->1310 1311 14000b5f9-14000b600 call 140010890 1302->1311 1303->1304 1304->1302 1314 14000b5e4-14000b5f8 call 14000cf44 call 14000cbe8 1310->1314 1315 14000b5df call 14000d13c 1310->1315 1319 14000b602-14000b607 call 14000cb7c 1311->1319 1320 14000b60c-14000b62c GetCommandLineA call 140011ed0 call 140011dd8 1311->1320 1314->1311 1315->1314 1319->1320 1329 14000b638-14000b63f call 140011a64 1320->1329 1330 14000b62e-14000b633 call 14000cb7c 1320->1330 1334 14000b641-14000b646 call 14000cb7c 1329->1334 1335 14000b64b-14000b654 call 14000ccd8 1329->1335 1330->1329 1334->1335 1339 14000b656-14000b658 call 14000cb7c 1335->1339 1340 14000b65d-14000b685 call 140001000 1335->1340 1339->1340 1344 14000b687-14000b689 call 14000ceb4 1340->1344 1345 14000b68e-14000b6ac call 14000cecc 1340->1345 1344->1345 1345->1285
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: CommandLineVersion__setargv
                                    • String ID:
                                    • API String ID: 2826300012-0
                                    • Opcode ID: 04d519d436ffdb82d465fece200651be63796011effa11c881333c9c94729c16
                                    • Instruction ID: 501a3e6d81011dcae229c0b38c77ecb5d035c8abeed1aacbedf0a1650ea8fc1c
                                    • Opcode Fuzzy Hash: 04d519d436ffdb82d465fece200651be63796011effa11c881333c9c94729c16
                                    • Instruction Fuzzy Hash: 87516DB021464286FB67EB67F8927EA36A1AB9C7C5F500139F745876F2DB39C844CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000983C, Relevance: 7.5, APIs: 5, Instructions: 47memoryCOMMONLIBRARYCODE
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1350 14000983c-140009852 1351 140009854-14000985c 1350->1351 1352 1400098d0-1400098e0 call 14000b714 call 14000b790 1350->1352 1353 140009860-14000986a 1351->1353 1363 1400098e2-1400098f1 1352->1363 1355 14000988c-14000989d RtlAllocateHeap 1353->1355 1356 14000986c-140009885 call 14000d13c call 14000cf44 call 14000cbe8 1353->1356 1360 1400098cb-1400098ce 1355->1360 1361 14000989f-1400098a5 1355->1361 1356->1355 1360->1363 1365 1400098b5-1400098ba call 14000b790 1361->1365 1366 1400098a7-1400098b1 call 14000b714 1361->1366 1374 1400098c0-1400098c5 call 14000b790 1365->1374 1373 1400098b3 1366->1373 1366->1374 1373->1353 1374->1360
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$AllocateHeap
                                    • String ID:
                                    • API String ID: 502529563-0
                                    • Opcode ID: 2fa9f452854abb1f20cb5342d5393a6dc66ba85a573c5aa4d608459381ac8468
                                    • Instruction ID: f8124b4ddef323a2f58e6b279d6a1de12176d1201a7200c1816ffde2305edd1c
                                    • Opcode Fuzzy Hash: 2fa9f452854abb1f20cb5342d5393a6dc66ba85a573c5aa4d608459381ac8468
                                    • Instruction Fuzzy Hash: FB115BB060564485FB57EB67B8417E923919B8DBE0F088635FB1A477E6CF7888808721
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000A89C, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1425 14000a89c-14000a8ce call 14000cc00 1428 14000a8d4-14000a8db 1425->1428 1429 14000a986-14000a9ac call 14000cc0c 1425->1429 1428->1429 1430 14000a8e1-14000a8fb DecodePointer * 2 1428->1430 1430->1429 1432 14000a901-14000a90f 1430->1432 1432->1429 1434 14000a911-14000a91f call 1400102f4 1432->1434 1437 14000a921-14000a933 1434->1437 1438 14000a970-14000a983 EncodePointer 1434->1438 1439 14000a942-14000a94a 1437->1439 1440 14000a935-14000a940 call 1400101d0 1437->1440 1438->1429 1439->1429 1442 14000a94c-14000a957 call 1400101d0 1439->1442 1440->1439 1445 14000a959-14000a969 EncodePointer 1440->1445 1442->1429 1442->1445 1445->1438
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Pointer$DecodeEncode$_errno
                                    • String ID:
                                    • API String ID: 1230916053-0
                                    • Opcode ID: c4e198d4853535845a7573d1eb5d423ef1feeaead6265595d87ccab9310be368
                                    • Instruction ID: 8608c10c1ebf228ae1dd6d5ecf2eb75cde534096096ee728a6e76339886e589f
                                    • Opcode Fuzzy Hash: c4e198d4853535845a7573d1eb5d423ef1feeaead6265595d87ccab9310be368
                                    • Instruction Fuzzy Hash: B921397130265081EE42EB57F5483DAA3A1B74EBC4F568826FB4D0B7A9DE7CC8958304
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140001B80, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1447 140001b80-140001b8c 1448 140001b99-140001ba3 1447->1448 1449 140001b8e-140001b97 1447->1449 1451 140001ba5 FreeLibrary 1448->1451 1452 140001bab-140001bb5 1448->1452 1449->1448 1450 140001bff-140001c03 1449->1450 1451->1452 1453 140001bb7 FreeLibrary 1452->1453 1454 140001bbd-140001bc7 1452->1454 1453->1454 1455 140001bc9 FreeLibrary 1454->1455 1456 140001bcf-140001bd9 1454->1456 1455->1456 1457 140001be1-140001bf8 1456->1457 1458 140001bdb FreeLibrary 1456->1458 1457->1450 1458->1457
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: FreeLibrary
                                    • String ID:
                                    • API String ID: 3664257935-0
                                    • Opcode ID: 0aaa8caf2ac11c7b37fc96b0cae5a83f05814bd0172a09ad526bdd5afb4f36c8
                                    • Instruction ID: 1c68a36593599726f9af53a282bceea3abe5ce475c3edb9373e220275225fc52
                                    • Opcode Fuzzy Hash: 0aaa8caf2ac11c7b37fc96b0cae5a83f05814bd0172a09ad526bdd5afb4f36c8
                                    • Instruction Fuzzy Hash: 77018078202B0499FA47DF67AC913E032E5BB8CBC0F54025DFA098B270EF388841C602
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140005F20, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 79COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1459 140005f20-140005f5d call 14000983c 1462 140005f8b-140005f8e 1459->1462 1463 140005f5f-140005f69 1459->1463 1464 140006014-140006018 1462->1464 1465 140005f94-140005fa6 1462->1465 1466 140005f6b-140005f7b call 14000a440 call 140009750 1463->1466 1467 140005f80-140005f87 1463->1467 1468 14000601b-140006032 1464->1468 1469 140005fa8 1465->1469 1470 140005fab-140005fae 1465->1470 1466->1467 1467->1462 1469->1470 1472 140005ff2-140005ffd 1470->1472 1473 140005fb0-140005fc8 call 14000983c 1470->1473 1476 140006000-140006010 1472->1476 1473->1472 1480 140005fca-140005fd4 1473->1480 1476->1476 1478 140006012 1476->1478 1478->1468 1481 140005fd6-140005fe6 call 14000a440 call 140009750 1480->1481 1482 140005feb-140005fee 1480->1482 1481->1482 1482->1472
                                    APIs
                                      • Part of subcall function 000000014000983C: _FF_MSGBANNER.LIBCMT ref: 000000014000986C
                                      • Part of subcall function 000000014000983C: RtlAllocateHeap.NTDLL(?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000001400110E3,?,?,00000000,000000014000ADE8), ref: 0000000140009891
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098B5
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098C0
                                    • free.LIBCMT ref: 0000000140005F7B
                                      • Part of subcall function 0000000140009750: HeapFree.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009766
                                      • Part of subcall function 0000000140009750: _errno.LIBCMT ref: 0000000140009770
                                      • Part of subcall function 0000000140009750: GetLastError.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009778
                                    • free.LIBCMT ref: 0000000140005FE6
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$Heapfree$AllocateErrorFreeLast
                                    • String ID: setupapi.dll
                                    • API String ID: 3377555370-3506073724
                                    • Opcode ID: 9043abaf6dba0e39ef67dd926e93d7164d3ca500aef90d9c61f3662c41987198
                                    • Instruction ID: 03d74945e021815c04d9c9d5589245fc2d44788ba91de3deb37a3fc16af7b132
                                    • Opcode Fuzzy Hash: 9043abaf6dba0e39ef67dd926e93d7164d3ca500aef90d9c61f3662c41987198
                                    • Instruction Fuzzy Hash: 3F3164B6205B8186EE26DF17F4403AAB7A0E749BD4F188525EBAE07BA5DF3CD441C350
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000B818, Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Heap$Information$Create
                                    • String ID:
                                    • API String ID: 1487802526-0
                                    • Opcode ID: 3635ab072b17c61c96a093286bb3d589c330901bfce161e6a64714cb1d56c969
                                    • Instruction ID: fd755b440e05a9a95d8abd57cd974581ccefcf0b40d7431cfe6ef3a6f6ff2404
                                    • Opcode Fuzzy Hash: 3635ab072b17c61c96a093286bb3d589c330901bfce161e6a64714cb1d56c969
                                    • Instruction Fuzzy Hash: 66F05EB162168092F7899B12E889B957260F78C781F409019FB4A43768DF3DC085CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140002D30, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    • %sWarning: cannot copy INF file %s to the INF directory: %s, xrefs: 0000000140002DF8
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: free$CopyErrorFormatLastMessageSetup
                                    • String ID: %sWarning: cannot copy INF file %s to the INF directory: %s
                                    • API String ID: 4182642161-1333120281
                                    • Opcode ID: 5411da116c6eb75d68c5cbdddcfeb5a0f35570fd9f1a84bb89da1fbd42089cce
                                    • Instruction ID: a260bcda6a67e270aa816ece544500d6adaae5e0dc98e563fb72a3a11fcabc1b
                                    • Opcode Fuzzy Hash: 5411da116c6eb75d68c5cbdddcfeb5a0f35570fd9f1a84bb89da1fbd42089cce
                                    • Instruction Fuzzy Hash: 1D31327121598062E621FB66F8963DB6361F7DA3C1F811625B79E83AF6DE38C944CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140011A64, Relevance: 3.1, APIs: 2, Instructions: 85COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: __initmbctablefree
                                    • String ID:
                                    • API String ID: 4048718625-0
                                    • Opcode ID: 707cfe73b69d28fbd41a27e71dd1c4459dbdcd0f8e574bd82994c511f2d22f02
                                    • Instruction ID: 7cea7c463272bef0f5572d1f7ff27c394584c00b54fd460e38b1be93774637b2
                                    • Opcode Fuzzy Hash: 707cfe73b69d28fbd41a27e71dd1c4459dbdcd0f8e574bd82994c511f2d22f02
                                    • Instruction Fuzzy Hash: 1F31D27570664045FB568B23B8407E93A91AB5C7E4F584718BF684BAF6DF7AC040C200
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014001033C, Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • _errno.LIBCMT ref: 000000014001035F
                                    • RtlAllocateHeap.NTDLL(?,?,?,?,00000000,000000014001489B,?,?,00000000,000000014000DEF3,?,?,00000000,000000014000B799), ref: 00000001400103A8
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: AllocateHeap_errno
                                    • String ID:
                                    • API String ID: 242259997-0
                                    • Opcode ID: 0ef3d0e98a5ef3d40b2818c87bb85fbc6e29815c8717bf9c0b392d6166e11ca2
                                    • Instruction ID: 9666080b9eb535d7e33b8c19bd976a677e944fe4becf791e165e81fe0e1971cf
                                    • Opcode Fuzzy Hash: 0ef3d0e98a5ef3d40b2818c87bb85fbc6e29815c8717bf9c0b392d6166e11ca2
                                    • Instruction Fuzzy Hash: F111257130526087FF178B27E6447EDB295A79C7E4F088721BFA94B7F4DBB985808600
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400103EC, Relevance: 3.0, APIs: 2, Instructions: 22COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID:
                                    • API String ID: 2918714741-0
                                    • Opcode ID: b2f66f09a795db3cc2f58cb9ab8fd87ef2d849e4174b02f5ff3105c7acb06222
                                    • Instruction ID: 111031f64989afe724f459ff0e9d6ef547fb7376852f700e861f2002f86f6fd4
                                    • Opcode Fuzzy Hash: b2f66f09a795db3cc2f58cb9ab8fd87ef2d849e4174b02f5ff3105c7acb06222
                                    • Instruction Fuzzy Hash: E4E012B272538447EA529B53F1C13DA62A4AB9C7D0F544024FB8C077A6DB79C840CB10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140012A94, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: EncodePointer
                                    • String ID:
                                    • API String ID: 2118026453-0
                                    • Opcode ID: 18d6ce85c6607c875f682a818518c41bee8132d99c3125ecc31c884aaa54386f
                                    • Instruction ID: 2f7dd9b170810d7a37784435576ac98eb5ef92685def3ff7e5361fc09cd74cba
                                    • Opcode Fuzzy Hash: 18d6ce85c6607c875f682a818518c41bee8132d99c3125ecc31c884aaa54386f
                                    • Instruction Fuzzy Hash: FCD05B32B60540C2DB519B26F55039923A4E7C87D4F58C011E75C07659C939C855C711
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140005EB0, Relevance: 1.3, APIs: 1, Instructions: 30COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 000000014000983C: _FF_MSGBANNER.LIBCMT ref: 000000014000986C
                                      • Part of subcall function 000000014000983C: RtlAllocateHeap.NTDLL(?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000001400110E3,?,?,00000000,000000014000ADE8), ref: 0000000140009891
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098B5
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098C0
                                    • free.LIBCMT ref: 0000000140005EFE
                                      • Part of subcall function 0000000140009750: HeapFree.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009766
                                      • Part of subcall function 0000000140009750: _errno.LIBCMT ref: 0000000140009770
                                      • Part of subcall function 0000000140009750: GetLastError.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009778
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$Heap$AllocateErrorFreeLastfree
                                    • String ID:
                                    • API String ID: 1720997648-0
                                    • Opcode ID: b5f13b1a4be6436122ec3ab5cc4ca3b343caa525f2e557fc6fb87ce4da41f348
                                    • Instruction ID: 41f298bb13d0881af24310473346aa492613f88abd1367d2d2a576024ad621ca
                                    • Opcode Fuzzy Hash: b5f13b1a4be6436122ec3ab5cc4ca3b343caa525f2e557fc6fb87ce4da41f348
                                    • Instruction Fuzzy Hash: 7EF01DB2205B8485EF46DF66E4403A973A5E78DFC8F188435EB5C4B3AADB79C851C350
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 00000001400086D0, Relevance: 31.6, APIs: 10, Strings: 8, Instructions: 127serviceCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Service$ErrorLast_vfwprintf_p$CloseDeleteHandleOpen
                                    • String ID: Cannot delete the service: %s$Cannot remove the service - access denied$ControlService failed: %s$Error trying to open service %s for delete: %s$Service %s already deleted$The removal will take effect after the system reboots.$The system is busy. Please reboot the machineand try again.$x
                                    • API String ID: 3582348919-1173064612
                                    • Opcode ID: f06ca242807996fab8a3dd643aff2b5378f516d886bfa689b025f87563f4aac9
                                    • Instruction ID: 48cf6a411171282e646e89599cf995fce3204ae41a7219d0f992cb2b4cdf5a64
                                    • Opcode Fuzzy Hash: f06ca242807996fab8a3dd643aff2b5378f516d886bfa689b025f87563f4aac9
                                    • Instruction Fuzzy Hash: B4516EB131494092FA23EB13F8583EA2261BB8DBD0F854625FB4E872F6DE39C945C301
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400121A8, Relevance: 28.9, APIs: 19, Instructions: 440COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: __doserrno_errno
                                    • String ID:
                                    • API String ID: 921712934-0
                                    • Opcode ID: aee7ec0f7ee071fcf5ab062b8adcd4e5444fe40db1ac2ee56c7ecb626a921ccc
                                    • Instruction ID: 7bf92d6de3aa6ef7e5d9e7e65d6e819065a0da70fcdf739882ffcb739e078db6
                                    • Opcode Fuzzy Hash: aee7ec0f7ee071fcf5ab062b8adcd4e5444fe40db1ac2ee56c7ecb626a921ccc
                                    • Instruction Fuzzy Hash: CA02D07271464186EB228F2AE4843EE67A1F79C7C4F550116FB4A4B6F8EB3EC955CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140015DEC, Relevance: 20.0, APIs: 13, Instructions: 499fileCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$__doserrno$CloseFileHandle$CreateErrorLastType
                                    • String ID:
                                    • API String ID: 2510576375-0
                                    • Opcode ID: ca2b74d0937f518d223502f32e4a42f731e902beda2180dbef86cb69c8a4ac4c
                                    • Instruction ID: d862426a153d895559ce082ac3d2d546ed24e7f46e5292c4245eaf0f72d0e0b8
                                    • Opcode Fuzzy Hash: ca2b74d0937f518d223502f32e4a42f731e902beda2180dbef86cb69c8a4ac4c
                                    • Instruction Fuzzy Hash: 3312F37261464086FB769A3BE8807ED26A1B38D7D4F244229FB664F6F5CB3ACD41C701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140017ACC, Relevance: 18.1, APIs: 12, Instructions: 115memoryfileCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$Heap$ErrorFileLastProcess__doserrno$AllocFreePointer
                                    • String ID:
                                    • API String ID: 3112900366-0
                                    • Opcode ID: 5458c50b896ef7e216aedbb76431fc36a28681ed3cf38ece300bbf12c5758f9a
                                    • Instruction ID: 9483cb7a444d84cae398f713e06ca9cf3fc13a123e7971610ef56682033acbc4
                                    • Opcode Fuzzy Hash: 5458c50b896ef7e216aedbb76431fc36a28681ed3cf38ece300bbf12c5758f9a
                                    • Instruction Fuzzy Hash: 0F418D3530495086EA1AAB37A8447DA72A2A78CBF0F144714FB3D0F7F6DB7AC4458641
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400092A0, Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 114fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: free$_vfwprintf_p$CloseControlCreateDeviceFileHandle_getch
                                    • String ID: *WINDRVR6$Cannot set driver name$There %s currently %d connected device%s using WinDriver.Please disconnect or uninstall all connected devices from the Device Managerand press Retry.To reload WinDriver, press Cancel and reboot.$There %s currently %d open application%s using WinDriver.Please close all applications and press Retry.To reload WinDriver, press Cancel and reboot.$WINDRVR6$are
                                    • API String ID: 2347401647-404040874
                                    • Opcode ID: c8549be5061474a5cf2886adcfaf22862d06ecb44e4da58dc47186b3019f7a4f
                                    • Instruction ID: cbaf6fe13c27fd079fd0fe7b342d703fc041198953b91929195afaa732150760
                                    • Opcode Fuzzy Hash: c8549be5061474a5cf2886adcfaf22862d06ecb44e4da58dc47186b3019f7a4f
                                    • Instruction Fuzzy Hash: 2C419372314A4099E622DB26F840BDA7360A78A7E0F501225FB5D876F5DF39C549CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140012DC4, Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 303COMMON
                                    Download Yara Rule
                                    APIs
                                    • _lock.LIBCMT ref: 0000000140012DED
                                    • free.LIBCMT ref: 0000000140012EE7
                                      • Part of subcall function 0000000140009750: HeapFree.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009766
                                      • Part of subcall function 0000000140009750: _errno.LIBCMT ref: 0000000140009770
                                      • Part of subcall function 0000000140009750: GetLastError.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009778
                                    • ___lc_codepage_func.LIBCMT ref: 0000000140012E65
                                      • Part of subcall function 000000014000C690: RtlCaptureContext.KERNEL32 ref: 000000014000C69E
                                      • Part of subcall function 000000014000C690: RtlLookupFunctionEntry.KERNEL32 ref: 000000014000C6B7
                                      • Part of subcall function 000000014000C690: RtlVirtualUnwind.KERNEL32 ref: 000000014000C6F3
                                      • Part of subcall function 000000014000C690: OutputDebugStringA.KERNEL32 ref: 000000014000C722
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$CaptureContextDebugEntryErrorFreeFunctionHeapLastLookupOutputStringUnwindVirtual___lc_codepage_func_lockfree
                                    • String ID: -
                                    • API String ID: 2788215654-2547889144
                                    • Opcode ID: d9ebf2b80148a67454c0ec5a9b59e23095c8e789b8897401ca3a9545fdf91fd4
                                    • Instruction ID: 2a2b08abffb9421d183083164081d0ff035e9c4b9be373a57279063aa0873197
                                    • Opcode Fuzzy Hash: d9ebf2b80148a67454c0ec5a9b59e23095c8e789b8897401ca3a9545fdf91fd4
                                    • Instruction Fuzzy Hash: CBD1E7766042808AE737DB27E8517DA77A5F38C7C8F444229FB894B7B5CB3AC8558B01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140008500, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 96serviceCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Service$CloseErrorHandleLastOpen
                                    • String ID: Error trying to open service %s (0x%lx): %s$Failed creating service %s: %s
                                    • API String ID: 4162089118-1272098570
                                    • Opcode ID: 47c3fab6b98b93d05d939bad6500523f1282392fd9e9e31aeafa176f9b1f9ce9
                                    • Instruction ID: 7e941c079b479c32ef896aef597831ffef21f5a1bc021d9d216eb462ede00376
                                    • Opcode Fuzzy Hash: 47c3fab6b98b93d05d939bad6500523f1282392fd9e9e31aeafa176f9b1f9ce9
                                    • Instruction Fuzzy Hash: 99413E71305A4096EA12EB26F8583DA73A0F78D7D0F500629BB9E877B6DF39C585C740
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000CF44, Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetModuleFileNameA.KERNEL32(?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170,?,?,?,?,0000000140009871,?,?,00000000,0000000140011015), ref: 000000014000D006
                                    • GetStdHandle.KERNEL32(?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170,?,?,?,?,0000000140009871,?,?,00000000,0000000140011015), ref: 000000014000D0E2
                                    • WriteFile.KERNEL32(?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170,?,?,?,?,0000000140009871,?,?,00000000,0000000140011015), ref: 000000014000D11F
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: File$HandleModuleNameWrite
                                    • String ID: <program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $WDREG utility v10.21. Build Aug 31 2010 14:21:54
                                    • API String ID: 3784150691-2583370257
                                    • Opcode ID: bb8f2c7daf1dacc114cd4c96501ab0719209a14760fba2abc1c2ad3cb9bc9e08
                                    • Instruction ID: b97b20efe415c6d9a2e8cab23d7781173865c5b2d1e510af62c6aae5f480fa87
                                    • Opcode Fuzzy Hash: bb8f2c7daf1dacc114cd4c96501ab0719209a14760fba2abc1c2ad3cb9bc9e08
                                    • Instruction Fuzzy Hash: AC51E2B271074152FB26DB63B915BEA7296A78C7C4F84422ABF0947AF6CF3EC4448610
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400176EC, Relevance: 12.3, APIs: 8, Instructions: 272COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errnofree$EnvironmentVariable
                                    • String ID:
                                    • API String ID: 3637960752-0
                                    • Opcode ID: 34a0e2386867a0e4bf6bc445ba4d16a7abbba6396fe1e3049d1ef7f5a485b79e
                                    • Instruction ID: 0f44686b1199645ed81a86d2f4b1bfc46a9e3208ed6fd526121cec02d19a7355
                                    • Opcode Fuzzy Hash: 34a0e2386867a0e4bf6bc445ba4d16a7abbba6396fe1e3049d1ef7f5a485b79e
                                    • Instruction Fuzzy Hash: 2DB1C13271165086FB639F27A804BE966A1B78CBE0F984625BB5D4B7F5DF7AC8418300
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140012AE4, Relevance: 10.6, APIs: 7, Instructions: 137COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$ByteCharErrorLastMultiWide
                                    • String ID:
                                    • API String ID: 3895584640-0
                                    • Opcode ID: 1d71e13bd14614d4de2fb52c70f6ba274c47ad1257b8a4ee9662a6b11a3a5ec2
                                    • Instruction ID: 615474333ea08e39459046ae6654d41c06be99255e903a0f065c17cb135a9cbe
                                    • Opcode Fuzzy Hash: 1d71e13bd14614d4de2fb52c70f6ba274c47ad1257b8a4ee9662a6b11a3a5ec2
                                    • Instruction Fuzzy Hash: 3B51D67260C6C08AE7729F66E4917EEB790E3897D0F188115F7894BAE5CB39C4A18B05
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140008930, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 66serviceCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Service$_vfwprintf_p$CloseErrorFormatHandleLastMessageOpenStartfree
                                    • String ID: Error opening the service %s: %s$Error starting the service %s: %s
                                    • API String ID: 2235298671-3899500212
                                    • Opcode ID: cce18e286fa5cf345f16dad8561af524f727fd948a6378445b368979e78bb370
                                    • Instruction ID: a561f683e68406cd49786204ca2d9274a884fe85301bf03e4db6ba682362c9ba
                                    • Opcode Fuzzy Hash: cce18e286fa5cf345f16dad8561af524f727fd948a6378445b368979e78bb370
                                    • Instruction Fuzzy Hash: 8E21C57131594041EA12EB67F8593EA6360BB8EBE0F440625BF5E877F6EE38C5428301
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140009560, Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • RtlCaptureContext.KERNEL32(?,?,?,?,?,?,00000000,0000000140006849), ref: 0000000140009595
                                    • RtlLookupFunctionEntry.KERNEL32(?,?,?,?,?,?,00000000,0000000140006849), ref: 00000001400095AD
                                    • RtlVirtualUnwind.KERNEL32 ref: 00000001400095E4
                                    • SetUnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000,0000000140006849), ref: 000000014000964B
                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000,0000000140006849), ref: 0000000140009658
                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00000000,0000000140006849), ref: 000000014000965E
                                    • TerminateProcess.KERNEL32(?,?,?,?,?,?,00000000,0000000140006849), ref: 000000014000966C
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtual
                                    • String ID:
                                    • API String ID: 3266983031-0
                                    • Opcode ID: b16dfc79ce4f8f2f4e423bfb2d2b1d4c9517ffd7a0b85279cd8dc0f65418f0f7
                                    • Instruction ID: b3a2cd5d512ab16034bb13f0f73ea8928c2d9f442581186f5a94e4410517ac5a
                                    • Opcode Fuzzy Hash: b16dfc79ce4f8f2f4e423bfb2d2b1d4c9517ffd7a0b85279cd8dc0f65418f0f7
                                    • Instruction Fuzzy Hash: E1311271204A0192EB028B66F85439A67A0FB8CBD4F50011AFB8A17B74DF38C985CB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000B290, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID: WDREG utility v10.21. Build Aug 31 2010 14:21:54
                                    • API String ID: 2918714741-2635416921
                                    • Opcode ID: 4a9758924b2d97ead5d3ed8e5fc96bce222a81440e64a55925649b6c5bc35258
                                    • Instruction ID: e77428fe47c2ea632fd0c51cbbf305b98450a63d1e760ca58980afe8cc97a832
                                    • Opcode Fuzzy Hash: 4a9758924b2d97ead5d3ed8e5fc96bce222a81440e64a55925649b6c5bc35258
                                    • Instruction Fuzzy Hash: 0E4125B271829441EB2ADB3779817EE26916B89BD8F104215FF194BBF2CF7CC9068701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140006260, Relevance: 6.5, APIs: 5, Instructions: 225COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 000000014000983C: _FF_MSGBANNER.LIBCMT ref: 000000014000986C
                                      • Part of subcall function 000000014000983C: RtlAllocateHeap.NTDLL(?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000001400110E3,?,?,00000000,000000014000ADE8), ref: 0000000140009891
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098B5
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098C0
                                    • free.LIBCMT ref: 000000014000636A
                                    • free.LIBCMT ref: 0000000140006393
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errnofree$AllocateHeap
                                    • String ID:
                                    • API String ID: 2676329746-0
                                    • Opcode ID: b27dca0d590e3f74f49723f18b808315419945a8c72af04aa356cfd7a22b0493
                                    • Instruction ID: ecefc7ef20bb53fac18c2d68ae5f536a674826a75f8e49086a74cb1a8a4be004
                                    • Opcode Fuzzy Hash: b27dca0d590e3f74f49723f18b808315419945a8c72af04aa356cfd7a22b0493
                                    • Instruction Fuzzy Hash: 2481C5B1205B9049FF5ADE36B4103A96A91BB09FE8F488214FF6A277E6DB38C541C350
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140013884, Relevance: 6.2, APIs: 4, Instructions: 219COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$_isindst$_lock
                                    • String ID:
                                    • API String ID: 98040322-0
                                    • Opcode ID: e2c45c44948870b7983f746b58ecc3285dcb9489fd8ead9d51c5624f4f17a499
                                    • Instruction ID: 1d41d949abd4de73b61cf30aa70963cdd3baa74eae6ceed3264606715021df2e
                                    • Opcode Fuzzy Hash: e2c45c44948870b7983f746b58ecc3285dcb9489fd8ead9d51c5624f4f17a499
                                    • Instruction Fuzzy Hash: EA81E5B271535483EF299F2AE4517DD77A1E398BC0F148026FB898FBA9DB39C5018B40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140006040, Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 81COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 000000014000983C: _FF_MSGBANNER.LIBCMT ref: 000000014000986C
                                      • Part of subcall function 000000014000983C: RtlAllocateHeap.NTDLL(?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000001400110E3,?,?,00000000,000000014000ADE8), ref: 0000000140009891
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098B5
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098C0
                                    • free.LIBCMT ref: 000000014000609B
                                      • Part of subcall function 0000000140009750: HeapFree.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009766
                                      • Part of subcall function 0000000140009750: _errno.LIBCMT ref: 0000000140009770
                                      • Part of subcall function 0000000140009750: GetLastError.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009778
                                    • free.LIBCMT ref: 000000014000610A
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$Heapfree$AllocateErrorFreeLast
                                    • String ID: setupapi.dll
                                    • API String ID: 3377555370-3506073724
                                    • Opcode ID: cce90638379c265f087668ce1ce8c57507b3aa88ad2f64a44dc3cf13b1f9fe58
                                    • Instruction ID: 9ebf555bf6ce27b3aa3535a5294b8dfb5597442051b642f572cbe1c49163efd4
                                    • Opcode Fuzzy Hash: cce90638379c265f087668ce1ce8c57507b3aa88ad2f64a44dc3cf13b1f9fe58
                                    • Instruction Fuzzy Hash: 8831B7B220578486EE26DF27F4403AAB7A1E749BD4F188115EBAE177A6DF3DD441C340
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400019F0, Relevance: 4.5, APIs: 3, Instructions: 40windowCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: free$ErrorFormatFreeLastLocalMessage
                                    • String ID:
                                    • API String ID: 3053142517-0
                                    • Opcode ID: e10ebce59d1e51d989bc97c2b5f28da042bb8a162b62ed2e79e2750dc5cc99c5
                                    • Instruction ID: 60ee8e5114d0ae6b0102ab50d0d287545f9bfb8254b380285f765d6e4fac7554
                                    • Opcode Fuzzy Hash: e10ebce59d1e51d989bc97c2b5f28da042bb8a162b62ed2e79e2750dc5cc99c5
                                    • Instruction Fuzzy Hash: 191139B220864182EB21DB26F4543DA6760F7CABE4F545220FB9A476F8DF7DC149CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140006160, Relevance: 1.3, APIs: 1, Instructions: 75COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: free
                                    • String ID:
                                    • API String ID: 1294909896-0
                                    • Opcode ID: c40b88632e077709a8598b5a561063931c3477e33bd77a51184d12666e0194fd
                                    • Instruction ID: 620a6feb18a47c31cd2e6ecaab57b8264a1a90b53e8a08a41013dc54f1464c54
                                    • Opcode Fuzzy Hash: c40b88632e077709a8598b5a561063931c3477e33bd77a51184d12666e0194fd
                                    • Instruction Fuzzy Hash: 3321C1B120468085EB55DF76A0003A9B6A1F749BF4F18872AEF79577DACB38C8508340
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400143C0, Relevance: 53.8, APIs: 43, Instructions: 94COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: free$ErrorFreeHeapLast_errno
                                    • String ID:
                                    • API String ID: 1012874770-0
                                    • Opcode ID: 61bb5ec95e5b0476da9386a578fb04bafdbd0a29d01f3f9c6de28f41b23cc97a
                                    • Instruction ID: ce92ac608318ba65dba1067852b8984c85452e586481a30bde8a078c3d8206d1
                                    • Opcode Fuzzy Hash: 61bb5ec95e5b0476da9386a578fb04bafdbd0a29d01f3f9c6de28f41b23cc97a
                                    • Instruction Fuzzy Hash: 974164B722594481EB96FF77D8523ED1322AB88B84F054131BB5D5B6B7CFA0C855C390
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140013E54, Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 140libraryloaderCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • LoadLibraryW.KERNEL32(?,?,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000000,00000000,000000014000D0DB,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170), ref: 0000000140013E9E
                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000000,00000000,000000014000D0DB,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170), ref: 0000000140013EBD
                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000000,00000000,000000014000D0DB,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170), ref: 0000000140013EE1
                                    • EncodePointer.KERNEL32(?,?,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000000,00000000,000000014000D0DB,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170), ref: 0000000140013EEA
                                    • GetProcAddress.KERNEL32(?,?,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000000,00000000,000000014000D0DB,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170), ref: 0000000140013F00
                                    • EncodePointer.KERNEL32(?,?,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000000,00000000,000000014000D0DB,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170), ref: 0000000140013F09
                                    • GetProcAddress.KERNEL32 ref: 0000000140013F4E
                                    • EncodePointer.KERNEL32 ref: 0000000140013F57
                                    • GetProcAddress.KERNEL32 ref: 0000000140013F72
                                    • EncodePointer.KERNEL32 ref: 0000000140013F7B
                                    • DecodePointer.KERNEL32(?,?,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000000,00000000,000000014000D0DB,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170), ref: 0000000140013FA0
                                    • DecodePointer.KERNEL32(?,?,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000000,00000000,000000014000D0DB,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170), ref: 0000000140013FB6
                                    • DecodePointer.KERNEL32(?,?,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000000,00000000,000000014000D0DB,?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170), ref: 0000000140014054
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Pointer$AddressProc$Encode$Decode$LibraryLoad
                                    • String ID: GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationA$MessageBoxA$USER32.DLL$WDREG utility v10.21. Build Aug 31 2010 14:21:54
                                    • API String ID: 3623393973-124041944
                                    • Opcode ID: 91b0c4301fc8aba1c7dec3c213963a6a0080423ef4f6f4110be3a89941408abc
                                    • Instruction ID: 2fa111fd58935b4900f4d9c91521c7e4e5224fbd3a99c37ae05310a688022f3a
                                    • Opcode Fuzzy Hash: 91b0c4301fc8aba1c7dec3c213963a6a0080423ef4f6f4110be3a89941408abc
                                    • Instruction Fuzzy Hash: 28516A31615B4085FB67EB63B8517E932A0AB8CBC4F44412ABF4E4BBB5EF3AC5458701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140014D28, Relevance: 30.5, APIs: 20, Instructions: 466COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: __doserrno_errno
                                    • String ID:
                                    • API String ID: 921712934-0
                                    • Opcode ID: c2c0054a8ad2058c356eb153cd1fa1fc09dc9c5e2a647fe305a0dab17ce13ae8
                                    • Instruction ID: 8912c05bdd6d3caf4f9d8577924ed03ef78a095f34e6d81d488f54b09300de28
                                    • Opcode Fuzzy Hash: c2c0054a8ad2058c356eb153cd1fa1fc09dc9c5e2a647fe305a0dab17ce13ae8
                                    • Instruction Fuzzy Hash: A8222472208680C6EB63AB56E4843ED2B91F3897D5F588216FB5A0F7F1C77AC545C702
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400044A0, Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 292COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: free$DirectoryErrorFileFormatLastListMessageSetupWindows
                                    • String ID: %sINF cannot get a list of INF files: %s$%sINF copy %%WINDIR%%\%s cannot be deleted: %s$%sINF error getting windows directory: %s$%sINF failed allocating %ld bytes$%sWarning: INF copy for %s not found => not deleted.$PNF$\INF\
                                    • API String ID: 1309968152-3763761631
                                    • Opcode ID: 223b5a62969b1ddfee700ab58baa609cb056ecbddf722dc20ea34d884b39e094
                                    • Instruction ID: 104eb2e7af4952619592d9946d06e097be343c993b334fe1874ef6abbb18d839
                                    • Opcode Fuzzy Hash: 223b5a62969b1ddfee700ab58baa609cb056ecbddf722dc20ea34d884b39e094
                                    • Instruction Fuzzy Hash: 1AC150B132594062EA12FB66F8953DB6350FB9A7C0F801626B74E876F7EE38C944C741
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014001151C, Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 199COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno_wsopen_s
                                    • String ID: $ $ $UNICODE$UTF-16LE$UTF-8$a$ccs=$r$w
                                    • API String ID: 1497100469-859952999
                                    • Opcode ID: ab8e1f3144eafa6bdebc931d3220a61593101837723350bcc198c8cc03afad1d
                                    • Instruction ID: 70ac62ac1a00ea49ab7d282771181d099848c8f90332ba79514adf3d3167432e
                                    • Opcode Fuzzy Hash: ab8e1f3144eafa6bdebc931d3220a61593101837723350bcc198c8cc03afad1d
                                    • Instruction Fuzzy Hash: A771EDB2A1824085FB7F8A27BA047E92AD26BDD7C4F494514FF471BAF7D23BC9408201
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140008A70, Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 99serviceCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: ErrorLast_vfwprintf_p$FormatMessageOpenServicefree
                                    • String ID: Sending stop request to service: %s$Cannot open service: %s$Cannot stop service: %s$Nothing to stop: service %s does not exist$Nothing to stop: service %s is not active$WINDRVR6$windrvr6
                                    • API String ID: 276576194-3827881508
                                    • Opcode ID: ecc82703720090130841b4a193fc5584d0027bfeeb96c0829c81ec89b0afe73d
                                    • Instruction ID: 50c3c5d5882553cf8260af0073220f0b1333dedf6ba851b5f183c9398f71f882
                                    • Opcode Fuzzy Hash: ecc82703720090130841b4a193fc5584d0027bfeeb96c0829c81ec89b0afe73d
                                    • Instruction Fuzzy Hash: 364181B1304A0092EA22EB67F4953EA63A1B78E7C0F840225FB4E476F6EF39C545C701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000DF60, Relevance: 21.1, APIs: 14, Instructions: 90COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: free$_lock$ErrorFreeHeapLast_errno
                                    • String ID:
                                    • API String ID: 1575098132-0
                                    • Opcode ID: b6cafeada19b211189294fe98c39286d674c572666597c6e2a195ebc60d93e6c
                                    • Instruction ID: 21051a7da49a9fdca6f7eee3f6b0781b7671cdd826901e5272a4180c9dece9b0
                                    • Opcode Fuzzy Hash: b6cafeada19b211189294fe98c39286d674c572666597c6e2a195ebc60d93e6c
                                    • Instruction Fuzzy Hash: 0231F0B631694144FE9BEFA7E1517F92351AF8CBC4F044526BB1E076E68F74C841C261
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140003FE0, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 157COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: DeviceInfoSetup$CreateList$DestroyErrorFormatLastMessagefree
                                    • String ID: $%sError calling class installer register: %s$%sError creating device info element: %s$%sError creating empty device info list: %s$%sError setting device hardware id property: hwid %s, error %lxMake sure that the system permits addition of new devices under "%s" class
                                    • API String ID: 129083322-2336943437
                                    • Opcode ID: 1aca9a46b458c5c510b112f579b5ac330d5672b56738ebddf6e519d7cba82b7e
                                    • Instruction ID: 9d1385793a54e290cfb69f2f4060f9fab3f5b465664a93a6ea30c6ed80235ee1
                                    • Opcode Fuzzy Hash: 1aca9a46b458c5c510b112f579b5ac330d5672b56738ebddf6e519d7cba82b7e
                                    • Instruction Fuzzy Hash: 8B516FB1314A4456EA12EB63F8543DA6291B78EBE4F840229FF5A977F6EE38C504C701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400042B0, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 114fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: File$CloseCreateHandleReadSize$ErrorLast
                                    • String ID: %sINF error opening file: %s$&
                                    • API String ID: 32646414-3564837584
                                    • Opcode ID: a54edadf774f9b67afe0e14cdf481a849a2303546a1cda033b107f0f46d6a981
                                    • Instruction ID: 89e7dfc2c5aa3051d27ef8dd0ec8fc552bfeaf261b3fe503db3c5d5912d1d3b2
                                    • Opcode Fuzzy Hash: a54edadf774f9b67afe0e14cdf481a849a2303546a1cda033b107f0f46d6a981
                                    • Instruction Fuzzy Hash: C841A9B5214A4086E762EB23B8443DA23A4B78E7E4F400325FF6A476F5DF78C649C705
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140008FF0, Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 103COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _vfwprintf_p$_getch
                                    • String ID: Please press 'R' to retry or 'C' to cancel...$C$CANCEL$R$RETRY$a+t$c$r
                                    • API String ID: 2682755570-3423389621
                                    • Opcode ID: a216e02194b4a26f5bd760e2c712eb59a6343baf21346415ebfd392d76693c42
                                    • Instruction ID: 6e2de046124259a455611d0ecf1b627146e019439fd89e490db88b08f8248f57
                                    • Opcode Fuzzy Hash: a216e02194b4a26f5bd760e2c712eb59a6343baf21346415ebfd392d76693c42
                                    • Instruction Fuzzy Hash: A831A3B230164199FA67D757B8517E62294AB4D3D5F88082ABF49472F6DF3DCAC2C301
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140002F40, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 90fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Setup$FileQueue$CallbackCloseDefaultOpenfree$CommitFilesFromInitInstallSectionTerm
                                    • String ID: %sFailed opening INF file %s line %d: %s$DriverInstall
                                    • API String ID: 2023082784-3555299665
                                    • Opcode ID: ee293acae7efa64e64381b1c436258f00d3a9a89c9d1e2d19d4d671906cffb5c
                                    • Instruction ID: c177bfc718d3bd7ec89a1aaf8c671a2d70d984153c942ff2be461fbec53e59b9
                                    • Opcode Fuzzy Hash: ee293acae7efa64e64381b1c436258f00d3a9a89c9d1e2d19d4d671906cffb5c
                                    • Instruction Fuzzy Hash: 3F4131B1214A40A2EA12EB22E8553DA77A0F78EBE0F844325FB5A477F5DF38C945C741
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140008E60, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 57libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _vfwprintf_p$AddressCurrentErrorHandleLastManagerModuleOpenProcProcess
                                    • String ID: Can't identify SysWow64, Error: 0x%x$Cannot open service control manager.Make sure you are running with Administrator privileges$Cannot run an x86 build of this utility on x64 platform.$IsWow64Process$kernel32
                                    • API String ID: 4030066227-1836098034
                                    • Opcode ID: e7f71ec26f27f28a1cbe0203cd21fd8691ba3c7240c8c7fc8826f974a2ba0a03
                                    • Instruction ID: 3b37c432c306563b592afbd80c6429daf7a5f10c97cd66ce131f06a0cc67fc9e
                                    • Opcode Fuzzy Hash: e7f71ec26f27f28a1cbe0203cd21fd8691ba3c7240c8c7fc8826f974a2ba0a03
                                    • Instruction Fuzzy Hash: 32117F71711A4186EF96DB67F8543E923A1EB8C7C0F481025BB4E8B6B9EF39C585C700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000E17C, Relevance: 16.8, APIs: 11, Instructions: 263COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiStringWide
                                    • String ID:
                                    • API String ID: 2829165498-0
                                    • Opcode ID: 3c427df736d840c592fcc3e1ee847b816f4e7d61021ce69bf5ca0cf36495d5aa
                                    • Instruction ID: 2e1534e33a481ae3cb68d218cbf541959294b4db66e780ff0f1e978396b93817
                                    • Opcode Fuzzy Hash: 3c427df736d840c592fcc3e1ee847b816f4e7d61021ce69bf5ca0cf36495d5aa
                                    • Instruction Fuzzy Hash: 10B1B2B2204BC08AE762CF22A9403D977A5F7487E8F144624FB5967BE9EB78C541C700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000F810, Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 421COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: BlockUnwind$BaseEntryExceptionFunctionImageLookupRaiseThrow
                                    • String ID: bad exception$csm$csm$csm$csm
                                    • API String ID: 2128467468-506059908
                                    • Opcode ID: 3d0aee99186740652a1dd93cf70be66fef7f459a1cdd588e50105484a4ab96ba
                                    • Instruction ID: 620affbda0af06416c0f9cce251adc597f3b95d17cfbcc9627a2050ee3cccb31
                                    • Opcode Fuzzy Hash: 3d0aee99186740652a1dd93cf70be66fef7f459a1cdd588e50105484a4ab96ba
                                    • Instruction Fuzzy Hash: C602AFB220478086EA72DB27B4407EE77A4F749BC4F448126FB8947FA6DB38D551EB01
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140012870, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 89COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: __doserrno_errno
                                    • String ID: WDREG utility v10.21. Build Aug 31 2010 14:21:54
                                    • API String ID: 921712934-2635416921
                                    • Opcode ID: 4aff2e4107ae0715b2597e4d26cef1066704ebbe03631bdc50b827147a864641
                                    • Instruction ID: a3b68aae9362883327b916f1ed493f2973d662cb5fdaca21f98eaaf62b9e4bab
                                    • Opcode Fuzzy Hash: 4aff2e4107ae0715b2597e4d26cef1066704ebbe03631bdc50b827147a864641
                                    • Instruction Fuzzy Hash: 1531007222425082F313AF3BA841BDE7A91A7C87E0F554615FB690B7F2CB39C4128B50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140003800, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 154COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    • %sError changing the device status for device %s: %s, xrefs: 00000001400039CB
                                    • %sError getting the install parameters for device %s: %s, xrefs: 0000000140003A42
                                    • %sError setting the install parameters for device %s (SPECIFIC): %s, xrefs: 0000000140003962
                                    • %sError setting the install parameters for device %s (GLOBAL): %s, xrefs: 00000001400038CF
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: ClassInstallParamsSetup$ErrorFormatLastMessagefree
                                    • String ID: %sError changing the device status for device %s: %s$%sError getting the install parameters for device %s: %s$%sError setting the install parameters for device %s (GLOBAL): %s$%sError setting the install parameters for device %s (SPECIFIC): %s
                                    • API String ID: 1946844895-3296254695
                                    • Opcode ID: bf136bdba29f4a9421b81081caf2bd0af9ebd2fabcae69af794573165bae1e4a
                                    • Instruction ID: 3dbaeae9c7a2767fbda12a8e0e9fc8f4c408a6b3caeca0bf24ffd05da71eb472
                                    • Opcode Fuzzy Hash: bf136bdba29f4a9421b81081caf2bd0af9ebd2fabcae69af794573165bae1e4a
                                    • Instruction Fuzzy Hash: 8A6162B1215B4096EA52EF26F8513DA77A0F78A7C4F801229FB4E876B6DF38C544CB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140003560, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 128COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Setup$Class$CallDeviceErrorFormatInstallInstallerInstanceLastMessageParamsfree
                                    • String ID: %sError getting install params for removed device %s: %s$%sError removing device %s: %s$%sError setting install params for removing device: %s$%sRemoved %s
                                    • API String ID: 3006532288-1296256300
                                    • Opcode ID: 6a0f60a1f610a52d77322cb864601ac22673da5f068c8484270f1797eadf7189
                                    • Instruction ID: 79559821be0d00c68e88bcbb50a9edebbc35735297e05c9919a6553f1884c741
                                    • Opcode Fuzzy Hash: 6a0f60a1f610a52d77322cb864601ac22673da5f068c8484270f1797eadf7189
                                    • Instruction Fuzzy Hash: 04514EB1215B45A6EA52EB16F8503DA73A0F78D7C4F80562AF74E476B5EF38C908C740
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140010FB4, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • _FF_MSGBANNER.LIBCMT ref: 0000000140010FDB
                                      • Part of subcall function 000000014000CF44: GetModuleFileNameA.KERNEL32(?,?,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,000000014000D170,?,?,?,?,0000000140009871,?,?,00000000,0000000140011015), ref: 000000014000D006
                                      • Part of subcall function 000000014000CBE8: ExitProcess.KERNEL32 ref: 000000014000CBF7
                                      • Part of subcall function 000000014000983C: _FF_MSGBANNER.LIBCMT ref: 000000014000986C
                                      • Part of subcall function 000000014000983C: RtlAllocateHeap.NTDLL(?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000001400110E3,?,?,00000000,000000014000ADE8), ref: 0000000140009891
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098B5
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098C0
                                    • _errno.LIBCMT ref: 000000014001101D
                                    • _lock.LIBCMT ref: 0000000140011031
                                    • free.LIBCMT ref: 0000000140011053
                                    • _errno.LIBCMT ref: 0000000140011058
                                    • LeaveCriticalSection.KERNEL32(?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000001400110E3,?,?,00000000,000000014000ADE8,?,?,?,?,000000014000B32D), ref: 000000014001107E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$AllocateCriticalExitFileHeapLeaveModuleNameProcessSection_lockfree
                                    • String ID: WDREG utility v10.21. Build Aug 31 2010 14:21:54
                                    • API String ID: 1070137386-2635416921
                                    • Opcode ID: 180c5ca275ab55732a50461783afcee12dc7c0373e5a93fb8f602e98fe47b1fe
                                    • Instruction ID: bea34cd65b75c2a39c37b0b43ae93f27b48952d1f42a9c13ae488ed730229829
                                    • Opcode Fuzzy Hash: 180c5ca275ab55732a50461783afcee12dc7c0373e5a93fb8f602e98fe47b1fe
                                    • Instruction Fuzzy Hash: E0218E75A1568082F6ABAB13E4457EA6294A78DBC4F044434FB4A4B6E7CFBAC8808750
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140007F80, Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 54libraryloaderCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: AddressCurrentErrorHandleLastModuleProcProcess
                                    • String ID: Can't identify SysWow64, Error: 0x%x$Cannot run an x86 build of this utility on x64 platform.$IsWow64Process$kernel32
                                    • API String ID: 896058289-3496699341
                                    • Opcode ID: 424eaad0caa0c7d756c43f1e370194a857ceecdcfeaf463d9b98d930aa177c4d
                                    • Instruction ID: 43a23b157323f5f0ddd518736c70e927498f3a05dceabc3dd1fd631a4ad8895d
                                    • Opcode Fuzzy Hash: 424eaad0caa0c7d756c43f1e370194a857ceecdcfeaf463d9b98d930aa177c4d
                                    • Instruction Fuzzy Hash: EB11517171560286EB46DB6BF8947E95390EB8C7C4F881035BB0E877B4DE39C889C704
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000D9F0, Relevance: 13.8, APIs: 11, Instructions: 90COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: free$ErrorFreeHeapLast_errno
                                    • String ID:
                                    • API String ID: 1012874770-0
                                    • Opcode ID: 6dff679a752d613d0e4d2cda2d56002de2255f18e8177ecb06650a4c2e7d5b05
                                    • Instruction ID: a1fef226496f7fd0e4d8d5a777510f98dd59e118bfcb7fda40ab7807a21887d1
                                    • Opcode Fuzzy Hash: 6dff679a752d613d0e4d2cda2d56002de2255f18e8177ecb06650a4c2e7d5b05
                                    • Instruction Fuzzy Hash: B341FB72616A8084EF96DF63E4513E933A1EB8CBD4F190436AB0D4B6B5CF78C881C761
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014001138C, Relevance: 13.6, APIs: 9, Instructions: 85COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: __doserrno_errno
                                    • String ID:
                                    • API String ID: 921712934-0
                                    • Opcode ID: c546e78d02e7009339f4347a447611a94e8224a9fe007967290c3efe5e1f484a
                                    • Instruction ID: 17195e9e9d2aa81f2dc8d8c69dbb6179c603890010c4cb59ef3c7c4fb5de8154
                                    • Opcode Fuzzy Hash: c546e78d02e7009339f4347a447611a94e8224a9fe007967290c3efe5e1f484a
                                    • Instruction Fuzzy Hash: 9831C27261864487F71BAF63B8417DE2661ABC8BE1F558515FB060B7E3CB7AC8018B10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140017200, Relevance: 12.2, APIs: 8, Instructions: 250COMMON
                                    Download Yara Rule
                                    APIs
                                    • GetCPInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001400175AE), ref: 00000001400172F3
                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001400175AE), ref: 0000000140017372
                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001400175AE), ref: 000000014001741A
                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001400175AE), ref: 0000000140017440
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide$Info
                                    • String ID:
                                    • API String ID: 1775632426-0
                                    • Opcode ID: 347fb8b280ffd273d92e572b9c17d8cf9116591f9a3b7569aa2840028b8d11b6
                                    • Instruction ID: f2a9c4c121b0679958cd5eefb8b94754d1e6318cef57a427522da5425788b34b
                                    • Opcode Fuzzy Hash: 347fb8b280ffd273d92e572b9c17d8cf9116591f9a3b7569aa2840028b8d11b6
                                    • Instruction Fuzzy Hash: F1A1E27260468086EB329F669440BDD3BE2F3497E4F584626FB6D4B7E5CB7AC985C300
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140012050, Relevance: 12.1, APIs: 8, Instructions: 89COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: __doserrno_errno
                                    • String ID:
                                    • API String ID: 921712934-0
                                    • Opcode ID: 71b44924f26463168ec8386fca0fbb1cfa5e766ee74934f50f7e41f77b9798cc
                                    • Instruction ID: 4fe2047c34e0b2c09f36a5265af89a3740ade97c3490332ae0690486893d2eb0
                                    • Opcode Fuzzy Hash: 71b44924f26463168ec8386fca0fbb1cfa5e766ee74934f50f7e41f77b9798cc
                                    • Instruction Fuzzy Hash: 2531AD7621429082E717AF27A841B9E7A52A7C87F4F554715FF390B7F2CB3984128B50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140015458, Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID:
                                    • API String ID: 2918714741-0
                                    • Opcode ID: 2878039a58fd44fbe47c4421dc1eb28e098f2e18bc2897f3cea21c93d14a99cf
                                    • Instruction ID: e75bd40d16295c81bd2de659de0bbce65d9d7a65c9977e654ac0416999310ff5
                                    • Opcode Fuzzy Hash: 2878039a58fd44fbe47c4421dc1eb28e098f2e18bc2897f3cea21c93d14a99cf
                                    • Instruction Fuzzy Hash: AE31D272624A4086F727AF77A4A57EE2A53A7883E5F554318FB190F2F2CF79C4018704
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400101D0, Relevance: 10.6, APIs: 7, Instructions: 61COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$ErrorLast$AllocateHeapfree
                                    • String ID:
                                    • API String ID: 3707629261-0
                                    • Opcode ID: 0a3c62ae9000e1eec61882b7818730d343163648725383137621b962153e50a5
                                    • Instruction ID: be21532df955663d7b376f76377270e0dfcd3a73575f7376043bc0522819edba
                                    • Opcode Fuzzy Hash: 0a3c62ae9000e1eec61882b7818730d343163648725383137621b962153e50a5
                                    • Instruction Fuzzy Hash: C5216D7460465589FE57AB67A9083E962906B8DBE0F048630FF6A8B3F6EE7DC4408201
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140011ED0, Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: EnvironmentStrings$ByteCharFreeMultiWide$free
                                    • String ID:
                                    • API String ID: 517548149-0
                                    • Opcode ID: cd703fe02d3b77f41eef4abf89300f5c94175d5d3b3ab6f68ce391cbfd0d1cd7
                                    • Instruction ID: 317710b4b4a5e62cfda200c59fbd7acbeac38072ebb7106234d08b3f3d43ceac
                                    • Opcode Fuzzy Hash: cd703fe02d3b77f41eef4abf89300f5c94175d5d3b3ab6f68ce391cbfd0d1cd7
                                    • Instruction Fuzzy Hash: 32213072A1874486EB659F23A4443EAB3E1E78CBD4F084128FF4A4BBA9DF7DC5458701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140005060, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 105COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: FreeLibrary$free
                                    • String ID: %sWarning: the device (hwid:%s) is not installed.
                                    • API String ID: 573304979-868816708
                                    • Opcode ID: 0752e291d6d97c80f33d7d3746c8451b54fe438555d917b3651bc1203eb857da
                                    • Instruction ID: ad03dc3503df973693368e03e8f1c98543e0afc937e779a0eed222d75e8a786b
                                    • Opcode Fuzzy Hash: 0752e291d6d97c80f33d7d3746c8451b54fe438555d917b3651bc1203eb857da
                                    • Instruction Fuzzy Hash: F24115B1200B4496FB22EB22F8457EA76A4B78EBC1F544229FB49476B5DB38C885C701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000B028, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno_flush_freebuf
                                    • String ID: WDREG utility v10.21. Build Aug 31 2010 14:21:54
                                    • API String ID: 3308817952-2635416921
                                    • Opcode ID: 109d82df2f4a185f60228bc1970696ead0efcf51bf2b188ae06f11876b4e32dd
                                    • Instruction ID: 87bd5f5c2f9a2fdff9c50a40b55391b1645b1d12d2337df5546ae19edf4da0e2
                                    • Opcode Fuzzy Hash: 109d82df2f4a185f60228bc1970696ead0efcf51bf2b188ae06f11876b4e32dd
                                    • Instruction Fuzzy Hash: E501D4B271464442FF1ADB77A8913EE12516B9C7E8F280720BB69871F7DE79C4018640
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400145F4, Relevance: 8.8, APIs: 7, Instructions: 36COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: free$ErrorFreeHeapLast_errno
                                    • String ID:
                                    • API String ID: 1012874770-0
                                    • Opcode ID: 408979f8b5b7c8d0f59e99f48d2e469553aa4f58c2162d5905de57d7e72d9096
                                    • Instruction ID: 8b86d8e25997e25deec471cda33d2e1a6020a72c5cab9ca40f4f2c7c578f9a6e
                                    • Opcode Fuzzy Hash: 408979f8b5b7c8d0f59e99f48d2e469553aa4f58c2162d5905de57d7e72d9096
                                    • Instruction Fuzzy Hash: 3D01A577214C1091EB97EF63E4A23E52361AB9DBC8F450006B71E8B5B2CFB5DC81C662
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000C690, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: CaptureContextDebugEntryFunctionLookupOutputStringUnwindVirtual
                                    • String ID: Invalid parameter passed to C runtime function.
                                    • API String ID: 711593133-455672764
                                    • Opcode ID: fba6de40861da115f1c04894ec3ec0be6a6ebc63674aacdc0d3d2cf73daa974e
                                    • Instruction ID: 82fd7cecd8f46148595259a6521b7875afb33d05cc2f85b8e7e115800f438138
                                    • Opcode Fuzzy Hash: fba6de40861da115f1c04894ec3ec0be6a6ebc63674aacdc0d3d2cf73daa974e
                                    • Instruction Fuzzy Hash: 1401ED76229F8192DA658B15F8947DAB370F788795F540125EB8E07B68DF3DC298CB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140015B80, Relevance: 7.6, APIs: 5, Instructions: 141COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 0000000140010FB4: _FF_MSGBANNER.LIBCMT ref: 0000000140010FDB
                                    • _lock.LIBCMT ref: 0000000140015BBE
                                    • _lock.LIBCMT ref: 0000000140015C17
                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,?,?,00000000,00000000,00000109,000000014001600C), ref: 0000000140015C2C
                                    • EnterCriticalSection.KERNEL32(?,?,?,?,00000000,00000000,00000109,000000014001600C), ref: 0000000140015C57
                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,00000000,00000000,00000109,000000014001600C), ref: 0000000140015C67
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: CriticalSection$_lock$CountEnterInitializeLeaveSpin
                                    • String ID:
                                    • API String ID: 3451527041-0
                                    • Opcode ID: d76fbb7d49dac2cdf19b2e8729a3c439521dbc716ce71c0e2bb3ea0bb895ffb3
                                    • Instruction ID: f9beca4007352568cda71f2847d15fb79d5b56808c0269d7c25ae36bffa41d9d
                                    • Opcode Fuzzy Hash: d76fbb7d49dac2cdf19b2e8729a3c439521dbc716ce71c0e2bb3ea0bb895ffb3
                                    • Instruction Fuzzy Hash: 5E51E172204780C6EB62AF12E48439976D4F798BE9F584219FB6A0F7F5DB79C400CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000D7AC, Relevance: 7.6, APIs: 5, Instructions: 122COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 000000014000D4D0: GetOEMCP.KERNEL32(?,?,?,?,?,?,?,000000014000D7E6,?,?,?,?,?,000000014000D9DF), ref: 000000014000D4FA
                                      • Part of subcall function 000000014000983C: _FF_MSGBANNER.LIBCMT ref: 000000014000986C
                                      • Part of subcall function 000000014000983C: RtlAllocateHeap.NTDLL(?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000001400110E3,?,?,00000000,000000014000ADE8), ref: 0000000140009891
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098B5
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098C0
                                    • free.LIBCMT ref: 000000014000D857
                                      • Part of subcall function 0000000140009750: HeapFree.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009766
                                      • Part of subcall function 0000000140009750: _errno.LIBCMT ref: 0000000140009770
                                      • Part of subcall function 0000000140009750: GetLastError.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009778
                                    • _lock.LIBCMT ref: 000000014000D88F
                                    • free.LIBCMT ref: 000000014000D942
                                    • free.LIBCMT ref: 000000014000D972
                                    • _errno.LIBCMT ref: 000000014000D977
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$free$Heap$AllocateErrorFreeLast_lock
                                    • String ID:
                                    • API String ID: 113673271-0
                                    • Opcode ID: 9e55f04690e587e132355659b42bc2101b1e3bb94dbeb9ae6b40c0a3f85c3eff
                                    • Instruction ID: 9705c69ee205b1f18023ee77f3a0fd828612471e52920a23c1953d9babc9f389
                                    • Opcode Fuzzy Hash: 9e55f04690e587e132355659b42bc2101b1e3bb94dbeb9ae6b40c0a3f85c3eff
                                    • Instruction Fuzzy Hash: B9518FB260464096E756DB66B4403E9B7A1F78CBE8F148617FB9A473F6CB78C841C720
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400148EC, Relevance: 7.6, APIs: 5, Instructions: 85memorythreadCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Virtual$AllocGuaranteeInfoProtectQueryStackSystemThread
                                    • String ID:
                                    • API String ID: 513674450-0
                                    • Opcode ID: 9a37226d1ae2109e08393391b80ed4ffd8c0b5500a3d92a962a6e023de907d79
                                    • Instruction ID: 8f89bc0395ef90eb72051618c5612675aaee5714b32c9879ecdb283ed5235332
                                    • Opcode Fuzzy Hash: 9a37226d1ae2109e08393391b80ed4ffd8c0b5500a3d92a962a6e023de907d79
                                    • Instruction Fuzzy Hash: F7312132310A959AEB15CF36D8547D937A5F70CBC8F444125EB4A8BB68DF3AD585C700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000B14C, Relevance: 7.6, APIs: 5, Instructions: 83COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno
                                    • String ID:
                                    • API String ID: 2918714741-0
                                    • Opcode ID: 1e308cdc133ef77ae88deeab30a85e624ec471c87e9b7588444c6f530c5a44b2
                                    • Instruction ID: fd8484b1c71169b29c70f56d321086e1a323c9f2b88d445cabac76b0b51ab20c
                                    • Opcode Fuzzy Hash: 1e308cdc133ef77ae88deeab30a85e624ec471c87e9b7588444c6f530c5a44b2
                                    • Instruction Fuzzy Hash: F0316FB162868585F767DB73B8117DF66D2A78C7C0F445824BB4987BA6DF3CC5018704
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000E2E5, Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00000001400148EC: VirtualQuery.KERNEL32 ref: 000000014001493E
                                      • Part of subcall function 00000001400148EC: GetSystemInfo.KERNEL32 ref: 0000000140014955
                                      • Part of subcall function 00000001400148EC: SetThreadStackGuarantee.KERNEL32 ref: 0000000140014967
                                      • Part of subcall function 00000001400148EC: VirtualAlloc.KERNEL32 ref: 00000001400149C6
                                      • Part of subcall function 00000001400148EC: VirtualProtect.KERNEL32 ref: 00000001400149E1
                                    • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 000000014000E351
                                    • LCMapStringW.KERNEL32 ref: 000000014000E380
                                    • LCMapStringW.KERNEL32 ref: 000000014000E3D2
                                    • free.LIBCMT ref: 000000014000E543
                                    • free.LIBCMT ref: 000000014000E569
                                      • Part of subcall function 000000014000983C: _FF_MSGBANNER.LIBCMT ref: 000000014000986C
                                      • Part of subcall function 000000014000983C: RtlAllocateHeap.NTDLL(?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000001400110E3,?,?,00000000,000000014000ADE8), ref: 0000000140009891
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098B5
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098C0
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: Virtual$String_errnofree$AllocAllocateByteCharGuaranteeHeapInfoMultiProtectQueryStackSystemThreadWide
                                    • String ID:
                                    • API String ID: 1525220363-0
                                    • Opcode ID: 1dfa270e5d32c50f9cce3cc23f84553c6021e4b41416567b0afaf45280e09c4b
                                    • Instruction ID: 4afb7f39bbe1d8394641f5e776db1f9335c51abe5127e7999440013ac06f0117
                                    • Opcode Fuzzy Hash: 1dfa270e5d32c50f9cce3cc23f84553c6021e4b41416567b0afaf45280e09c4b
                                    • Instruction Fuzzy Hash: 3C31E0B2205AD08AE776CF22B8143E93794F74CBDDF044515EB495BBA9DB78CA45C700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140017FEC, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: __initconin
                                    • String ID:
                                    • API String ID: 2454263311-0
                                    • Opcode ID: 8ea2f48b58982aa8f2e77d3c6d316cb4ec0c96a5bddc10fe7d727daa511d0386
                                    • Instruction ID: 424d200f524c61c9f14beececb506c78d81cfde6e4cc20f15245e4a8591defb4
                                    • Opcode Fuzzy Hash: 8ea2f48b58982aa8f2e77d3c6d316cb4ec0c96a5bddc10fe7d727daa511d0386
                                    • Instruction Fuzzy Hash: 3C213931205644A5EAB38B2398443E977A5A78C7F4F044315FB794B6F4CB7ECA89CB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400094A8, Relevance: 7.5, APIs: 5, Instructions: 38timethreadCOMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                    • String ID:
                                    • API String ID: 1445889803-0
                                    • Opcode ID: 6fea42819a48a4afed4881e4c4ebd40d5e96c9dc089622f556ea15030f538073
                                    • Instruction ID: 889b0898505c66962ad5007b5b7a6c1e2f7b46554a74397a27634bad1ed8c079
                                    • Opcode Fuzzy Hash: 6fea42819a48a4afed4881e4c4ebd40d5e96c9dc089622f556ea15030f538073
                                    • Instruction Fuzzy Hash: A3014875215A4092EB52CB22F9843D563A1FB5CBE1F486A25FF5B477B8DA39C984C300
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000DEC0, Relevance: 7.5, APIs: 5, Instructions: 35COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetLastError.KERNEL32(?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54), ref: 000000014000DECA
                                    • FlsGetValue.KERNEL32(?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54), ref: 000000014000DED8
                                    • SetLastError.KERNEL32(?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54), ref: 000000014000DF28
                                      • Part of subcall function 0000000140014868: Sleep.KERNEL32(?,?,00000000,000000014000DEF3,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 00000001400148AD
                                    • FlsSetValue.KERNEL32(?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54), ref: 000000014000DF04
                                    • free.LIBCMT ref: 000000014000DF1F
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: ErrorLastValue$Sleep_lockfree
                                    • String ID:
                                    • API String ID: 1332947546-0
                                    • Opcode ID: 48fd035c66babdcfb002b4d8fea031f47c25062933fe344d85db37b371e60b51
                                    • Instruction ID: 35ae319c95b5a31ab139bfe7c834d1ab7035644d0f446119c500e6895c171341
                                    • Opcode Fuzzy Hash: 48fd035c66babdcfb002b4d8fea031f47c25062933fe344d85db37b371e60b51
                                    • Instruction Fuzzy Hash: 3A01867160160282FB469B63F4483F87251AB8C7E0F098239BF2A473F5DE38C845C211
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140009150, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _vfwprintf_p
                                    • String ID: Error: $a+t
                                    • API String ID: 1894331995-2972717919
                                    • Opcode ID: cd34162ea68bcc908baac85706e9479d7928e0efcfed15d2710de2d9d6d8d31c
                                    • Instruction ID: ab7e97eb591ee9c64244b2a810b8db6d3799e83e84d51186beab3b5e15d3fa26
                                    • Opcode Fuzzy Hash: cd34162ea68bcc908baac85706e9479d7928e0efcfed15d2710de2d9d6d8d31c
                                    • Instruction Fuzzy Hash: A11179B130074191FA16EB47BD503E9A2A5AB8C7C0F48453ABF49476B6DF3CC9818300
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000CBAC, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleW.KERNEL32(?,?,000000FF,000000014000CBF5,?,?,00000028,0000000140009885,?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000001400110E3), ref: 000000014000CBBB
                                    • GetProcAddress.KERNEL32(?,?,000000FF,000000014000CBF5,?,?,00000028,0000000140009885,?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000001400110E3), ref: 000000014000CBD0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: AddressHandleModuleProc
                                    • String ID: CorExitProcess$mscoree.dll
                                    • API String ID: 1646373207-1276376045
                                    • Opcode ID: 5092da99a59b7a4caae6aa57a066b0d28cd21f24837f911f9443660e9964c853
                                    • Instruction ID: 956d50b35615d0a01cf6c36785494f7403b12cb2c2ebc25cd683b26665dc4f0e
                                    • Opcode Fuzzy Hash: 5092da99a59b7a4caae6aa57a066b0d28cd21f24837f911f9443660e9964c853
                                    • Instruction Fuzzy Hash: EEE0127076260142FE1B9B92B8857E423919B4C780F48102D5A1F4B3B0EF3DC989C300
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140006550, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 124COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 000000014000983C: _FF_MSGBANNER.LIBCMT ref: 000000014000986C
                                      • Part of subcall function 000000014000983C: RtlAllocateHeap.NTDLL(?,?,00000000,0000000140011015,?,?,WDREG utility v10.21. Build Aug 31 2010 14:21:54,00000001400110E3,?,?,00000000,000000014000ADE8), ref: 0000000140009891
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098B5
                                      • Part of subcall function 000000014000983C: _errno.LIBCMT ref: 00000001400098C0
                                    • free.LIBCMT ref: 00000001400065EC
                                    • free.LIBCMT ref: 0000000140006687
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errnofree$AllocateHeap
                                    • String ID: newdev.dll$setupapi.dll
                                    • API String ID: 2676329746-3632918777
                                    • Opcode ID: 781f903651c45e3c61660490b9a3a154c921132f4ee9ae875bc50e739cc1f1fc
                                    • Instruction ID: 3f6df8eee86bad0a3e4d21fcbd3b339901039c583e126512682f6b8aa56d7922
                                    • Opcode Fuzzy Hash: 781f903651c45e3c61660490b9a3a154c921132f4ee9ae875bc50e739cc1f1fc
                                    • Instruction Fuzzy Hash: A241C1B6205A8086EE26DF27B4003AAB791BB4DBE4F084524AFA9577E5DF3DD041C310
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400141D4, Relevance: 6.1, APIs: 4, Instructions: 102COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: ByteCharMultiWide$StringTypefree
                                    • String ID:
                                    • API String ID: 3522554955-0
                                    • Opcode ID: 7da1cbac8c6507a3dca0eb83f64ca89d857b1f264c14660987f29d64c487fd42
                                    • Instruction ID: 4b3e41aaac4c523319f4c2fcdd0b1691afae99557ae246e6dda57e14bd357ec4
                                    • Opcode Fuzzy Hash: 7da1cbac8c6507a3dca0eb83f64ca89d857b1f264c14660987f29d64c487fd42
                                    • Instruction Fuzzy Hash: 1C415E72610A408AEB129F67D8403D97396F74CBE8F984212FF294BBF5DA79C581C340
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400117B8, Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: CriticalSection$CountEnterInitializeSpin_lockfree
                                    • String ID:
                                    • API String ID: 1657009446-0
                                    • Opcode ID: 5ab1409049612cdfdf1ff449e645b8d4787804c1d28c3191c5387de3db88d048
                                    • Instruction ID: d9ed1c18d8d08d3a81d15e85c4b5518bddf79e2b99987c97bb917db125ddc61a
                                    • Opcode Fuzzy Hash: 5ab1409049612cdfdf1ff449e645b8d4787804c1d28c3191c5387de3db88d048
                                    • Instruction Fuzzy Hash: FB414872610A4496EB569B17F8843E873A1F78CBD4F558229EB5A4B7F6CF39C841C700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000E464, Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: free$Virtual$_errno$AllocAllocateByteCharGuaranteeHeapInfoMultiProtectQueryStackStringSystemThreadWide
                                    • String ID:
                                    • API String ID: 3679212795-0
                                    • Opcode ID: 96d928e843ce8828ec5ae0a32e45c54fe1ccddf216220b2b91a3344d597f4183
                                    • Instruction ID: 751702e640a4d8f2294bbaf01374199b5458989cf0f5881fb6eb09839563cfe9
                                    • Opcode Fuzzy Hash: 96d928e843ce8828ec5ae0a32e45c54fe1ccddf216220b2b91a3344d597f4183
                                    • Instruction Fuzzy Hash: C8216DB2200AC08AE762DF22A8103EA7390F7487DDF048515FB495BBA9EB78C545C700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400157A0, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                    Download Yara Rule
                                    APIs
                                    • WideCharToMultiByte.KERNEL32 ref: 00000001400157EC
                                    • free.LIBCMT ref: 0000000140015889
                                    • WideCharToMultiByte.KERNEL32 ref: 0000000140015833
                                    • free.LIBCMT ref: 0000000140015857
                                      • Part of subcall function 0000000140009750: HeapFree.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009766
                                      • Part of subcall function 0000000140009750: _errno.LIBCMT ref: 0000000140009770
                                      • Part of subcall function 0000000140009750: GetLastError.KERNEL32(?,?,00000000,000000014000DF24,?,?,00000000,000000014000B799,?,?,?,?,00000001400098DA,?,?,00000000), ref: 0000000140009778
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _errno$ByteCharMultiWidefree$ErrorFreeHeapLast
                                    • String ID:
                                    • API String ID: 1683487404-0
                                    • Opcode ID: cae1af1a24efbc74868b94edf57096a5cd1d7c1ece8022e82b5c6dc5a9511c43
                                    • Instruction ID: d06e273e21aa6cab29cc64ee5bb9be838cb6928b3c8ec1d70d5278f6f08dd075
                                    • Opcode Fuzzy Hash: cae1af1a24efbc74868b94edf57096a5cd1d7c1ece8022e82b5c6dc5a9511c43
                                    • Instruction Fuzzy Hash: 52215E72615B4486EB55DF23E4443AAB3A0F79CBD5F084619BB8D4FAA9DFBDC0048700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140004B40, Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: FreeLibrary
                                    • String ID:
                                    • API String ID: 3664257935-0
                                    • Opcode ID: f9f305601ea9163134ae6f49820d5b80ae135b7e8b3ebd68e4ba206b795293e0
                                    • Instruction ID: 79da7c149aab8b2c61792e7f5f247190d4aae75012e4bbbac547288cb299e02a
                                    • Opcode Fuzzy Hash: f9f305601ea9163134ae6f49820d5b80ae135b7e8b3ebd68e4ba206b795293e0
                                    • Instruction Fuzzy Hash: 0E21B3B5605B4096FB16DB67B9513A5B3E8FB9C7C0F040259FB4A4BAB5CF38C850C606
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000DDBC, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: CriticalDeleteSection$Freefree
                                    • String ID:
                                    • API String ID: 1250194111-0
                                    • Opcode ID: 99d2d851aa7a26424748e53af535ae9bd1a2a7b7cb3f1d6663ad5d027c26779f
                                    • Instruction ID: d01e701ef75905dd9651573a345f7249217491625c13f79af41853f01ca33524
                                    • Opcode Fuzzy Hash: 99d2d851aa7a26424748e53af535ae9bd1a2a7b7cb3f1d6663ad5d027c26779f
                                    • Instruction Fuzzy Hash: 94119A32601A50D6FA269B13E4453D87360F748BE4F584229F7950BAB9CBBAC8A3C701
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00000001400159F8, Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: __doserrno_errno
                                    • String ID:
                                    • API String ID: 921712934-0
                                    • Opcode ID: 92010c78e7f16ed010224debf61dc7973fba8325e0209035380f6972b577ff3e
                                    • Instruction ID: b5ddc3193423af8fa6a52f10bda340bedd48ea7d1ef6585c224b1a95127e76d0
                                    • Opcode Fuzzy Hash: 92010c78e7f16ed010224debf61dc7973fba8325e0209035380f6972b577ff3e
                                    • Instruction Fuzzy Hash: 1A01B5B2654604C9FF16AB67D4927EC22909F987F2F9C4309FB2A0F6F2CB7D84414612
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 000000014000EF6A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: ExceptionRaise
                                    • String ID: csm
                                    • API String ID: 3997070919-1018135373
                                    • Opcode ID: 3f63e73cee0a0873cea256e8a06039ce86c8d3795c14671306133364d138a610
                                    • Instruction ID: baf24f870b760db7d61ae42eec72bf334a271be51036fcdd5705911d714c9339
                                    • Opcode Fuzzy Hash: 3f63e73cee0a0873cea256e8a06039ce86c8d3795c14671306133364d138a610
                                    • Instruction Fuzzy Hash: E4316F72200681C2E672DF12E048BA97765F39D7E1F458126EF5917BA5CB39D845DB00
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140008F30, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _vfwprintf_p
                                    • String ID: a+t
                                    • API String ID: 1894331995-2538352713
                                    • Opcode ID: 1716c272f5e098cacedfc83b463c79ad8c46bcf2fc770b3ff596a60ffcac0bfe
                                    • Instruction ID: 2a2989ac4b8da563255df5fad55c946a651a238cd6ea5f8359dab5e713c9d900
                                    • Opcode Fuzzy Hash: 1716c272f5e098cacedfc83b463c79ad8c46bcf2fc770b3ff596a60ffcac0bfe
                                    • Instruction Fuzzy Hash: 63019EB270270145FA57D777BC403E962816B4D7E1F880935BF48837A2EF38C9818300
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140008350, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43fileCOMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: CloseCreateFileHandle
                                    • String ID: windrvr6
                                    • API String ID: 3498533004-3224109929
                                    • Opcode ID: b4daf428e38340600cd84856720fd8905b120d31c1373401ea62757ff2ae5853
                                    • Instruction ID: 0ff61f0559a36f75c7dd68d8986631ef19a88b229f9f53a52ee2b24efcc76b6b
                                    • Opcode Fuzzy Hash: b4daf428e38340600cd84856720fd8905b120d31c1373401ea62757ff2ae5853
                                    • Instruction Fuzzy Hash: F60152B1300A0542EB569B27E45479A2390B788FE5F040225EF6B473E4DF7DC949C711
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0000000140009210, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000009.00000002.711804120.0000000140001000.00000020.00020000.sdmp, Offset: 0000000140000000, based on PE: true
                                    • Associated: 00000009.00000002.711797089.0000000140000000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711824384.0000000140019000.00000002.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711835353.0000000140022000.00000004.00020000.sdmp Download File
                                    • Associated: 00000009.00000002.711842809.0000000140026000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_9_2_140000000_wdreg.jbxd
                                    Similarity
                                    • API ID: _vfwprintf_p
                                    • String ID: a+t
                                    • API String ID: 1894331995-2538352713
                                    • Opcode ID: c00851732cf69bdb6fbde2343e70937f46acbc608f02d4bc54a2044555c15c78
                                    • Instruction ID: fafa2563ae1aa5aed79810f49ad41feeefe842dfc8a95b2677f1973f6b4f29c3
                                    • Opcode Fuzzy Hash: c00851732cf69bdb6fbde2343e70937f46acbc608f02d4bc54a2044555c15c78
                                    • Instruction Fuzzy Hash: D5017CB120574091FE56DB53B8403EA73A4AB8C7C0F44492ABF8D47BA6DF3CC6918700
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Analysis Process: CertMgr.exe PID: 4620 Parent PID: 6852 CertMgr.exeCOMMON

                                    Executed Functions

                                    Function 003F7E7F, Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 226encryptionmemoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 128 3f7e7f-3f7eb2 HeapSetInformation call 3f17f3 131 3f80ec 128->131 132 3f7eb8-3f7ed5 LoadStringW 128->132 133 3f80f1-3f80f7 call 3f8f8e 131->133 132->131 134 3f7edb-3f7eef LoadStringW 132->134 138 3f80fc-3f80fd 133->138 134->131 136 3f7ef5-3f7f0e LoadStringA 134->136 136->131 137 3f7f14-3f7f29 LoadStringW 136->137 137->131 139 3f7f2f-3f7f44 LoadStringW 137->139 140 3f80fe-3f8108 138->140 139->131 141 3f7f4a-3f7f62 LoadStringW 139->141 142 3f810a-3f810b call 3f8f35 140->142 143 3f8110-3f8117 140->143 141->131 144 3f7f68-3f7f6c 141->144 142->143 146 3f811f-3f8126 143->146 147 3f8119-3f811a call 3f8f35 143->147 148 3f7fde-3f7fe1 144->148 149 3f7f6e-3f7f7f CryptUIDlgCertMgr 144->149 151 3f812e-3f8135 146->151 152 3f8128-3f8129 call 3f8f35 146->152 147->146 153 3f7fe3-3f7fea call 3f3822 148->153 154 3f7f92-3f7fa1 148->154 155 3f7f84-3f7f8d 149->155 157 3f813e-3f8142 151->157 158 3f8137-3f8138 CryptMsgClose 151->158 152->151 170 3f7fec-3f7ff1 call 3f1864 153->170 171 3f8009-3f8034 call 3f4b58 153->171 160 3f7fca-3f7fd9 call 3f34b4 154->160 161 3f7fa3-3f7fa7 154->161 155->133 162 3f814f-3f815d call 3f86c7 157->162 163 3f8144-3f8149 CertCloseStore 157->163 158->157 174 3f7fdb 160->174 175 3f7ff6-3f7ffd 160->175 161->160 166 3f7fa9-3f7fb0 161->166 163->162 172 3f7fb9-3f7fc6 call 3f2675 166->172 173 3f7fb2-3f7fb7 166->173 170->140 183 3f803d-3f804a 171->183 184 3f8036-3f803b 171->184 172->170 186 3f7fc8 172->186 173->148 174->148 175->170 180 3f7fff-3f8004 call 3f1a02 175->180 180->140 188 3f806e-3f8071 183->188 189 3f804c-3f804f 183->189 187 3f805f-3f806c call 3f8f8e 184->187 186->148 187->131 193 3f80a5-3f80ac 188->193 194 3f8073-3f8075 188->194 189->188 191 3f8051-3f8058 189->191 191->188 195 3f805a 191->195 196 3f80ae-3f80b8 call 3f7934 193->196 197 3f80ba-3f80c1 193->197 199 3f8087-3f8091 call 3f6d37 194->199 200 3f8077-3f8085 call 3f644e 194->200 195->187 196->131 196->197 202 3f80cf-3f80d6 197->202 203 3f80c3-3f80c6 call 3f6f07 197->203 199->131 211 3f8093-3f80a4 call 3f8f8e 199->211 200->131 200->199 202->155 208 3f80dc-3f80e6 call 3f73e5 202->208 212 3f80cb-3f80cd 203->212 208->131 208->155 211->193 212->131 212->202
                                    C-Code - Quality: 50%
                                    			E003F7E7F(void* __ebx, void* __edx, void* __edi, void* __esi, char _a4, signed short** _a8) {
				signed int _v8;
				short _v28;
				short _v48;
				char _v52;
				signed int _v56;
				signed short** _v60;
				int _v80;
				signed int _t41;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				signed short* _t63;
				void* _t71;
				intOrPtr _t72;
				void* _t74;
				void* _t84;
				int _t85;
				int _t86;
				signed int _t87;
				signed char _t92;
				void* _t97;
				signed short** _t99;
				void* _t100;
				void* _t103;
				signed int _t105;

				_t97 = __edx;
				_t41 =  *0x3fa078; // 0x3e25e9e2
				_v8 = _t41 ^ _t105;
				_v56 = _v56 | 0xffffffff;
				_t99 = _a8;
				_v52 = 0;
				__imp__HeapSetInformation(0, 1, 0, 0, __edi, __esi, __ebx);
				if(E003F17F3() == 0) {
					L41:
					_push(0x1773);
					goto L42;
				} else {
					_t85 = 0xa;
					if(LoadStringW( *0x3fa7f8, 0x17a2,  &_v48, _t85) == 0 || LoadStringW( *0x3fa7f8, 0x17a3,  &_v28, _t85) == 0 || LoadStringA( *0x3fa7f8, 0x1b58, "<NULL>", _t85) == 0 || LoadStringW( *0x3fa7f8, 0x1b59, ?str?, _t85) == 0 || LoadStringW( *0x3fa7f8, 0x1b5a, ?str?, _t85) == 0) {
						goto L41;
					} else {
						_t86 = 0x14;
						if(LoadStringW( *0x3fa7f8, 0x1b5b, L"<UNKNOWN OID>", _t86) == 0) {
							goto L41;
						} else {
							if(_a4 != 1) {
								while(1) {
									_t20 =  &_a4;
									 *_t20 = _a4 - 1;
									if( *_t20 == 0) {
										break;
									}
									_t99 =  &(_t99[1]);
									_t63 =  *_t99;
									_t87 =  *_t63 & 0x0000ffff;
									_v60 = _t99;
									if(_t87 == _v48 || _t87 == _v28) {
										if(E003F34B4( &_a4,  &_v60) == 0) {
											if( *0x3fa830 != 1) {
												goto L20;
											} else {
												E003F1A02();
											}
										} else {
											_t99 = _v60;
											continue;
										}
									} else {
										if( *0x3fa83c != 0) {
											if(E003F2675(0x3fa84c, _t63) == 0) {
												L20:
												E003F1864();
											} else {
												continue;
											}
										} else {
											 *0x3fa83c = _t63;
											continue;
										}
									}
									goto L43;
								}
								if(E003F3822() != 0) {
									_t71 = E003F4B58( &_v52, _t87, _t97,  *0x3fa83c,  *0x3fa834,  *0x3fa070,  *0x3fa854,  *0x3fa85c, 1,  &_v52); // executed
									if(_t71 != 0) {
										_t72 =  *0x3fa820; // 0x0
										_t92 =  *0x3fa7fc; // 0x2
										if(_t72 == 0 || (_t92 & 0x00000004) == 0 ||  *0x3fa840 == 0) {
											if((_t92 & 0x00000001) == 0) {
												L35:
												if(( *0x3fa7fc & 0x00000004) == 0 || E003F7934(_t97, _v52) != 0) {
													if(( *0x3fa7fc & 0x00000002) == 0) {
														L39:
														if(( *0x3fa7fc & 0x00000008) == 0 || E003F73E5(_t86, _t97, _v52) != 0) {
															goto L9;
														} else {
															goto L41;
														}
													} else {
														_t74 = E003F6F07(_t86, _t97, _v52); // executed
														if(_t74 == 0) {
															goto L41;
														} else {
															goto L39;
														}
													}
												} else {
													goto L41;
												}
											} else {
												if(_t72 == 0 || E003F644E(_t97, _t72,  *0x3fa800) != 0) {
													if(E003F6D37(_t97, _v52) == 0) {
														goto L41;
													} else {
														_push(0x1c0b);
														_push( *0x3fa7f8);
														E003F8F8E();
														goto L35;
													}
												} else {
													goto L41;
												}
											}
										} else {
											_push(0x1c2b);
											goto L29;
										}
									} else {
										_push(0x17b0);
										L29:
										_push( *0x3fa7f8);
										E003F8F8E();
										goto L41;
									}
									goto L42;
								} else {
									goto L20;
								}
							} else {
								asm("stosd");
								asm("stosd");
								asm("stosd");
								asm("stosd");
								asm("stosd");
								_push( &_v80);
								_v80 = _t86;
								L003F931A();
								L9:
								_v56 = _v56 & 0x00000000;
								_push(0x1772);
								L42:
								_push( *0x3fa7f8); // executed
								E003F8F8E(); // executed
							}
						}
					}
				}
				L43:
				_t46 =  *0x3fa854; // 0x0
				_pop(_t100);
				_pop(_t103);
				_pop(_t84);
				if(_t46 != 0) {
					E003F8F35(_t46, _t46);
				}
				_t47 =  *0x3fa864; // 0x0
				if(_t47 != 0) {
					E003F8F35(_t47, _t47);
				}
				_t48 =  *0x3fa814; // 0x0
				if(_t48 != 0) {
					E003F8F35(_t48, _t48);
				}
				_t49 =  *0x3fa820; // 0x0
				if(_t49 != 0) {
					__imp__CryptMsgClose(_t49);
				}
				if(_v52 != 0) {
					__imp__CertCloseStore(_v52, 0);
				}
				return E003F86C7(_v56, _t84, _v8 ^ _t105, _t97, _t100, _t103);
			}





























                                    0x003f7e7f
                                    0x003f7e87
                                    0x003f7e8e
                                    0x003f7e91
                                    0x003f7e98
                                    0x003f7ea2
                                    0x003f7ea5
                                    0x003f7eb2
                                    0x003f80ec
                                    0x003f80ec
                                    0x00000000
                                    0x003f7eb8
                                    0x003f7ec0
                                    0x003f7ed5
                                    0x00000000
                                    0x003f7f4a
                                    0x003f7f4c
                                    0x003f7f62
                                    0x00000000
                                    0x003f7f68
                                    0x003f7f6c
                                    0x003f7fde
                                    0x003f7fde
                                    0x003f7fde
                                    0x003f7fe1
                                    0x00000000
                                    0x00000000
                                    0x003f7f92
                                    0x003f7f95
                                    0x003f7f97
                                    0x003f7f9a
                                    0x003f7fa1
                                    0x003f7fd9
                                    0x003f7ffd
                                    0x00000000
                                    0x003f7fff
                                    0x003f7fff
                                    0x003f7fff
                                    0x003f7fdb
                                    0x003f7fdb
                                    0x00000000
                                    0x003f7fdb
                                    0x003f7fa9
                                    0x003f7fb0
                                    0x003f7fc6
                                    0x003f7fec
                                    0x003f7fec
                                    0x003f7fc8
                                    0x00000000
                                    0x003f7fc8
                                    0x003f7fb2
                                    0x003f7fb2
                                    0x00000000
                                    0x003f7fb2
                                    0x003f7fb0
                                    0x00000000
                                    0x003f7fa1
                                    0x003f7fea
                                    0x003f802d
                                    0x003f8034
                                    0x003f803d
                                    0x003f8042
                                    0x003f804a
                                    0x003f8071
                                    0x003f80a5
                                    0x003f80ac
                                    0x003f80c1
                                    0x003f80cf
                                    0x003f80d6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f80c3
                                    0x003f80c6
                                    0x003f80cd
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f80cd
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f8073
                                    0x003f8075
                                    0x003f8091
                                    0x00000000
                                    0x003f8093
                                    0x003f8093
                                    0x003f8098
                                    0x003f809e
                                    0x00000000
                                    0x003f80a4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f8075
                                    0x003f805a
                                    0x003f805a
                                    0x00000000
                                    0x003f805a
                                    0x003f8036
                                    0x003f8036
                                    0x003f805f
                                    0x003f805f
                                    0x003f8065
                                    0x00000000
                                    0x003f806b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f7f6e
                                    0x003f7f73
                                    0x003f7f74
                                    0x003f7f75
                                    0x003f7f76
                                    0x003f7f77
                                    0x003f7f7b
                                    0x003f7f7c
                                    0x003f7f7f
                                    0x003f7f84
                                    0x003f7f84
                                    0x003f7f88
                                    0x003f80f1
                                    0x003f80f1
                                    0x003f80f7
                                    0x003f80fd
                                    0x003f7f6c
                                    0x003f7f62
                                    0x003f7ed5
                                    0x003f80fe
                                    0x003f80fe
                                    0x003f8103
                                    0x003f8104
                                    0x003f8105
                                    0x003f8108
                                    0x003f810b
                                    0x003f810b
                                    0x003f8110
                                    0x003f8117
                                    0x003f811a
                                    0x003f811a
                                    0x003f811f
                                    0x003f8126
                                    0x003f8129
                                    0x003f8129
                                    0x003f812e
                                    0x003f8135
                                    0x003f8138
                                    0x003f8138
                                    0x003f8142
                                    0x003f8149
                                    0x003f8149
                                    0x003f815d

                                    APIs
                                    • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 003F7EA5
                                      • Part of subcall function 003F17F3: GetModuleHandleA.KERNEL32(00000000,003F7EB0), ref: 003F17F5
                                    • LoadStringW.USER32(000017A2,?,0000000A), ref: 003F7ED1
                                    • LoadStringW.USER32(000017A3,?,0000000A), ref: 003F7EEB
                                    • LoadStringA.USER32 ref: 003F7F06
                                    • LoadStringW.USER32(00001B59,SHA1,0000000A), ref: 003F7F25
                                    • LoadStringW.USER32(00001B5A,MD5,0000000A), ref: 003F7F40
                                    • LoadStringW.USER32(00001B5B,<UNKNOWN OID>,00000014), ref: 003F7F5E
                                    • CryptUIDlgCertMgr.CRYPTUI(?), ref: 003F7F7F
                                    • CryptMsgClose.CRYPT32(00000000), ref: 003F8138
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 003F8149
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString$CertCloseCrypt$HandleHeapInformationModuleStore
                                    • String ID: <NULL>$<UNKNOWN OID>$MD5$SHA1
                                    • API String ID: 215360622-1563267417
                                    • Opcode ID: 53e0cec78beb0fad4fcd107e0870be1bebdcc9b3c8f0bd1f14b911e1c432bf76
                                    • Instruction ID: 1061170b5f48038181685a654090b27f8527cf7ddff4c1b8dc12d27ed8140eab
                                    • Opcode Fuzzy Hash: 53e0cec78beb0fad4fcd107e0870be1bebdcc9b3c8f0bd1f14b911e1c432bf76
                                    • Instruction Fuzzy Hash: F8719FB060470EFAEB176BA1ED41FBA7BBDAF00780F054025FB14A60A1DF75D849DA61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F8A1F, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 393 3f8a1f-3f8a2c SetUnhandledExceptionFilter
                                    C-Code - Quality: 100%
                                    			E003F8A1F() {

				SetUnhandledExceptionFilter(E003F89D7); // executed
				return 0;
			}



                                    0x003f8a24
                                    0x003f8a2c

                                    APIs
                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_000089D7), ref: 003F8A24
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterUnhandled
                                    • String ID:
                                    • API String ID: 3192549508-0
                                    • Opcode ID: c3647f0d5d1d2254677e2685b9f11e58cefcbc84201a6b7e3fa3e8e48f1bae24
                                    • Instruction ID: 3e620e09befa49116c20c59dce4298f566be3e473799fb03fb28f094578e6140
                                    • Opcode Fuzzy Hash: c3647f0d5d1d2254677e2685b9f11e58cefcbc84201a6b7e3fa3e8e48f1bae24
                                    • Instruction Fuzzy Hash: 10900261251146964B1617B16D096F725945A68706B414452A742D4054DF9440409616
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F6F07, Relevance: 33.4, APIs: 22, Instructions: 395encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 3f6f07-3f6f3e 1 3f73c6-3f73d8 call 3f8f8e 0->1 2 3f6f44-3f6f4b 0->2 11 3f73da-3f73dd 1->11 2->1 3 3f6f51-3f6f67 CertOpenStore 2->3 5 3f6f69-3f6f70 3->5 6 3f6f75-3f6f80 3->6 8 3f73b1-3f73c0 call 3f8f8e 5->8 9 3f6f86-3f6f8c 6->9 10 3f7010-3f7017 6->10 35 3f73c1-3f73c4 8->35 14 3f6f8e-3f6f99 call 3f1dc3 9->14 15 3f6fa7-3f6fae 9->15 12 3f713f-3f7146 10->12 13 3f701d-3f7023 10->13 17 3f714c-3f7152 12->17 18 3f7240-3f7246 12->18 19 3f7029-3f7036 call 3f1dc3 13->19 20 3f70e3-3f70ea 13->20 14->10 46 3f6f9b-3f6fa2 14->46 23 3f7048-3f704f 15->23 24 3f6fb4-3f6fd9 CertFindCertificateInStore 15->24 25 3f71dd-3f71e4 17->25 26 3f7158-3f7165 call 3f1dc3 17->26 33 3f7248-3f7252 call 3f1a5b 18->33 34 3f72c3-3f72c9 18->34 19->12 53 3f703c-3f7043 19->53 31 3f7177-3f7187 call 3f2100 20->31 32 3f70f0-3f710a call 3f1cd9 20->32 28 3f7051-3f7059 23->28 29 3f7070-3f7079 23->29 36 3f6fdb-3f6fe2 24->36 37 3f6fe7-3f6ff6 CertAddCertificateContextToStore 24->37 44 3f71e6-3f720b CertFindCTLInStore 25->44 45 3f7260-3f7270 call 3f21ed 25->45 26->18 67 3f716b-3f7172 26->67 40 3f705a-3f7062 call 3f1fb6 28->40 29->40 69 3f7189-3f7190 31->69 70 3f7195-3f7199 31->70 79 3f710c-3f7113 32->79 80 3f7118-3f7127 CertAddCRLContextToStore 32->80 33->34 81 3f7254-3f725b 33->81 42 3f72cb-3f72d5 call 3f1c45 34->42 43 3f72e0-3f72e3 call 3f4da0 34->43 35->11 49 3f72f3-3f72f6 36->49 50 3f6ff8-3f6fff 37->50 51 3f7004-3f700d CertFreeCertificateContext 37->51 84 3f707b-3f7080 40->84 85 3f7064-3f706b 40->85 42->43 88 3f72d7-3f72de 42->88 72 3f72e8-3f72ea 43->72 58 3f720d-3f7214 44->58 59 3f7219-3f7228 CertAddCRLContextToStore 44->59 82 3f727e-3f7282 45->82 83 3f7272-3f7279 45->83 62 3f73a1-3f73af CertCloseStore 46->62 60 3f731d-3f7328 49->60 61 3f72f8-3f7301 CertFreeCertificateContext 49->61 50->49 51->10 53->60 73 3f7312-3f7314 58->73 75 3f722a-3f7231 59->75 76 3f7236-3f723d CertFreeCRLContext 59->76 77 3f734d-3f7352 60->77 78 3f732a-3f7330 60->78 74 3f7304-3f7306 61->74 62->8 62->35 67->60 69->60 86 3f71bc 70->86 87 3f719b-3f71a1 70->87 72->60 89 3f72ec 72->89 73->60 91 3f7316-3f7317 CertFreeCRLContext 73->91 74->60 90 3f7308-3f730f CertFreeCRLContext 74->90 75->73 76->18 96 3f7377-3f737c 77->96 97 3f7354-3f735a 77->97 92 3f7349-3f734c free 78->92 93 3f7332-3f7347 CertFreeCertificateContext 78->93 79->74 94 3f7129-3f7130 80->94 95 3f7135-3f713c CertFreeCRLContext 80->95 81->60 100 3f7284-3f728a 82->100 101 3f72a2 82->101 83->60 104 3f7096-3f7099 84->104 105 3f7082-3f7088 84->105 85->60 86->12 106 3f71be-3f71d0 call 3f6b9f 86->106 103 3f71a3-3f71ae CertAddCRLContextToStore 87->103 88->60 89->49 90->73 91->60 92->77 93->92 93->93 94->74 95->12 96->62 102 3f737e-3f7384 96->102 98 3f735c-3f7371 CertFreeCRLContext 97->98 99 3f7373-3f7376 free 97->99 98->98 98->99 99->96 107 3f728c-3f7297 CertAddCRLContextToStore 100->107 101->18 110 3f72a4-3f72b6 call 3f6c6b 101->110 108 3f739d-3f73a0 free 102->108 109 3f7386-3f739b CertFreeCRLContext 102->109 103->12 111 3f71b0-3f71b7 103->111 113 3f709b-3f70a1 104->113 114 3f70c0 104->114 105->10 112 3f708a-3f7091 105->112 106->111 123 3f71d2-3f71db 106->123 107->18 116 3f7299-3f72a0 107->116 108->62 109->108 109->109 110->116 125 3f72b8-3f72c1 110->125 111->60 112->60 118 3f70a3-3f70ae CertAddCertificateContextToStore 113->118 114->10 120 3f70c6-3f70d6 call 3f66c9 114->120 116->60 118->10 122 3f70b4-3f70bb 118->122 120->122 127 3f70d8-3f70e1 120->127 122->60 123->103 125->107 127->118
                                    APIs
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 003F6F5C
                                    • CertCloseStore.CRYPT32(?,00000000), ref: 003F73A5
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertStore$CloseOpen
                                    • String ID:
                                    • API String ID: 2191479384-0
                                    • Opcode ID: e1e64b42c321b5a0929c058134ade6767ce13755b7fe18bfa0de6121f1027d91
                                    • Instruction ID: 3e8179e32218c4a59dc40bb3f4268d853911e80a81a401ac072ceb49034bc937
                                    • Opcode Fuzzy Hash: e1e64b42c321b5a0929c058134ade6767ce13755b7fe18bfa0de6121f1027d91
                                    • Instruction Fuzzy Hash: 1DE13AB4D0820DFBDB239F95ED84DFEBBBDEB44340F204466EA01A6160D7755A40EBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F4B58, Relevance: 18.2, APIs: 12, Instructions: 190encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 217 3f4b58-3f4b70 218 3f4b76-3f4b79 217->218 219 3f4d92 217->219 218->219 221 3f4b7f-3f4b83 218->221 220 3f4d94-3f4d98 219->220 222 3f4b9f-3f4ba2 221->222 223 3f4b85-3f4b8f 221->223 225 3f4c04-3f4c0d call 3f25ea 222->225 226 3f4ba4-3f4ba8 222->226 224 3f4b92 CertOpenStore 223->224 230 3f4b98-3f4b9a 224->230 235 3f4c0f-3f4c15 225->235 236 3f4c33-3f4c3d call 3f24d4 225->236 227 3f4baa-3f4bc8 CertOpenStore 226->227 228 3f4bf6-3f4c02 226->228 227->219 231 3f4bce-3f4bd5 227->231 228->224 233 3f4d84-3f4d86 230->233 231->233 234 3f4bdb-3f4bf4 CertCloseStore CertOpenStore 231->234 233->219 237 3f4d88-3f4d90 233->237 234->230 238 3f4c27-3f4c2e 235->238 239 3f4c17-3f4c21 235->239 242 3f4c3f-3f4c45 236->242 243 3f4c63-3f4c64 call 3f255f 236->243 237->220 238->233 239->233 239->238 245 3f4c57-3f4c5e 242->245 246 3f4c47-3f4c51 242->246 247 3f4c69-3f4c6d 243->247 245->233 246->233 246->245 248 3f4c6f-3f4c75 247->248 249 3f4c93-3f4caa CertOpenStore 247->249 250 3f4c87-3f4c8e 248->250 251 3f4c77-3f4c81 248->251 249->237 252 3f4cb0-3f4cbc call 3f3c7e 249->252 250->233 251->233 251->250 252->237 255 3f4cc2-3f4cd4 call 3f2445 252->255 258 3f4cda-3f4cf7 CertOpenStore 255->258 259 3f4d77-3f4d7a 255->259 258->259 261 3f4cf9-3f4d11 CertAddEncodedCTLToStore 258->261 259->233 260 3f4d7c-3f4d7f call 3f8f35 259->260 260->233 261->259 263 3f4d13-3f4d2b CertAddEncodedCRLToStore 261->263 263->259 264 3f4d2d-3f4d45 CertAddEncodedCertificateToStore 263->264 264->259 265 3f4d47-3f4d63 CertCloseStore CertOpenStore 264->265 265->259 266 3f4d65-3f4d75 CertOpenStore 265->266 266->259
                                    APIs
                                    • CertOpenStore.CRYPT32(0000000A,00000000,?,?), ref: 003F4B92
                                    • CertOpenStore.CRYPT32(0000000A,00000000,?,?), ref: 003F4BC2
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 003F4BDD
                                    • CertOpenStore.CRYPT32(0000000A,00000000,?,?), ref: 003F4BF2
                                    • CertOpenStore.CRYPT32(00000008,00000000,00000000,?), ref: 003F4CA4
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 003F4CF1
                                    • CertAddEncodedCTLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 003F4D09
                                    • CertAddEncodedCRLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 003F4D23
                                    • CertAddEncodedCertificateToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 003F4D3D
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 003F4D49
                                    • CertOpenStore.CRYPT32(00000005,00000000,00000000,?), ref: 003F4D5D
                                    • CertOpenStore.CRYPT32(00000006,00000000,00000000,?), ref: 003F4D73
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertStore$Open$Encoded$Close$Certificate
                                    • String ID:
                                    • API String ID: 2200726460-0
                                    • Opcode ID: b3c2feb993b07586a037315a293ba68efb569aa8f1b1c6b5332833bed88c999c
                                    • Instruction ID: 8d439d07e9bbce9f8906f4d3b53b4b6ae0477d3282a1ddbd2f209ded0eebada2
                                    • Opcode Fuzzy Hash: b3c2feb993b07586a037315a293ba68efb569aa8f1b1c6b5332833bed88c999c
                                    • Instruction Fuzzy Hash: 4351A072800659FBCB23AFA5DD44EBB7ABCFB89744F014615FB08A2131E7318981DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F1DC3, Relevance: 13.6, APIs: 9, Instructions: 91encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 267 3f1dc3-3f1de2 268 3f1e0a-3f1e0e 267->268 269 3f1de4-3f1deb 267->269 270 3f1e3b-3f1e3f 268->270 271 3f1e10-3f1e17 268->271 272 3f1dff-3f1e08 CertEnumCertificatesInStore 269->272 275 3f1e75 270->275 276 3f1e41-3f1e4c 270->276 274 3f1e2f-3f1e39 CertEnumCTLsInStore 271->274 272->268 273 3f1ded-3f1dfc CertAddCertificateContextToStore 272->273 279 3f1e7c-3f1e7e 273->279 280 3f1dfe 273->280 274->270 277 3f1e19-3f1e2a CertAddCRLContextToStore 274->277 275->279 278 3f1e68-3f1e73 CertGetCRLFromStore 276->278 277->279 281 3f1e2c 277->281 278->275 282 3f1e4e-3f1e5f CertAddCRLContextToStore 278->282 283 3f1e87-3f1e8a 279->283 284 3f1e80-3f1e81 CertFreeCertificateContext 279->284 280->272 281->274 282->279 285 3f1e61-3f1e65 282->285 286 3f1e8c-3f1e8f CertFreeCRLContext 283->286 287 3f1e95-3f1e9b 283->287 284->283 285->278 286->287 288 3f1e9d-3f1ea0 CertFreeCRLContext 287->288 289 3f1ea6-3f1eaa 287->289 288->289
                                    APIs
                                    • CertAddCertificateContextToStore.CRYPT32(?,00000000,00000003,00000000), ref: 003F1DF4
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 003F1E02
                                    • CertAddCRLContextToStore.CRYPT32(?,?,00000003,00000000), ref: 003F1E22
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 003F1E32
                                    • CertAddCRLContextToStore.CRYPT32(?,?,00000003,00000000), ref: 003F1E57
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 003F1E6C
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 003F1E81
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F1E8F
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F1EA0
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextStore$Free$CertificateEnum$CertificatesFrom
                                    • String ID:
                                    • API String ID: 121226512-0
                                    • Opcode ID: 14a40a81f6ef16a29631cec6bb37d1967915e94827e2e2aacdf68e377fbd9fb2
                                    • Instruction ID: 42afa8af23a871ac46ad4c18692e56d005b5873790f7dd26ac9b6af7a1e0cf62
                                    • Opcode Fuzzy Hash: 14a40a81f6ef16a29631cec6bb37d1967915e94827e2e2aacdf68e377fbd9fb2
                                    • Instruction Fuzzy Hash: 8C31283590025EFBDB239FA1EC48ABEBF7DEF14750F154065FA11A2060C7B18A90DB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F9087, Relevance: 9.1, APIs: 6, Instructions: 96fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 290 3f9087-3f90a2 291 3f90a8-3f90ad 290->291 292 3f9181 290->292 291->292 293 3f90b3-3f90b6 291->293 294 3f9186-3f918a 292->294 293->292 295 3f90bc-3f90c1 293->295 295->292 296 3f90c7-3f90eb call 3f9349 295->296 299 3f90ed-3f90f5 GetLastError 296->299 300 3f9106-3f9117 GetFileSize 296->300 301 3f90f7-3f90fc 299->301 302 3f9101-3f9104 299->302 300->299 303 3f9119-3f911c 300->303 301->302 304 3f9158-3f915b 302->304 305 3f911e-3f9125 303->305 306 3f9127-3f913a CreateFileMappingA 303->306 307 3f915d-3f9162 304->307 309 3f916e-3f9171 304->309 305->307 306->299 308 3f913c-3f914c MapViewOfFile 306->308 307->309 311 3f9164-3f916b CloseHandle 307->311 308->299 310 3f914e-3f9156 308->310 312 3f917c-3f917f 309->312 313 3f9173-3f9176 FindCloseChangeNotification 309->313 310->304 311->309 312->294 313->312
                                    C-Code - Quality: 85%
                                    			E003F9087(long _a4, void* _a8, void** _a12, void** _a16) {
				long _v8;
				long _v12;
				long _v16;
				void* _t22;
				long _t24;
				signed int _t25;
				void* _t28;
				void* _t31;
				void* _t32;
				void** _t33;
				void** _t38;

				_t22 = _a8;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				if(_t22 == 0) {
					L20:
					return 0x80070057;
				}
				_t33 = _a12;
				if(_t33 == 0 || _a4 == 0) {
					goto L20;
				} else {
					_t38 = _a16;
					if(_t38 == 0) {
						goto L20;
					}
					_push(0);
					_push(0x80);
					_push(3);
					_push(0);
					_push(1);
					_push(0x80000000);
					_push(_a4);
					 *_t33 = 0;
					 *_t22 = 0;
					 *_t38 =  *_t38 | 0xffffffff; // executed
					E003F9349(); // executed
					 *_t38 = _t22;
					if(_t22 != 0xffffffff) {
						_t24 = GetFileSize(_t22,  &_v16);
						_a4 = _t24;
						if(_t24 == 0xffffffff) {
							goto L5;
						}
						if(_v16 == 0) {
							_t31 = CreateFileMappingA( *_t38, 0, 2, 0, 0, 0); // executed
							_v12 = _t31;
							if(_t31 == 0) {
								goto L5;
							}
							_t32 = MapViewOfFile(_t31, 4, 0, 0, _a4); // executed
							if(_t32 == 0) {
								goto L5;
							}
							 *_a8 = _a4;
							 *_t33 = _t32;
							L14:
							if(_v8 == 0) {
								L17:
								if(_v12 != 0) {
									FindCloseChangeNotification(_v12); // executed
								}
								return _v8;
							}
							L15:
							_t28 =  *_t38;
							if(_t28 != 0xffffffff) {
								CloseHandle(_t28);
								 *_t38 =  *_t38 | 0xffffffff;
							}
							goto L17;
						}
						_v8 = 0x80004005;
						goto L15;
					}
					L5:
					_t25 = GetLastError();
					if(_t25 > 0) {
						_t25 = _t25 & 0x0000ffff | 0x80070000;
					}
					_v8 = _t25;
					goto L14;
				}
			}














                                    0x003f908f
                                    0x003f9097
                                    0x003f909a
                                    0x003f909d
                                    0x003f90a2
                                    0x003f9181
                                    0x00000000
                                    0x003f9181
                                    0x003f90a8
                                    0x003f90ad
                                    0x00000000
                                    0x003f90bc
                                    0x003f90bc
                                    0x003f90c1
                                    0x00000000
                                    0x00000000
                                    0x003f90c7
                                    0x003f90c8
                                    0x003f90cd
                                    0x003f90cf
                                    0x003f90d0
                                    0x003f90d2
                                    0x003f90d7
                                    0x003f90da
                                    0x003f90dc
                                    0x003f90de
                                    0x003f90e1
                                    0x003f90e6
                                    0x003f90eb
                                    0x003f910b
                                    0x003f9111
                                    0x003f9117
                                    0x00000000
                                    0x00000000
                                    0x003f911c
                                    0x003f912f
                                    0x003f9135
                                    0x003f913a
                                    0x00000000
                                    0x00000000
                                    0x003f9144
                                    0x003f914c
                                    0x00000000
                                    0x00000000
                                    0x003f9154
                                    0x003f9156
                                    0x003f9158
                                    0x003f915b
                                    0x003f916e
                                    0x003f9171
                                    0x003f9176
                                    0x003f9176
                                    0x00000000
                                    0x003f917c
                                    0x003f915d
                                    0x003f915d
                                    0x003f9162
                                    0x003f9165
                                    0x003f916b
                                    0x003f916b
                                    0x00000000
                                    0x003f9162
                                    0x003f911e
                                    0x00000000
                                    0x003f911e
                                    0x003f90ed
                                    0x003f90ed
                                    0x003f90f5
                                    0x003f90fc
                                    0x003f90fc
                                    0x003f9101
                                    0x00000000
                                    0x003f9101

                                    APIs
                                    • GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 003F90ED
                                    • GetFileSize.KERNEL32(00000000,?,000000FF,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?,?,000000FF), ref: 003F910B
                                    • CreateFileMappingA.KERNEL32 ref: 003F912F
                                    • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,000000FF,?,00000000,?,?,000000FF), ref: 003F9144
                                    • CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 003F9165
                                    • FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 003F9176
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: File$Close$ChangeCreateErrorFindHandleLastMappingNotificationSizeView
                                    • String ID:
                                    • API String ID: 2370202277-0
                                    • Opcode ID: 08a3c491140f76aceac8d49cced865bd6b983965039e354e7e085d50f2fefb82
                                    • Instruction ID: f9f40eb7e7a24c73ddbcbc6b1d4cfc3503f2bc08f32ffdd9cd0399a63dcf50e2
                                    • Opcode Fuzzy Hash: 08a3c491140f76aceac8d49cced865bd6b983965039e354e7e085d50f2fefb82
                                    • Instruction Fuzzy Hash: 09316171900209FFCB329F59DC48FAEBBB9EB81760F25866AF661D62A0D3354940DB10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F255F, Relevance: 7.6, APIs: 5, Instructions: 56encryptionfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 327 3f255f-3f2579 call 3f9087 329 3f257e-3f2580 327->329 330 3f2586-3f259a CertOpenStore 329->330 331 3f2582-3f2584 329->331 333 3f259c-3f25b4 CertAddEncodedCertificateToStore 330->333 334 3f25c0-3f25c3 330->334 332 3f25e1-3f25e2 331->332 333->334 337 3f25b6-3f25be CertCloseStore 333->337 335 3f25ce-3f25d2 334->335 336 3f25c5-3f25c8 UnmapViewOfFile 334->336 338 3f25dd-3f25e0 335->338 339 3f25d4-3f25d7 CloseHandle 335->339 336->335 337->334 338->332 339->338
                                    C-Code - Quality: 37%
                                    			E003F255F(void* __ecx, void* _a4) {
				signed int _v8;
				char _v12;
				void* _t16;
				void* _t22;
				void* _t23;
				void* _t25;

				_v8 = _v8 | 0xffffffff;
				_t16 = E003F9087(_a4,  &_v12,  &_a4,  &_v8); // executed
				if(_t16 == 0) {
					__imp__CertOpenStore(2, 0, 0, 0, 0, _t22, _t25);
					_t23 = _t16;
					if(_t23 != 0) {
						__imp__CertAddEncodedCertificateToStore(_t23,  *0x3fa06c, _a4, _v12, 4, 0);
						if(_t16 == 0) {
							__imp__CertCloseStore(_t23, 0);
							_t23 = 0;
						}
					}
					if(_a4 != 0) {
						UnmapViewOfFile(_a4);
					}
					if(_v8 != 0xffffffff) {
						CloseHandle(_v8);
					}
					return _t23;
				}
				return 0;
			}









                                    0x003f2566
                                    0x003f2579
                                    0x003f2580
                                    0x003f2590
                                    0x003f2596
                                    0x003f259a
                                    0x003f25ac
                                    0x003f25b4
                                    0x003f25b8
                                    0x003f25be
                                    0x003f25be
                                    0x003f25b4
                                    0x003f25c3
                                    0x003f25c8
                                    0x003f25c8
                                    0x003f25d2
                                    0x003f25d7
                                    0x003f25d7
                                    0x00000000
                                    0x003f25e0
                                    0x00000000

                                    APIs
                                      • Part of subcall function 003F9087: GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 003F90ED
                                      • Part of subcall function 003F9087: CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 003F9165
                                      • Part of subcall function 003F9087: FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 003F9176
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000,00000000), ref: 003F2590
                                    • CertAddEncodedCertificateToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 003F25AC
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 003F25B8
                                    • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,000000FF), ref: 003F25C8
                                    • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,000000FF), ref: 003F25D7
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Close$CertStore$Handle$CertificateChangeEncodedErrorFileFindLastNotificationOpenUnmapView
                                    • String ID:
                                    • API String ID: 780097858-0
                                    • Opcode ID: d6db474370c1ce3cf78450cbe47dc34bcfa19927aa124434bae43e5cba7aa02e
                                    • Instruction ID: fac70a2d7d0523cab2da0733c8ddb6b4f1df92c0a1a0972c11169a24f7e07e6d
                                    • Opcode Fuzzy Hash: d6db474370c1ce3cf78450cbe47dc34bcfa19927aa124434bae43e5cba7aa02e
                                    • Instruction Fuzzy Hash: 08012136101119FBCB235B62DD08DFFBE6DEF467A0F114125FA1991060EB308A45D6B0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F25EA, Relevance: 7.6, APIs: 5, Instructions: 56encryptionfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 340 3f25ea-3f260b call 3f9087 343 3f260d-3f260f 340->343 344 3f2611-3f2625 CertOpenStore 340->344 347 3f266c-3f266d 343->347 345 3f264b-3f264e 344->345 346 3f2627-3f263f CertAddEncodedCTLToStore 344->346 349 3f2659-3f265d 345->349 350 3f2650-3f2653 UnmapViewOfFile 345->350 346->345 348 3f2641-3f2649 CertCloseStore 346->348 348->345 351 3f265f-3f2662 CloseHandle 349->351 352 3f2668-3f266b 349->352 350->349 351->352 352->347
                                    C-Code - Quality: 37%
                                    			E003F25EA(void* __ecx, void* _a4) {
				signed int _v8;
				char _v12;
				void* _t16;
				void* _t22;
				void* _t23;
				void* _t25;

				_v8 = _v8 | 0xffffffff;
				_t16 = E003F9087(_a4,  &_v12,  &_a4,  &_v8); // executed
				if(_t16 == 0) {
					__imp__CertOpenStore(2, 0, 0, 0, 0, _t22, _t25);
					_t23 = _t16;
					if(_t23 != 0) {
						__imp__CertAddEncodedCTLToStore(_t23,  *0x3fa06c, _a4, _v12, 4, 0);
						if(_t16 == 0) {
							__imp__CertCloseStore(_t23, 0);
							_t23 = 0;
						}
					}
					if(_a4 != 0) {
						UnmapViewOfFile(_a4);
					}
					if(_v8 != 0xffffffff) {
						CloseHandle(_v8);
					}
					return _t23;
				}
				return 0;
			}









                                    0x003f25f1
                                    0x003f2604
                                    0x003f260b
                                    0x003f261b
                                    0x003f2621
                                    0x003f2625
                                    0x003f2637
                                    0x003f263f
                                    0x003f2643
                                    0x003f2649
                                    0x003f2649
                                    0x003f263f
                                    0x003f264e
                                    0x003f2653
                                    0x003f2653
                                    0x003f265d
                                    0x003f2662
                                    0x003f2662
                                    0x00000000
                                    0x003f266b
                                    0x00000000

                                    APIs
                                      • Part of subcall function 003F9087: GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 003F90ED
                                      • Part of subcall function 003F9087: CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 003F9165
                                      • Part of subcall function 003F9087: FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 003F9176
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000,00000000), ref: 003F261B
                                    • CertAddEncodedCTLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 003F2637
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 003F2643
                                    • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,000000FF), ref: 003F2653
                                    • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,000000FF), ref: 003F2662
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Close$CertStore$Handle$ChangeEncodedErrorFileFindLastNotificationOpenUnmapView
                                    • String ID:
                                    • API String ID: 3658566462-0
                                    • Opcode ID: 439ba050872c3d3c523f563fa5c110ee09ac34b60f01a1b910d055c7fd4cddc8
                                    • Instruction ID: d04e6c6a9f617386dc3fdd29d617c3d8f3e26389bd4e5acda31a467da7fc2179
                                    • Opcode Fuzzy Hash: 439ba050872c3d3c523f563fa5c110ee09ac34b60f01a1b910d055c7fd4cddc8
                                    • Instruction Fuzzy Hash: EB016D36101118FBCB225B62DD08DFF7F2DEF867A0F114121FA09D5060DB708A41EAA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F24D4, Relevance: 7.6, APIs: 5, Instructions: 56encryptionfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 314 3f24d4-3f24f5 call 3f9087 317 3f24fb-3f250f CertOpenStore 314->317 318 3f24f7-3f24f9 314->318 320 3f2535-3f2538 317->320 321 3f2511-3f2529 CertAddEncodedCRLToStore 317->321 319 3f2556-3f2557 318->319 323 3f253a-3f253d UnmapViewOfFile 320->323 324 3f2543-3f2547 320->324 321->320 322 3f252b-3f2533 CertCloseStore 321->322 322->320 323->324 325 3f2549-3f254c CloseHandle 324->325 326 3f2552-3f2555 324->326 325->326 326->319
                                    C-Code - Quality: 37%
                                    			E003F24D4(void* __ecx, void* _a4) {
				signed int _v8;
				char _v12;
				void* _t16;
				void* _t22;
				void* _t23;
				void* _t25;

				_v8 = _v8 | 0xffffffff;
				_t16 = E003F9087(_a4,  &_v12,  &_a4,  &_v8); // executed
				if(_t16 == 0) {
					__imp__CertOpenStore(2, 0, 0, 0, 0, _t22, _t25);
					_t23 = _t16;
					if(_t23 != 0) {
						__imp__CertAddEncodedCRLToStore(_t23,  *0x3fa064, _a4, _v12, 4, 0); // executed
						if(_t16 == 0) {
							__imp__CertCloseStore(_t23, 0);
							_t23 = 0;
						}
					}
					if(_a4 != 0) {
						UnmapViewOfFile(_a4);
					}
					if(_v8 != 0xffffffff) {
						CloseHandle(_v8);
					}
					return _t23;
				}
				return 0;
			}









                                    0x003f24db
                                    0x003f24ee
                                    0x003f24f5
                                    0x003f2505
                                    0x003f250b
                                    0x003f250f
                                    0x003f2521
                                    0x003f2529
                                    0x003f252d
                                    0x003f2533
                                    0x003f2533
                                    0x003f2529
                                    0x003f2538
                                    0x003f253d
                                    0x003f253d
                                    0x003f2547
                                    0x003f254c
                                    0x003f254c
                                    0x00000000
                                    0x003f2555
                                    0x00000000

                                    APIs
                                      • Part of subcall function 003F9087: GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 003F90ED
                                      • Part of subcall function 003F9087: CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 003F9165
                                      • Part of subcall function 003F9087: FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 003F9176
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000,00000000), ref: 003F2505
                                    • CertAddEncodedCRLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 003F2521
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 003F252D
                                    • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,000000FF), ref: 003F253D
                                    • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,000000FF), ref: 003F254C
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Close$CertStore$Handle$ChangeEncodedErrorFileFindLastNotificationOpenUnmapView
                                    • String ID:
                                    • API String ID: 3658566462-0
                                    • Opcode ID: 4ee0e180620092350df1d8735c6f4406dd417dda915e4aa4e8b1341cfd830d5c
                                    • Instruction ID: 9d73241817dca20f3669dc579ba37bce17f0370a18a43e930aebc6061118590a
                                    • Opcode Fuzzy Hash: 4ee0e180620092350df1d8735c6f4406dd417dda915e4aa4e8b1341cfd830d5c
                                    • Instruction Fuzzy Hash: 24011E35101119FBCB225B66ED09DFFBF6DEF867A0F114125F61991060DB308A41D6A0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F8F8E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 353 3f8f8e-3f8fba LoadStringW vwprintf
                                    C-Code - Quality: 100%
                                    			E003F8F8E(struct HINSTANCE__* _a4, int _a8, void _a12) {
				int _t6;

				LoadStringW(_a4, _a8, 0x3facd8,  *0x3fa390);
				_t6 = vwprintf(0x3facd8,  &_a12); // executed
				return _t6;
			}




                                    0x003f8fa6
                                    0x003f8fb1
                                    0x003f8fba

                                    APIs
                                    • LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                    • vwprintf.MSVCRT ref: 003F8FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadStringvwprintf
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 1051060134-2974366063
                                    • Opcode ID: 23c001520f1fc634ed09e3385c868c28c0ef428e3ee387a4e1995943ffa872b2
                                    • Instruction ID: d4f816ca0f08655fdad39ba44c7739bfd2872e889076ed60eaf40c337f933ce2
                                    • Opcode Fuzzy Hash: 23c001520f1fc634ed09e3385c868c28c0ef428e3ee387a4e1995943ffa872b2
                                    • Instruction Fuzzy Hash: B3D05E3B00821CBB8B131F41EC09DEB3F5DEB46370B044022FA1C46220DA32A911D795
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F4DA0, Relevance: 4.6, APIs: 3, Instructions: 113encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 354 3f4da0-3f4db9 355 3f4dbb-3f4dcf call 3f8f8e 354->355 356 3f4dd4-3f4dda 354->356 367 3f4ef4-3f4ef8 355->367 358 3f4e7b-3f4e81 356->358 359 3f4de0-3f4de6 356->359 360 3f4e9a-3f4ead 358->360 361 3f4e83-3f4e98 358->361 359->360 363 3f4dec-3f4df3 359->363 366 3f4eb3-3f4ebd CertOpenStore 360->366 361->366 364 3f4dfe-3f4e21 call 3f4b58 363->364 365 3f4df5-3f4dfc 363->365 368 3f4e37-3f4e48 364->368 377 3f4e23-3f4e2e call 3f1dc3 364->377 365->364 365->368 370 3f4ebf-3f4ed1 call 3f8f8e 366->370 371 3f4ed3-3f4ed7 call 3f1dc3 366->371 375 3f4e4c-3f4e5d CertSaveStore 368->375 376 3f4e4a 368->376 382 3f4ef1 370->382 379 3f4edc 371->379 380 3f4e63-3f4e65 375->380 376->375 377->368 388 3f4e30-3f4e35 377->388 379->380 383 3f4ede 380->383 384 3f4e67 380->384 382->367 386 3f4ee5-3f4ee7 383->386 387 3f4e6c-3f4e79 call 3f8f8e 384->387 386->382 389 3f4ee9-3f4eeb CertCloseStore 386->389 387->386 388->387 389->382
                                    APIs
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 003F4EEB
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertCloseLoadStoreStringvwprintf
                                    • String ID:
                                    • API String ID: 3929983701-0
                                    • Opcode ID: e66f750d9931efb6ece31cca14283299b6e27c0f4146f1ce2a6cc816b9858e3c
                                    • Instruction ID: fe609e89385f2a9017f718bb5109fd77040c539d89eb7acbe49afccf68807bfb
                                    • Opcode Fuzzy Hash: e66f750d9931efb6ece31cca14283299b6e27c0f4146f1ce2a6cc816b9858e3c
                                    • Instruction Fuzzy Hash: 7231CBB2104B08FAEB275B51FD05D7B7EBDF7A0B90F11411AF708520B0DAB14890DB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F8436, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 392 3f8436-3f8468 __wgetmainargs
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: __wgetmainargs
                                    • String ID:
                                    • API String ID: 1709950718-0
                                    • Opcode ID: e1295ed429457bb1df9b5fbc4e33636b09ca4125c12ff17866ba4bc490f2256c
                                    • Instruction ID: 1ab612d0bc7f2dc965c9c1c6963ccc3d5286076aa7f1821bd755766f7bd1eb8d
                                    • Opcode Fuzzy Hash: e1295ed429457bb1df9b5fbc4e33636b09ca4125c12ff17866ba4bc490f2256c
                                    • Instruction Fuzzy Hash: A0D0C9F0646F0CBFC7039B54AC028733B78A608700B839035F70D52161D3E06050CB13
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 003F57BD, Relevance: 59.9, APIs: 2, Strings: 32, Instructions: 441COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 429 3f57bd-3f57cc 430 3f5ccc-3f5ccd 429->430 431 3f57d2-3f57e0 429->431 432 3f57e3-3f57ea 431->432 433 3f57ec 432->433 434 3f57f3-3f5861 printf call 3f8f8e printf call 3f3272 call 3f8f8e call 3f8fc0 432->434 433->434 443 3f5873-3f5882 call 3f32a1 434->443 444 3f5863-3f586e call 3f28a5 434->444 448 3f5888-3f5894 443->448 449 3f5cb7-3f5cc3 443->449 444->443 450 3f58a9-3f58ba 448->450 451 3f5896-3f58a4 call 3f4881 448->451 449->432 452 3f5cc9-3f5ccb 449->452 454 3f58cf-3f58dd 450->454 455 3f58bc-3f58ca call 3f54fa 450->455 451->449 452->430 458 3f58df-3f58ed call 3f530c 454->458 459 3f58f2-3f5900 454->459 455->449 458->449 462 3f591a-3f5928 459->462 463 3f5902-3f5915 call 3f3228 459->463 464 3f593d-3f594b 462->464 465 3f592a-3f5938 call 3f46f7 462->465 463->449 470 3f595d-3f596b 464->470 471 3f594d-3f595b 464->471 465->449 474 3f597d-3f598b 470->474 475 3f596d-3f597b 470->475 473 3f59db-3f59e0 call 3f55e2 471->473 473->449 477 3f599d-3f59ab 474->477 478 3f598d-3f599b 474->478 475->473 480 3f59bd-3f59cb 477->480 481 3f59ad-3f59bb 477->481 478->473 482 3f59cd-3f59d6 480->482 483 3f59e5-3f59f3 480->483 481->473 482->473 484 3f5a08-3f5a16 483->484 485 3f59f5-3f5a03 call 3f2f08 483->485 487 3f5a2b-3f5a39 484->487 488 3f5a18-3f5a26 call 3f45c9 484->488 485->449 491 3f5a4e-3f5a5c 487->491 492 3f5a3b-3f5a49 call 3f4571 487->492 488->449 495 3f5a5e-3f5a6c call 3f2d86 491->495 496 3f5a71-3f5a7f 491->496 492->449 495->449 498 3f5a99-3f5aa7 496->498 499 3f5a81-3f5a94 call 3f2c72 496->499 503 3f5abc-3f5aca 498->503 504 3f5aa9-3f5ab7 call 3f516d 498->504 499->449 507 3f5adf-3f5aed 503->507 508 3f5acc-3f5ada call 3f2b61 503->508 504->449 511 3f5aef-3f5afd call 3f2bfa 507->511 512 3f5b02-3f5b10 507->512 508->449 511->449 514 3f5b25-3f5b33 512->514 515 3f5b12-3f5b20 call 3f2a90 512->515 519 3f5b48-3f5b56 514->519 520 3f5b35-3f5b43 call 3f2a6e 514->520 515->449 523 3f5b6b-3f5b79 519->523 524 3f5b58-3f5b66 call 3f44a1 519->524 520->449 527 3f5b8e-3f5b9c 523->527 528 3f5b7b-3f5b89 call 3f2ff4 523->528 524->449 530 3f5b9e-3f5bb1 call 3f3155 527->530 531 3f5bb6-3f5bc4 527->531 528->449 530->449 535 3f5bd9-3f5be7 531->535 536 3f5bc6-3f5bd4 531->536 539 3f5bfc-3f5c0a 535->539 540 3f5be9-3f5bf7 535->540 538 3f5c9a-3f5c9f call 3f30d1 536->538 538->449 542 3f5c1c-3f5c2a 539->542 543 3f5c0c-3f5c1a 539->543 540->538 545 3f5c3c-3f5c4a 542->545 546 3f5c2c-3f5c3a 542->546 543->538 547 3f5c5c-3f5c6a 545->547 548 3f5c4c-3f5c5a 545->548 546->538 549 3f5c7c-3f5c8a 547->549 550 3f5c6c-3f5c7a 547->550 548->538 551 3f5c8c-3f5c95 549->551 552 3f5ca1-3f5ca5 549->552 550->538 551->538 552->449 553 3f5ca7-3f5cb2 call 3f28a5 552->553 553->449
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf
                                    • String ID: $1.2.840.113549.1.9.15$1.3.6.1.4.1.311.10.2$1.3.6.1.4.1.311.2.1.10$1.3.6.1.4.1.311.2.1.26$1.3.6.1.4.1.311.2.1.27$2.16.840.1.113730.1.1$2.16.840.1.113730.1.12$2.16.840.1.113730.1.13$2.16.840.1.113730.1.2$2.16.840.1.113730.1.3$2.16.840.1.113730.1.4$2.16.840.1.113730.1.7$2.16.840.1.113730.1.8$2.5.29.1$2.5.29.10$2.5.29.14$2.5.29.15$2.5.29.17$2.5.29.18$2.5.29.19$2.5.29.2$2.5.29.21$2.5.29.31$2.5.29.32$2.5.29.35$2.5.29.37$2.5.29.4$2.5.29.7$2.5.29.8$2.5.4.3$<NULL>
                                    • API String ID: 3524737521-359703846
                                    • Opcode ID: ef2c418dde3e4827f17a219421b901c14121d08fc041694bb54a7f4895a03583
                                    • Instruction ID: 4cfa0871ff8d54de1a2132425bc10adae9c7efab9fc21384fcb918203f327870
                                    • Opcode Fuzzy Hash: ef2c418dde3e4827f17a219421b901c14121d08fc041694bb54a7f4895a03583
                                    • Instruction Fuzzy Hash: DEE1AD3764820CFBEF179E919D41DB67B63EB44320F29C0A1FB091E5A6D7728C61AB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F5CD6, Relevance: 35.5, APIs: 15, Strings: 5, Instructions: 493encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 37%
                                    			E003F5CD6(void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				char _v28;
				char* _v32;
				void* _v36;
				long* _v40;
				char _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t123;
				void* _t159;
				char* _t171;
				int _t174;
				void* _t179;
				intOrPtr _t188;
				intOrPtr* _t256;
				char* _t257;
				intOrPtr* _t258;
				void* _t261;
				void* _t263;
				void* _t304;
				void* _t305;
				intOrPtr* _t306;
				signed int _t308;
				char* _t309;
				signed int _t311;
				void* _t312;
				void* _t314;
				void* _t315;
				void* _t316;
				void* _t317;

				_t304 = __edx;
				_t123 =  *0x3fa078; // 0x3e25e9e2
				_v8 = _t123 ^ _t311;
				_v40 = _v40 & 0x00000000;
				_t310 = _a4;
				_t256 = 0x14;
				_push(0x1b5c);
				_push( *0x3fa7f8);
				_v36 = _t256;
				E003F8F8E();
				_pop(_t261);
				E003F4254(_t261, _t305,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x34)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x30)), _a8);
				_push(0x1b5d);
				_push( *0x3fa7f8);
				E003F8F8E();
				_pop(_t263);
				E003F4254(_t263, _t305,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x1c)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x18)), _a8);
				E003F8F8E();
				E003F83AA( *((intOrPtr*)(_t310 + 0xc)) + 4);
				printf("\n");
				_t306 = __imp__CertGetCertificateContextProperty;
				 *_t306(_t310, 3,  &_v28,  &_v36,  *0x3fa7f8, 0x1b5e);
				E003F297C("SHA1",  &_v28, _v36);
				_v36 = _t256;
				 *_t306(_t310, 4,  &_v28,  &_v36);
				E003F297C("MD5",  &_v28, _v36);
				CryptAcquireContextA( &_v40, 0, 0, 1, 0);
				if(_v40 != 0) {
					_v36 = _t256;
					__imp__CryptHashPublicKeyInfo(0x8003, 0,  *0x3fa064,  *((intOrPtr*)(_t310 + 0xc)) + 0x38,  &_v28,  &_v36);
					E003F8F8E( *0x3fa7f8, 0x1b5f, _v40);
					E003F297C("MD5",  &_v28, _v36);
					CryptReleaseContext(_v40, 0);
				}
				_v32 = _v32 & 0x00000000;
				 *_t306(_t310, 2, 0,  &_v32);
				if(_v32 == 0) {
					L17:
					E003F8F8E( *0x3fa7f8, 0x1b66, E003F3E22(_t304, _t306,  *((intOrPtr*)(_t310 + 0xc)) + 0x20));
					_t159 = E003F8F8E( *0x3fa7f8, 0x1b67, E003F3E22(_t304, _t306,  *((intOrPtr*)(_t310 + 0xc)) + 0x28));
					_t314 = _t312 + 0x18;
					_t308 = _a8 & 0x00010000;
					if(_t308 != 0) {
						E003F3FFA(_t159, _t310, _a8);
					}
					if(_t308 == 0) {
						L54:
						return E003F86C7(1, _t256, _v8 ^ _t311, _t304, _t308, _t310);
					} else {
						E003F8F8E( *0x3fa7f8, 0x1b68,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)))));
						_t309 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0xc));
						_t315 = _t314 + 0xc;
						if(_t309 == 0) {
							_t309 = "<NULL>";
						}
						_push(0x1b69);
						_push( *0x3fa7f8);
						_push(E003F3272(E003F8F8E(), _t309, 4));
						_push(_t309);
						_t257 = "%s (%S)\n";
						printf(_t257);
						_t316 = _t315 + 0xc;
						_t308 = L"    ";
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x10)) != 0) {
							_push(0x1b6a);
							_push( *0x3fa7f8);
							E003F8F8E();
							E003F28A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x14)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x10)));
						}
						_t171 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x38));
						_v32 = _t171;
						if(_t171 == 0) {
							_v32 = "<NULL>";
						}
						_push(0x1b6b);
						_push( *0x3fa7f8);
						_push(E003F3272(E003F8F8E(), _v32, 3));
						_push(_v32);
						_t174 = printf(_t257);
						_t317 = _t316 + 0xc;
						_v32 = E003F81A9(_t174, _v32, 3);
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x3c)) != 0) {
							_push(0x1b6c);
							_push( *0x3fa7f8);
							E003F8F8E();
							E003F28A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x40)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x3c)));
							if(_v32 == 0x2200) {
								_t259 = E003F82C8( &_v44, 0x27,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x40)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x3c)),  &_v44);
								if(_t219 != 0) {
									E003F8F8E( *0x3fa7f8, 0x1b6d,  *_t259);
									E003F8F8E( *0x3fa7f8, 0x1b6e,  *_t259 << 3);
									_t317 = _t317 + 0x18;
									E003F28A5(_t308, _t259[1],  *_t259);
									_push(0x1b6f);
									E003F8F8E();
									E003F28A5(_t308, _t259[3], _t259[2]);
									E003F8F8E( *0x3fa7f8, 0x1b70,  *0x3fa7f8);
									E003F8F35(E003F28A5(_t308, _t259[5], _t259[4]), _t259);
								}
							}
						}
						E003F8F8E();
						_t179 =  *((intOrPtr*)(_t310 + 0xc)) + 0x38;
						__imp__CertGetPublicKeyLength( *0x3fa064, _t179,  *0x3fa7f8, 0x1b71);
						if(_t179 != 0) {
							E003F8F8E( *0x3fa7f8, 0x1b72, _t179);
							_t317 = _t317 + 0xc;
						}
						_t181 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x4c));
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x4c)) != 0) {
							E003F8F8E( *0x3fa7f8, 0x1b73, _t181);
							_t317 = _t317 + 0xc;
						}
						printf("\n");
						_t183 =  *((intOrPtr*)(_t310 + 0xc));
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x44)) == 0) {
							_push(0x1b76);
							_push( *0x3fa7f8);
							E003F8F8E();
							goto L44;
						} else {
							E003F28A5(_t308,  *((intOrPtr*)(_t183 + 0x48)),  *((intOrPtr*)(_t183 + 0x44)));
							if(_v32 == 0x2400 || _v32 == 0xa400) {
								_push(0x1b74);
								_push( *0x3fa7f8);
								E003F8F8E();
								_t258 = E003F82C8( &_v32, 0x13,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x44)),  &_v32);
								if(_t258 == 0) {
									goto L44;
								}
								_push(_v32);
								_push(_t258);
								goto L40;
							} else {
								if(_v32 != 0x2200) {
									L44:
									_push(_a8);
									E003F40DE( *((intOrPtr*)(_t310 + 4)),  *((intOrPtr*)(_t310 + 8)));
									_t256 = 0;
									if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x50)) != 0) {
										_push(0x1b77);
										_push( *0x3fa7f8);
										E003F8F8E();
										_t199 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x58));
										if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x58)) != 0) {
											E003F8F8E( *0x3fa7f8, 0x1b73, _t199);
											_t317 = _t317 + 0xc;
										}
										printf("\n");
										E003F28A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x54)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x50)));
									}
									if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x5c)) != _t256) {
										_push(0x1b78);
										_push( *0x3fa7f8);
										E003F8F8E();
										_t192 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x64));
										if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x64)) != _t256) {
											E003F8F8E( *0x3fa7f8, 0x1b73, _t192);
										}
										printf("\n");
										E003F28A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x60)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x5c)));
									}
									_t188 =  *((intOrPtr*)(_t310 + 0xc));
									if( *((intOrPtr*)(_t188 + 0x68)) != _t256) {
										_t310 = _t188;
										E003F57BD( *((intOrPtr*)(_t188 + 0x68)),  *((intOrPtr*)(_t188 + 0x6c)), _a8);
									}
									goto L54;
								}
								_push(0x1b75);
								_push( *0x3fa7f8);
								E003F8F8E();
								_t258 = E003F82C8( &_v44, 0x26,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x44)),  &_v44);
								if(_t258 == 0) {
									goto L44;
								}
								_push( *_t258);
								_push( *((intOrPtr*)(_t258 + 4)));
								L40:
								_push(_t308);
								E003F8F35(E003F28A5(), _t258);
								goto L44;
							}
						}
					}
				}
				_t256 = E003F9241(_v32, 0, 0);
				if(_t256 == 0) {
					goto L17;
				}
				_push( &_v32);
				_push(_t256);
				_push(2);
				_push(_t310);
				if( *_t306() == 0) {
					L16:
					E003F8F35(_t235, _t256);
					goto L17;
				}
				E003F8F8E( *0x3fa7f8, 0x1b60,  *((intOrPtr*)(_t256 + 8)));
				_t238 =  *((intOrPtr*)(_t256 + 4));
				_t312 = _t312 + 0xc;
				if( *((intOrPtr*)(_t256 + 4)) != 0) {
					E003F8F8E( *0x3fa7f8, 0x1b61, _t238);
					_t312 = _t312 + 0xc;
				}
				_t239 =  *((intOrPtr*)(_t256 + 0xc));
				if( *((intOrPtr*)(_t256 + 0xc)) != 0) {
					E003F8F8E( *0x3fa7f8, 0x1b62, _t239);
					_t312 = _t312 + 0xc;
				}
				_t240 =  *_t256;
				if( *_t256 != 0) {
					E003F8F8E( *0x3fa7f8, 0x1b63, _t240);
					_t312 = _t312 + 0xc;
				}
				_t241 =  *((intOrPtr*)(_t256 + 0x10));
				if( *((intOrPtr*)(_t256 + 0x10)) != 0) {
					E003F8F8E( *0x3fa7f8, 0x1bc2, _t241);
					_t312 = _t312 + 0xc;
				}
				_t242 =  *((intOrPtr*)(_t256 + 0x18));
				if( *((intOrPtr*)(_t256 + 0x18)) != 0) {
					E003F8F8E( *0x3fa7f8, 0x1b65, _t242);
					_t312 = _t312 + 0xc;
				}
				_t235 = printf("\n");
				goto L16;
			}


































                                    0x003f5cd6
                                    0x003f5cde
                                    0x003f5ce5
                                    0x003f5ce8
                                    0x003f5cee
                                    0x003f5cf4
                                    0x003f5cf5
                                    0x003f5cfa
                                    0x003f5d00
                                    0x003f5d03
                                    0x003f5d0c
                                    0x003f5d16
                                    0x003f5d1b
                                    0x003f5d20
                                    0x003f5d26
                                    0x003f5d2f
                                    0x003f5d39
                                    0x003f5d49
                                    0x003f5d57
                                    0x003f5d61
                                    0x003f5d67
                                    0x003f5d79
                                    0x003f5d87
                                    0x003f5d97
                                    0x003f5d9a
                                    0x003f5da8
                                    0x003f5db8
                                    0x003f5dc2
                                    0x003f5dd9
                                    0x003f5de6
                                    0x003f5df7
                                    0x003f5e0a
                                    0x003f5e14
                                    0x003f5e14
                                    0x003f5e1a
                                    0x003f5e27
                                    0x003f5e2e
                                    0x003f5f08
                                    0x003f5f20
                                    0x003f5f40
                                    0x003f5f48
                                    0x003f5f4b
                                    0x003f5f51
                                    0x003f5f57
                                    0x003f5f57
                                    0x003f5f5e
                                    0x003f62ee
                                    0x003f62ff
                                    0x003f5f64
                                    0x003f5f74
                                    0x003f5f7c
                                    0x003f5f7f
                                    0x003f5f84
                                    0x003f5f86
                                    0x003f5f86
                                    0x003f5f8b
                                    0x003f5f90
                                    0x003f5fa5
                                    0x003f5fa6
                                    0x003f5fa7
                                    0x003f5fad
                                    0x003f5fb6
                                    0x003f5fbd
                                    0x003f5fc2
                                    0x003f5fc4
                                    0x003f5fc9
                                    0x003f5fcf
                                    0x003f5fe0
                                    0x003f5fe0
                                    0x003f5fe8
                                    0x003f5feb
                                    0x003f5ff0
                                    0x003f5ff2
                                    0x003f5ff2
                                    0x003f5ff9
                                    0x003f5ffe
                                    0x003f6015
                                    0x003f6016
                                    0x003f601a
                                    0x003f6020
                                    0x003f602d
                                    0x003f6037
                                    0x003f603d
                                    0x003f6042
                                    0x003f6048
                                    0x003f6059
                                    0x003f6065
                                    0x003f607f
                                    0x003f6083
                                    0x003f6099
                                    0x003f60a9
                                    0x003f60ae
                                    0x003f60b7
                                    0x003f60bc
                                    0x003f60c7
                                    0x003f60d5
                                    0x003f60e5
                                    0x003f60f9
                                    0x003f60f9
                                    0x003f6083
                                    0x003f6065
                                    0x003f6109
                                    0x003f6113
                                    0x003f611d
                                    0x003f6125
                                    0x003f6133
                                    0x003f6138
                                    0x003f6138
                                    0x003f613e
                                    0x003f6143
                                    0x003f6151
                                    0x003f6156
                                    0x003f6156
                                    0x003f615e
                                    0x003f6164
                                    0x003f616c
                                    0x003f620e
                                    0x003f6213
                                    0x003f6219
                                    0x00000000
                                    0x003f6172
                                    0x003f6179
                                    0x003f6185
                                    0x003f61dc
                                    0x003f61e1
                                    0x003f61e7
                                    0x003f6202
                                    0x003f6206
                                    0x00000000
                                    0x00000000
                                    0x003f6208
                                    0x003f620b
                                    0x00000000
                                    0x003f6190
                                    0x003f6197
                                    0x003f6220
                                    0x003f6220
                                    0x003f6229
                                    0x003f6231
                                    0x003f6236
                                    0x003f6238
                                    0x003f623d
                                    0x003f6243
                                    0x003f624b
                                    0x003f6252
                                    0x003f6260
                                    0x003f6265
                                    0x003f6265
                                    0x003f626d
                                    0x003f627e
                                    0x003f627e
                                    0x003f6289
                                    0x003f628b
                                    0x003f6290
                                    0x003f6296
                                    0x003f629e
                                    0x003f62a5
                                    0x003f62b3
                                    0x003f62b8
                                    0x003f62c0
                                    0x003f62d1
                                    0x003f62d1
                                    0x003f62d6
                                    0x003f62dc
                                    0x003f62e1
                                    0x003f62e9
                                    0x003f62e9
                                    0x00000000
                                    0x003f62dc
                                    0x003f619d
                                    0x003f61a2
                                    0x003f61a8
                                    0x003f61c3
                                    0x003f61c7
                                    0x00000000
                                    0x00000000
                                    0x003f61c9
                                    0x003f61cb
                                    0x003f61ce
                                    0x003f61ce
                                    0x003f61d5
                                    0x00000000
                                    0x003f61d5
                                    0x003f6185
                                    0x003f616c
                                    0x003f5f5e
                                    0x003f5e3e
                                    0x003f5e42
                                    0x00000000
                                    0x00000000
                                    0x003f5e4b
                                    0x003f5e4c
                                    0x003f5e4d
                                    0x003f5e4f
                                    0x003f5e54
                                    0x003f5f02
                                    0x003f5f03
                                    0x00000000
                                    0x003f5f03
                                    0x003f5e68
                                    0x003f5e6d
                                    0x003f5e70
                                    0x003f5e75
                                    0x003f5e83
                                    0x003f5e88
                                    0x003f5e88
                                    0x003f5e8b
                                    0x003f5e90
                                    0x003f5e9e
                                    0x003f5ea3
                                    0x003f5ea3
                                    0x003f5ea6
                                    0x003f5eaa
                                    0x003f5eb8
                                    0x003f5ebd
                                    0x003f5ebd
                                    0x003f5ec0
                                    0x003f5ec5
                                    0x003f5ed3
                                    0x003f5ed8
                                    0x003f5ed8
                                    0x003f5edb
                                    0x003f5ee0
                                    0x003f5eee
                                    0x003f5ef3
                                    0x003f5ef3
                                    0x003f5efb
                                    0x00000000

                                    APIs
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                      • Part of subcall function 003F4254: printf.MSVCRT ref: 003F42F5
                                      • Part of subcall function 003F4254: printf.MSVCRT ref: 003F4324
                                      • Part of subcall function 003F4254: CertRDNValueToStrA.CRYPT32(?,?,00000000,00000000), ref: 003F4338
                                      • Part of subcall function 003F4254: CertRDNValueToStrA.CRYPT32(?,?,00000000,?), ref: 003F435E
                                      • Part of subcall function 003F4254: printf.MSVCRT ref: 003F4378
                                      • Part of subcall function 003F4254: CertRDNValueToStrW.CRYPT32(?,?,00000000,00000000), ref: 003F4396
                                    • printf.MSVCRT ref: 003F5D61
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000003,?,?), ref: 003F5D79
                                      • Part of subcall function 003F297C: printf.MSVCRT ref: 003F29B0
                                      • Part of subcall function 003F297C: printf.MSVCRT ref: 003F29F0
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000004,?,?), ref: 003F5D9A
                                      • Part of subcall function 003F297C: printf.MSVCRT ref: 003F29E3
                                    • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,00000000), ref: 003F5DB8
                                    • CryptHashPublicKeyInfo.CRYPT32(00000000,00008003,00000000,?,?,?), ref: 003F5DE6
                                      • Part of subcall function 003F297C: printf.MSVCRT ref: 003F29D2
                                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 003F5E14
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000002,00000000,00000000), ref: 003F5E27
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000002,00000000,00000000), ref: 003F5E50
                                    • printf.MSVCRT ref: 003F5EFB
                                    • printf.MSVCRT ref: 003F5FAD
                                    • CertGetPublicKeyLength.CRYPT32(?,00000003), ref: 003F611D
                                    • printf.MSVCRT ref: 003F615E
                                    • printf.MSVCRT ref: 003F626D
                                    • printf.MSVCRT ref: 003F62C0
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 003F82FF
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 003F832B
                                    • printf.MSVCRT ref: 003F601A
                                      • Part of subcall function 003F28A5: wprintf.MSVCRT ref: 003F28E2
                                      • Part of subcall function 003F28A5: wprintf.MSVCRT ref: 003F2907
                                      • Part of subcall function 003F28A5: wprintf.MSVCRT ref: 003F291E
                                      • Part of subcall function 003F28A5: wprintf.MSVCRT ref: 003F2929
                                      • Part of subcall function 003F28A5: wprintf.MSVCRT ref: 003F2949
                                      • Part of subcall function 003F28A5: wprintf.MSVCRT ref: 003F2963
                                      • Part of subcall function 003F8F35: free.MSVCRT(00000000,?,003F92E1,003F1A8A,?,00000000,?,?,003F1A8A), ref: 003F8F43
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$Cert$Contextwprintf$Crypt$CertificateProperty$Value$DecodeObjectPublic$AcquireHashInfoLengthLoadReleaseStringfreevwprintf
                                    • String ID: $%s (%S)$<NULL>$MD5$SHA1
                                    • API String ID: 110794591-2100278587
                                    • Opcode ID: f39fe9d6f4042327009c02c9562d9cbe87505e5b7d2d7d16c68582e9b67f4db9
                                    • Instruction ID: 8c9807cda6d004c2d864ef9ead07ef949134538cb7ed47bce7221d6bbd7d125e
                                    • Opcode Fuzzy Hash: f39fe9d6f4042327009c02c9562d9cbe87505e5b7d2d7d16c68582e9b67f4db9
                                    • Instruction Fuzzy Hash: 28F1BC71500609FFEB17AF90EC42EBE77BAEB04310F054424F715AA1A2EB72A964DB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F1A5B, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190encryptionstringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 17%
                                    			E003F1A5B(void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char* _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char _v24;
				char* _v28;
				char* _v32;
				intOrPtr _v36;
				char _v40;
				char* _t71;
				char* _t80;
				char _t82;
				char* _t84;
				intOrPtr* _t86;
				signed int _t88;
				char* _t89;
				char* _t90;
				char* _t94;
				intOrPtr* _t96;
				signed int* _t97;
				signed int _t98;
				intOrPtr* _t99;

				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				_v8 = 0;
				if(E003F9279( *0x3fa824,  &_v16) == 0) {
					_t84 = ",";
					if(strtok(_v16, _t84) == 0) {
						L5:
						_push(2);
						_t58 = 0;
						asm("repe cmpsb");
						if(0 != 0) {
							asm("sbb eax, eax");
							asm("sbb eax, 0xffffffff");
						}
						if(_t58 != 0) {
							L27:
							if(_v16 != 0) {
								_t58 = E003F8F35(_t58, _v16);
							}
							_t94 = _v20;
							if(_t94 != 0) {
								_t61 =  *((intOrPtr*)(_t94 + 4));
								if( *((intOrPtr*)(_t94 + 4)) != 0) {
									_t61 = E003F8F35(_t61, _t61);
								}
								_t58 = E003F8F35(_t61, _t94);
							}
							if(_v28 != 0) {
								E003F8F35(_t58, _v28);
							}
							if(_v8 != 0) {
								__imp__CertFreeCertificateContext(_v8);
							}
							return _v32;
						} else {
							L20:
							_t86 = __imp__CertEnumCertificatesInStore;
							_t58 =  *_t86(_a4, 0);
							_v8 = _t58;
							if(_t58 == 0) {
								L26:
								_v32 = 1;
								goto L27;
							}
							_t96 = __imp__CertSetCertificateContextProperty;
							while(1) {
								_push(0);
								_push(0);
								_push(9);
								_push(_v8);
								if( *_t96() == 0) {
									goto L27;
								}
								if(_v12 == 0) {
									L25:
									_t58 =  *_t86(_a4, _v8);
									_v8 = _t58;
									if(_t58 != 0) {
										continue;
									}
									goto L26;
								}
								_v40 = _v24;
								_v36 = _v28;
								_push( &_v40);
								_push(0);
								_push(9);
								_push(_v8);
								if( *_t96() == 0) {
									goto L27;
								}
								goto L25;
							}
							goto L27;
						}
					} else {
						goto L3;
					}
					do {
						L3:
						_v12 =  &(_v12[1]);
					} while (strtok(0, _t84) != 0);
					if(_v12 != 0) {
						_t97 = E003F9241(8, 0, 0);
						_v20 = _t97;
						if(_t97 == 0) {
							goto L27;
						}
						_t58 = 0;
						asm("stosd");
						asm("stosd");
						_t88 = _v12;
						if(_t88 <= 0x1fffffff) {
							 *_t97 = _t88;
							_t58 = E003F9241(_t88 << 2, 0, 0);
							_t97[1] = 0;
							if(0 == 0) {
								goto L27;
							}
							_t80 = _v16;
							_t98 = 0;
							if(_t88 <= 0) {
								L17:
								_t99 = __imp__CryptEncodeObject;
								_push( &_v24);
								_push(0);
								_push(_v20);
								_t89 = "2.5.29.37";
								_push(_t89);
								_push(1);
								if( *_t99() == 0) {
									goto L27;
								}
								_t58 = E003F9241(_v24, 0, 0);
								_v28 = _t58;
								if(_t58 == 0) {
									goto L27;
								}
								_push( &_v24);
								_push(_t58);
								_push(_v20);
								_push(_t89);
								_push(1);
								if( *_t99() == 0) {
									goto L27;
								}
								goto L20;
							} else {
								goto L14;
							}
							do {
								L14:
								 *(_v20[1] + _t98 * 4) = _t80;
								_t71 = _t80;
								_t90 =  &(_t71[1]);
								do {
									_t82 =  *_t71;
									_t71 =  &(_t71[1]);
								} while (_t82 != 0);
								_t98 = _t98 + 1;
								_t80 =  &(_t80[_t71 - _t90 + 1]);
							} while (_t98 < _v12);
							goto L17;
						}
						SetLastError(0x80070057);
						goto L27;
					}
					goto L5;
				}
				return 0;
			}

























                                    0x003f1a70
                                    0x003f1a73
                                    0x003f1a76
                                    0x003f1a79
                                    0x003f1a7c
                                    0x003f1a7f
                                    0x003f1a82
                                    0x003f1a8c
                                    0x003f1a9d
                                    0x003f1aac
                                    0x003f1ac0
                                    0x003f1ac3
                                    0x003f1ac6
                                    0x003f1ac8
                                    0x003f1aca
                                    0x003f1acc
                                    0x003f1ace
                                    0x003f1ace
                                    0x003f1ad3
                                    0x003f1bf4
                                    0x003f1bf7
                                    0x003f1bfc
                                    0x003f1bfc
                                    0x003f1c01
                                    0x003f1c06
                                    0x003f1c08
                                    0x003f1c0d
                                    0x003f1c10
                                    0x003f1c10
                                    0x003f1c16
                                    0x003f1c16
                                    0x003f1c20
                                    0x003f1c25
                                    0x003f1c25
                                    0x003f1c2d
                                    0x003f1c32
                                    0x003f1c32
                                    0x00000000
                                    0x003f1ad9
                                    0x003f1b97
                                    0x003f1b97
                                    0x003f1ba1
                                    0x003f1ba3
                                    0x003f1ba8
                                    0x003f1bed
                                    0x003f1bed
                                    0x00000000
                                    0x003f1bed
                                    0x003f1baa
                                    0x003f1bb0
                                    0x003f1bb0
                                    0x003f1bb1
                                    0x003f1bb2
                                    0x003f1bb4
                                    0x003f1bbb
                                    0x00000000
                                    0x00000000
                                    0x003f1bc0
                                    0x003f1bde
                                    0x003f1be4
                                    0x003f1be6
                                    0x003f1beb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f1beb
                                    0x003f1bc5
                                    0x003f1bcb
                                    0x003f1bd1
                                    0x003f1bd2
                                    0x003f1bd3
                                    0x003f1bd5
                                    0x003f1bdc
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f1bdc
                                    0x00000000
                                    0x003f1bb0
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f1aae
                                    0x003f1aae
                                    0x003f1aae
                                    0x003f1ab7
                                    0x003f1abe
                                    0x003f1ae7
                                    0x003f1ae9
                                    0x003f1aee
                                    0x00000000
                                    0x00000000
                                    0x003f1af4
                                    0x003f1af8
                                    0x003f1af9
                                    0x003f1afa
                                    0x003f1b03
                                    0x003f1b1d
                                    0x003f1b1f
                                    0x003f1b24
                                    0x003f1b29
                                    0x00000000
                                    0x00000000
                                    0x003f1b2f
                                    0x003f1b32
                                    0x003f1b36
                                    0x003f1b59
                                    0x003f1b59
                                    0x003f1b62
                                    0x003f1b63
                                    0x003f1b64
                                    0x003f1b67
                                    0x003f1b6c
                                    0x003f1b6d
                                    0x003f1b73
                                    0x00000000
                                    0x00000000
                                    0x003f1b7a
                                    0x003f1b7f
                                    0x003f1b84
                                    0x00000000
                                    0x00000000
                                    0x003f1b89
                                    0x003f1b8a
                                    0x003f1b8b
                                    0x003f1b8e
                                    0x003f1b8f
                                    0x003f1b95
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f1b38
                                    0x003f1b38
                                    0x003f1b3e
                                    0x003f1b41
                                    0x003f1b43
                                    0x003f1b46
                                    0x003f1b46
                                    0x003f1b48
                                    0x003f1b49
                                    0x003f1b4f
                                    0x003f1b50
                                    0x003f1b54
                                    0x00000000
                                    0x003f1b38
                                    0x003f1b0a
                                    0x00000000
                                    0x003f1b0a
                                    0x00000000
                                    0x003f1abe
                                    0x00000000

                                    APIs
                                    • strtok.MSVCRT ref: 003F1AA6
                                    • strtok.MSVCRT ref: 003F1AB3
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 003F1BA1
                                    • CertSetCertificateContextProperty.CRYPT32(?,00000009,00000000,00000000), ref: 003F1BB7
                                    • CertSetCertificateContextProperty.CRYPT32(?,00000009,00000000,?), ref: 003F1BD8
                                    • CertEnumCertificatesInStore.CRYPT32(?,?), ref: 003F1BE4
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 003F1C32
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$CertificateContext$CertificatesEnumPropertyStorestrtok$Free
                                    • String ID: 2.5.29.37
                                    • API String ID: 2615395459-3842544949
                                    • Opcode ID: e95e447e3ad442bac6164b0ed267a14e7e88d23edb9b1bb8d717d10488fa6a7c
                                    • Instruction ID: c989dbd0c77aef2cfe646f4073264ec593d169da50aaed19e9b7c22c9d7a3757
                                    • Opcode Fuzzy Hash: e95e447e3ad442bac6164b0ed267a14e7e88d23edb9b1bb8d717d10488fa6a7c
                                    • Instruction Fuzzy Hash: 9B515A72D0011EEFCF229FE5AD809BEBBB9EB58340F15446AE611B7150E7319E419B60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F644E, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 205encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 32%
                                    			E003F644E(void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				char* _v24;
				void* __ebx;
				void* __esi;
				char* _t50;
				char* _t58;
				void* _t82;
				int _t84;
				void* _t96;
				void* _t97;
				void* _t110;
				char* _t111;
				char* _t112;
				char* _t113;
				void* _t116;
				intOrPtr* _t117;
				intOrPtr* _t118;
				void* _t119;
				void* _t120;
				void* _t121;

				_t110 = __edx;
				_t111 = 0;
				_v24 = 0;
				_v16 = 0;
				_v8 = 0;
				if(_a4 != 0) {
					_t50 =  &_v16;
					_v12 = 4;
					__imp__CryptMsgGetParam(_a4, 5, 0, _t50,  &_v12);
					__eflags = _t50;
					if(_t50 != 0) {
						__eflags = _v16;
						if(_v16 != 0) {
							_v8 = 0;
							__eflags = _v16;
							if(_v16 <= 0) {
								L24:
								_v24 = 1;
								L25:
								return _v24;
							}
							_t96 = printf;
							while(1) {
								E003F8F8E( *0x3fa7f8, 0x1b8b, _v8 + 1);
								_t120 = _t119 + 0xc;
								_t116 = E003F81D0(_t97, _a4, 6, _v8,  &_v12);
								__eflags = _t116 - _t111;
								if(_t116 != _t111) {
									_t112 =  *((intOrPtr*)(_t116 + 0x14));
									__eflags = _t112;
									if(_t112 == 0) {
										_t112 = "<NULL>";
									}
									_push(0x1c15);
									_push( *0x3fa7f8);
									_push(E003F3272(E003F8F8E(), _t112, 1));
									_push(_t112);
									printf("%s (%S)\n");
									_t121 = _t120 + 0xc;
									__eflags =  *((intOrPtr*)(_t116 + 0x18));
									if( *((intOrPtr*)(_t116 + 0x18)) != 0) {
										_push(0x1c16);
										_push( *0x3fa7f8);
										E003F8F8E();
										E003F28A5(L"    ",  *((intOrPtr*)(_t116 + 0x1c)),  *((intOrPtr*)(_t116 + 0x18)));
									}
									_t113 =  *((intOrPtr*)(_t116 + 0x20));
									__eflags = _t113;
									if(_t113 == 0) {
										_t113 = "<NULL>";
									}
									_push(0x1c17);
									_push( *0x3fa7f8);
									_t82 = E003F8F8E();
									_pop(_t97);
									_push(E003F3272(_t82, _t113, 4));
									_push(_t113);
									_t84 = printf("%s (%S)\n");
									_t120 = _t121 + 0xc;
									__eflags =  *((intOrPtr*)(_t116 + 0x24));
									if( *((intOrPtr*)(_t116 + 0x24)) != 0) {
										_push(0x1c18);
										_push( *0x3fa7f8);
										E003F8F8E();
										_pop(_t97);
										_t84 = E003F28A5(L"    ",  *((intOrPtr*)(_t116 + 0x28)),  *((intOrPtr*)(_t116 + 0x24)));
									}
									E003F8F35(_t84, _t116);
									_t111 = 0;
									__eflags = 0;
								}
								_t58 =  &_v20;
								__imp__CryptMsgGetAndVerifySigner(_a4, _t111, _t111, 4, _t58,  &_v8);
								__eflags = _t58;
								if(__eflags == 0) {
									break;
								}
								E003F8F8E( *0x3fa7f8, 0x1c19, _v8 + 1);
								_t119 = _t120 + 0xc;
								E003F5CD6(_t110, __eflags, _v20, _a8);
								__imp__CertFreeCertificateContext(_v20);
								_t117 = E003F81D0(_t97, _a4, 9, _v8,  &_v12);
								__eflags = _t117 - _t111;
								if(_t117 != _t111) {
									_t75 = _v8 + 1;
									__eflags = _v8 + 1;
									E003F8F8E( *0x3fa7f8, 0x1b8c, _t75);
									_t119 = _t119 + 0xc;
									E003F8F35(E003F560E(_t96, _t110, _t117,  *_t117,  *((intOrPtr*)(_t117 + 4)), _a8), _t117);
								}
								_t118 = E003F81D0(_t97, _a4, 0xa, _v8,  &_v12);
								__eflags = _t118 - _t111;
								if(_t118 != _t111) {
									_t70 = _v8 + 1;
									__eflags = _v8 + 1;
									E003F8F8E( *0x3fa7f8, 0x1b8d, _t70);
									_t119 = _t119 + 0xc;
									E003F8F35(E003F560E(_t96, _t110, _t118,  *_t118,  *((intOrPtr*)(_t118 + 4)), _a8), _t118);
								}
								_v8 = _v8 + 1;
								__eflags = _v8 - _v16;
								if(_v8 < _v16) {
									continue;
								} else {
									goto L24;
								}
							}
							_push(0x17d3);
							_push( *0x3fa7f8);
							E003F8F8E();
							goto L25;
						}
						_push(0x1b8a);
						_push( *0x3fa7f8);
						E003F8F8E();
						return 1;
					}
					_push(0x17d2);
					_push( *0x3fa7f8);
					E003F8F8E();
				}
				return 0;
			}


























                                    0x003f644e
                                    0x003f6457
                                    0x003f6459
                                    0x003f645c
                                    0x003f645f
                                    0x003f6465
                                    0x003f6472
                                    0x003f647c
                                    0x003f6483
                                    0x003f6489
                                    0x003f648b
                                    0x003f64a1
                                    0x003f64a4
                                    0x003f64c2
                                    0x003f64c5
                                    0x003f64c8
                                    0x003f669f
                                    0x003f669f
                                    0x003f66a6
                                    0x00000000
                                    0x003f66aa
                                    0x003f64ce
                                    0x003f64d4
                                    0x003f64e4
                                    0x003f64e9
                                    0x003f64fd
                                    0x003f64ff
                                    0x003f6501
                                    0x003f6507
                                    0x003f650a
                                    0x003f650c
                                    0x003f650e
                                    0x003f650e
                                    0x003f6513
                                    0x003f6518
                                    0x003f652d
                                    0x003f652e
                                    0x003f6534
                                    0x003f6536
                                    0x003f6539
                                    0x003f653d
                                    0x003f653f
                                    0x003f6544
                                    0x003f654a
                                    0x003f655c
                                    0x003f655c
                                    0x003f6561
                                    0x003f6564
                                    0x003f6566
                                    0x003f6568
                                    0x003f6568
                                    0x003f656d
                                    0x003f6572
                                    0x003f6578
                                    0x003f657e
                                    0x003f6587
                                    0x003f6588
                                    0x003f658e
                                    0x003f6590
                                    0x003f6593
                                    0x003f6597
                                    0x003f6599
                                    0x003f659e
                                    0x003f65a4
                                    0x003f65aa
                                    0x003f65b6
                                    0x003f65b6
                                    0x003f65bc
                                    0x003f65c1
                                    0x003f65c1
                                    0x003f65c1
                                    0x003f65c7
                                    0x003f65d2
                                    0x003f65d8
                                    0x003f65da
                                    0x00000000
                                    0x00000000
                                    0x003f65f0
                                    0x003f65f5
                                    0x003f65fe
                                    0x003f6606
                                    0x003f661d
                                    0x003f661f
                                    0x003f6621
                                    0x003f6626
                                    0x003f6626
                                    0x003f6633
                                    0x003f6638
                                    0x003f6649
                                    0x003f6649
                                    0x003f665f
                                    0x003f6661
                                    0x003f6663
                                    0x003f6668
                                    0x003f6668
                                    0x003f6675
                                    0x003f667a
                                    0x003f668b
                                    0x003f668b
                                    0x003f6690
                                    0x003f6696
                                    0x003f6699
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f6699
                                    0x003f66b0
                                    0x003f66b5
                                    0x003f66bb
                                    0x00000000
                                    0x003f66c1
                                    0x003f64a6
                                    0x003f64ab
                                    0x003f64b1
                                    0x00000000
                                    0x003f64ba
                                    0x003f648d
                                    0x003f6492
                                    0x003f6498
                                    0x003f649e
                                    0x00000000

                                    APIs
                                    • CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 003F6483
                                    • printf.MSVCRT ref: 003F6534
                                    • printf.MSVCRT ref: 003F658E
                                    • CryptMsgGetAndVerifySigner.CRYPT32(00000004,00000000,00000000,00000004,?,?), ref: 003F65D2
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cryptprintf$LoadParamSignerStringVerifyvwprintf
                                    • String ID: $%s (%S)$<NULL>
                                    • API String ID: 4044473539-2923719891
                                    • Opcode ID: ebf3b88343992b7cdee1c569df56e079634ffcaa42623e7d4cf897daeed33bb9
                                    • Instruction ID: 7da75de6fd1e18f4a72e4019ccd16378b746964a4fd56aa35e4f5a5515a5d59a
                                    • Opcode Fuzzy Hash: ebf3b88343992b7cdee1c569df56e079634ffcaa42623e7d4cf897daeed33bb9
                                    • Instruction Fuzzy Hash: 9F61927294060CFEDB13AF90ED02DBEBBBAEB44710F110415F715AA0A1DB729A91EB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F3C7E, Relevance: 13.6, APIs: 9, Instructions: 144encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptSIPRetrieveSubjectGuid.CRYPT32(?,00000000,?), ref: 003F3CAE
                                    • CryptSIPLoad.CRYPT32(?,00000000,?), ref: 003F3CD5
                                    • memset.MSVCRT ref: 003F3CEE
                                      • Part of subcall function 003F9241: malloc.MSVCRT ref: 003F924A
                                    • CertOpenStore.CRYPT32(00000005,00000000,00000000,?), ref: 003F3D7E
                                    • CryptMsgOpenToDecode.CRYPT32(00000000,?,00000000,00000000,00000000), ref: 003F3DB0
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 003F3DC1
                                    • CryptMsgUpdate.CRYPT32(00000000,?,?,00000001), ref: 003F3DD5
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 003F3DE1
                                    • CryptMsgClose.CRYPT32 ref: 003F3DF0
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Crypt$CertCloseStore$Open$DecodeGuidLoadRetrieveSubjectUpdatemallocmemset
                                    • String ID:
                                    • API String ID: 2179762507-0
                                    • Opcode ID: 4e2b531ce1d2ca39fe334a2eb7f4a428bf214d33085f48f2ec39ab610e0826d5
                                    • Instruction ID: 39e052b29481614412622fc0ac23d27222dead59a57853832f3f28e0c6a7e618
                                    • Opcode Fuzzy Hash: 4e2b531ce1d2ca39fe334a2eb7f4a428bf214d33085f48f2ec39ab610e0826d5
                                    • Instruction Fuzzy Hash: 3A51E9B190121DABDB129FA5ED45AFFBFBCEF49750F000026F609E2151DB349A45CBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F32A1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptGetOIDFunctionAddress.CRYPT32(?,00000000,?,?), ref: 003F32EF
                                    • wprintf.MSVCRT ref: 003F334F
                                    • CryptFreeOIDFunctionAddress.CRYPT32(?,00000000), ref: 003F336E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: AddressCryptFunction$Freewprintf
                                    • String ID: %s
                                    • API String ID: 1836932162-620797490
                                    • Opcode ID: 7a3d3fd2335952bcfd6191ba71b63df02950e30a23e9ac22f77ee0e28c3a2ea3
                                    • Instruction ID: e83bf1441f96c2b2cd489ce7f40238a0e420e634a6b6061cb52827846d61eab8
                                    • Opcode Fuzzy Hash: 7a3d3fd2335952bcfd6191ba71b63df02950e30a23e9ac22f77ee0e28c3a2ea3
                                    • Instruction Fuzzy Hash: D421F27690022DFFDB228F95ED48DFFBFBDEB44790B14402AB61491120DB318A50DBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F2FF4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptDecodeObject.CRYPT32(2.5.29.21,?,?,00000000,?,?), ref: 003F301C
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    • printf.MSVCRT ref: 003F3097
                                    • printf.MSVCRT ref: 003F30A0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CryptDecodeLoadObjectStringvwprintf
                                    • String ID: 2.5.29.21
                                    • API String ID: 1886321042-359661889
                                    • Opcode ID: fa7476c831aaf488c8ea0160e61655c17c82ec583a89e9a05929698934acae77
                                    • Instruction ID: 9a60aa38c87357ad0ca9db49f3cf0e1cea3976b2a8fe9c4d2334e5abd796905f
                                    • Opcode Fuzzy Hash: fa7476c831aaf488c8ea0160e61655c17c82ec583a89e9a05929698934acae77
                                    • Instruction Fuzzy Hash: 15015BB524820EFAE7235B90FC02EF9776DEB00B54F20806BB713695D0EFB1A705A651
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F17F3, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleA.KERNEL32(00000000,003F7EB0), ref: 003F17F5
                                    • CryptInitOIDFunctionSet.CRYPT32(CryptDllFormatObject,00000000), ref: 003F180E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptFunctionHandleInitModule
                                    • String ID: CryptDllFormatObject
                                    • API String ID: 188214945-3973519293
                                    • Opcode ID: 7b5acaa2d7037a8197ac6df6d7c99f7727ff487882fbac6dba81301ae2880216
                                    • Instruction ID: fd0afeb65d90fa280ff59fbec5c3f7e60b3a3b94de9d650758ce08ddb017ce60
                                    • Opcode Fuzzy Hash: 7b5acaa2d7037a8197ac6df6d7c99f7727ff487882fbac6dba81301ae2880216
                                    • Instruction Fuzzy Hash: 68F08279288716EBE7131B617D05FB27BDDEB14756F050036F709D50A0EA718480EA95
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F2390, Relevance: 6.1, APIs: 4, Instructions: 74encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptStringToBinaryW.CRYPT32(?,?,00000007,00000000,?,00000000,00000000), ref: 003F23BC
                                    • GetLastError.KERNEL32 ref: 003F23C2
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: BinaryCryptErrorLastString
                                    • String ID:
                                    • API String ID: 1279426848-0
                                    • Opcode ID: 6b69429bf5e92a50c81e149b9f2e265a6e565aba9b47905dee0e5cb9e7c2faf8
                                    • Instruction ID: 486cfb743cc9366bb985d9500cb8e5af80e6725057643c68129d925d657406c8
                                    • Opcode Fuzzy Hash: 6b69429bf5e92a50c81e149b9f2e265a6e565aba9b47905dee0e5cb9e7c2faf8
                                    • Instruction Fuzzy Hash: A0214AB254012DFBDB228F56DC44EBB3BADEF55790F614422FA05DA150C2B99E10EAA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F22DB, Relevance: 6.1, APIs: 4, Instructions: 74encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E003F22DB(void* __ecx, char* _a4, int _a8, BYTE** _a12, intOrPtr* _a16) {
				int _v8;
				signed int _t24;
				BYTE* _t29;

				 *_a12 = 0;
				 *_a16 = 0;
				_v8 = 0;
				if(CryptStringToBinaryA(_a4, _a8, 7, 0,  &_v8, 0, 0) != 0) {
					if(_v8 != 0) {
						_t29 = E003F9241(_v8, 0, 0);
						if(_t29 != 0) {
							if(CryptStringToBinaryA(_a4, _a8, 7, _t29,  &_v8, 0, 0) != 0) {
								 *_a12 = _t29;
								 *_a16 = _v8;
								_t24 = 0;
							} else {
								E003F8F35(_t21, _t29);
								_t24 = GetLastError();
								if(_t24 > 0) {
									_t24 = _t24 & 0x0000ffff | 0x80070000;
								}
							}
						} else {
							_t24 = 0x8007000e;
						}
					} else {
						_t24 = 0;
					}
				} else {
					_t24 = GetLastError();
					if(_t24 > 0) {
						_t24 = _t24 & 0x0000ffff | 0x80070000;
					}
				}
				return _t24;
			}






                                    0x003f22ef
                                    0x003f22f5
                                    0x003f2301
                                    0x003f230b
                                    0x003f2326
                                    0x003f2337
                                    0x003f233b
                                    0x003f2357
                                    0x003f237b
                                    0x003f2380
                                    0x003f2382
                                    0x003f2359
                                    0x003f235a
                                    0x003f235f
                                    0x003f2367
                                    0x003f236e
                                    0x003f236e
                                    0x003f2367
                                    0x003f233d
                                    0x003f233d
                                    0x003f233d
                                    0x003f2328
                                    0x003f2328
                                    0x003f2328
                                    0x003f230d
                                    0x003f230d
                                    0x003f2315
                                    0x003f231c
                                    0x003f231c
                                    0x003f2315
                                    0x003f2388

                                    APIs
                                    • CryptStringToBinaryA.CRYPT32(?,?,00000007,00000000,?,00000000,00000000), ref: 003F2307
                                    • GetLastError.KERNEL32 ref: 003F230D
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: BinaryCryptErrorLastString
                                    • String ID:
                                    • API String ID: 1279426848-0
                                    • Opcode ID: ecaf34937b3575c1204242286686fd31c2976bc168ea0268a8b56362a20bd9d8
                                    • Instruction ID: fb63ea80fb63efecf30ea6df8ccd4de3ebe5e4b2167edea7f1ee501ebb7225b9
                                    • Opcode Fuzzy Hash: ecaf34937b3575c1204242286686fd31c2976bc168ea0268a8b56362a20bd9d8
                                    • Instruction Fuzzy Hash: 9F2167B660011EFBCB228F55DD44EBF7BACEF49790F220422FA05DA150C238DE00DAA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F86C7, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 92%
                                    			E003F86C7(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr* _t26;
				void* _t29;

				_t29 = __ecx -  *0x3fa078; // 0x3e25e9e2
				if(_t29 != 0) {
					 *0x3faab8 = __eax;
					 *0x3faab4 = __ecx;
					 *0x3faab0 = __edx;
					 *0x3faaac = __ebx;
					 *0x3faaa8 = __esi;
					 *0x3faaa4 = __edi;
					 *0x3faad0 = ss;
					 *0x3faac4 = cs;
					 *0x3faaa0 = ds;
					 *0x3faa9c = es;
					 *0x3faa98 = fs;
					 *0x3faa94 = gs;
					asm("pushfd");
					_pop( *0x3faac8);
					 *0x3faabc =  *_t26;
					 *0x3faac0 = _v0;
					 *0x3faacc =  &_a4;
					 *0x3faa08 = 0x10001;
					_t11 =  *0x3faac0; // 0x0
					 *0x3fa9c4 = _t11;
					 *0x3fa9b8 = 0xc0000409;
					 *0x3fa9bc = 1;
					_t12 =  *0x3fa078; // 0x3e25e9e2
					_v812 = _t12;
					_t13 =  *0x3fa07c; // 0xc1da161d
					_v808 = _t13;
					SetUnhandledExceptionFilter(0);
					UnhandledExceptionFilter(0x3f1670);
					return TerminateProcess(GetCurrentProcess(), 0xc0000409);
				} else {
					return __eax;
				}
			}












                                    0x003f86c7
                                    0x003f86cd
                                    0x003f8d42
                                    0x003f8d47
                                    0x003f8d4d
                                    0x003f8d53
                                    0x003f8d59
                                    0x003f8d5f
                                    0x003f8d65
                                    0x003f8d6c
                                    0x003f8d73
                                    0x003f8d7a
                                    0x003f8d81
                                    0x003f8d88
                                    0x003f8d8f
                                    0x003f8d90
                                    0x003f8d99
                                    0x003f8da1
                                    0x003f8da9
                                    0x003f8db4
                                    0x003f8dbe
                                    0x003f8dc3
                                    0x003f8dc8
                                    0x003f8dd2
                                    0x003f8ddc
                                    0x003f8de1
                                    0x003f8de7
                                    0x003f8dec
                                    0x003f8df4
                                    0x003f8dff
                                    0x003f8e18
                                    0x003f86cf
                                    0x003f86cf
                                    0x003f86cf

                                    APIs
                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 003F8DF4
                                    • UnhandledExceptionFilter.KERNEL32(003F1670), ref: 003F8DFF
                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 003F8E0A
                                    • TerminateProcess.KERNEL32(00000000), ref: 003F8E11
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                    • String ID:
                                    • API String ID: 3231755760-0
                                    • Opcode ID: 26bebe8ade0229c34308fc4dd091c1ecfdf0953b40ef2dd7de9a8150ece0d781
                                    • Instruction ID: 9e64e1d758642659073a7e8cadfd69b84edadddce423870004dba81af81bd8a8
                                    • Opcode Fuzzy Hash: 26bebe8ade0229c34308fc4dd091c1ecfdf0953b40ef2dd7de9a8150ece0d781
                                    • Instruction Fuzzy Hash: 0E21ABF9815A05DFDB03CF29FA44A657BECBB18349F00405AE50D83B60E774A588CF16
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F2B61, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptDecodeObject.CRYPT32(1.3.6.1.4.1.311.2.1.27,?,?,00000000,?,?), ref: 003F2B8B
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    • printf.MSVCRT ref: 003F2BEA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeLoadObjectStringprintfvwprintf
                                    • String ID: 1.3.6.1.4.1.311.2.1.27
                                    • API String ID: 1959750101-3254324927
                                    • Opcode ID: 5a406082c9502b3d7c1d91ddee88d11a24796d3fdac8b51d4b554324ec05c9c2
                                    • Instruction ID: d56e39c1c41bb37909764e15779a30ada84a288ef1db8eb3b004f4cdeb20cd74
                                    • Opcode Fuzzy Hash: 5a406082c9502b3d7c1d91ddee88d11a24796d3fdac8b51d4b554324ec05c9c2
                                    • Instruction Fuzzy Hash: D0012836544209FAEB176F90FD06EBE77B9EB00715F204016FB11685E0EFB15A94EA81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F2BFA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptDecodeObject.CRYPT32(1.3.6.1.4.1.311.2.1.26,?,?,00000000,?,?), ref: 003F2C22
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    • printf.MSVCRT ref: 003F2C62
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeLoadObjectStringprintfvwprintf
                                    • String ID: 1.3.6.1.4.1.311.2.1.26
                                    • API String ID: 1959750101-3070115369
                                    • Opcode ID: f0d75d874f1ba767e4cc115f0c276d5f941518673ffcabc08e19844044dd3a92
                                    • Instruction ID: 9c558c6c792ebf8877784e58c821b7250c4baa00740f0ada280b7cb519dcd8c0
                                    • Opcode Fuzzy Hash: f0d75d874f1ba767e4cc115f0c276d5f941518673ffcabc08e19844044dd3a92
                                    • Instruction Fuzzy Hash: A4F06D7A100209FEDB176B50FE06EBE3BA9EB00710F108016F715690E0DB719654DA55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F73E5, Relevance: 43.9, APIs: 29, Instructions: 436encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 555 3f73e5-3f7428 556 3f742e-3f7435 555->556 557 3f7915-3f7927 call 3f8f8e 555->557 556->557 559 3f743b-3f7451 CertOpenStore 556->559 563 3f7929-3f792c 557->563 561 3f745f-3f746a 559->561 562 3f7453-3f745a 559->562 565 3f746c-3f7473 561->565 566 3f74d6-3f74dd 561->566 564 3f7900-3f790f call 3f8f8e 562->564 581 3f7910-3f7913 564->581 569 3f751e-3f7525 565->569 570 3f7479-3f74a0 CertFindCertificateInStore 565->570 567 3f74e3-3f74ea 566->567 568 3f75e1-3f75e8 566->568 573 3f7630-3f7642 call 3f2100 567->573 574 3f74f0-3f750c call 3f1cd9 567->574 579 3f75ee-3f75f5 568->579 580 3f76c8-3f76d1 568->580 575 3f7548-3f755b call 3f1fb6 569->575 576 3f7527-3f753a call 3f1fb6 569->576 577 3f74ae-3f74bc CertAddCertificateContextToStore 570->577 578 3f74a2-3f74a9 570->578 607 3f7644-3f764b 573->607 608 3f7650-3f7655 573->608 609 3f75bb-3f75c9 CertAddCRLContextToStore 574->609 610 3f7512-3f7519 574->610 614 3f7569-3f756e 575->614 616 3f755d-3f7564 575->616 613 3f753c-3f7543 576->613 576->614 589 3f74be-3f74c5 577->589 590 3f74ca-3f74d3 CertFreeCertificateContext 577->590 588 3f7818-3f781b 578->588 591 3f75fb-3f7622 CertFindCTLInStore 579->591 592 3f7710-3f7722 call 3f21ed 579->592 583 3f76d7-3f76f3 CertSaveStore 580->583 584 3f7782-3f7789 580->584 581->563 594 3f76f9-3f770b call 3f8f8e 583->594 595 3f7815 583->595 597 3f77bb-3f77bd 584->597 598 3f778b-3f779a CertEnumCertificatesInStore 584->598 599 3f781d-3f7826 CertFreeCertificateContext 588->599 600 3f7842-3f7845 588->600 589->588 590->566 604 3f7624-3f762b 591->604 605 3f76a2-3f76b0 CertAddCRLContextToStore 591->605 632 3f7724-3f772b 592->632 633 3f7730-3f7735 592->633 624 3f786c-3f7877 594->624 595->588 615 3f77bf-3f77c6 597->615 611 3f779c-3f77ae call 3f8f8e 598->611 612 3f77b3-3f77b9 598->612 620 3f7829-3f782b 599->620 622 3f7847-3f784a CertFreeCertificateContext 600->622 623 3f7850-3f7853 600->623 606 3f7837-3f7839 604->606 617 3f76be-3f76c5 CertFreeCRLContext 605->617 618 3f76b2-3f76b9 605->618 606->600 634 3f783b-3f783c CertFreeCRLContext 606->634 607->624 608->607 625 3f7657-3f765a 608->625 635 3f75cb-3f75d2 609->635 636 3f75d7-3f75de CertFreeCRLContext 609->636 610->620 611->600 612->615 613->624 614->613 629 3f7570-3f7573 614->629 627 3f77c8-3f77dc CertGetCRLFromStore 615->627 628 3f77e4-3f77eb 615->628 616->624 617->580 618->606 620->600 631 3f782d-3f7834 CertFreeCRLContext 620->631 622->623 637 3f785e-3f7861 623->637 638 3f7855-3f7858 CertFreeCRLContext 623->638 640 3f789c-3f78a1 624->640 641 3f7879-3f787f 624->641 642 3f765c-3f7661 625->642 643 3f7680 625->643 627->611 645 3f77de-3f77e1 627->645 646 3f77ed-3f77fc CertEnumCTLsInStore 628->646 647 3f7804-3f7806 628->647 648 3f7599 629->648 649 3f7575-3f757a 629->649 631->606 632->624 633->632 650 3f7737-3f773a 633->650 634->600 635->620 636->568 637->624 639 3f7863-3f7866 CertFreeCRLContext 637->639 638->637 639->624 653 3f78c6-3f78cb 640->653 654 3f78a3-3f78a9 640->654 651 3f7898-3f789b free 641->651 652 3f7881-3f7896 CertFreeCertificateContext 641->652 655 3f7663-3f766e CertAddCRLContextToStore 642->655 643->568 656 3f7686-3f7696 call 3f6b9f 643->656 645->628 646->611 657 3f77fe-3f7801 646->657 658 3f780c call 3f9192 647->658 648->566 660 3f759f-3f75af call 3f66c9 648->660 659 3f757c-3f7587 CertAddCertificateContextToStore 649->659 661 3f773c-3f7741 650->661 662 3f7760 650->662 651->640 652->651 652->652 667 3f78cd-3f78d3 653->667 668 3f78f0-3f78fe CertCloseStore 653->668 664 3f78ab-3f78c0 CertFreeCRLContext 654->664 665 3f78c2-3f78c5 free 654->665 655->568 666 3f7674-3f767b 655->666 656->666 681 3f7698-3f76a0 656->681 657->647 670 3f7811-3f7813 658->670 659->566 671 3f758d-3f7594 659->671 660->671 682 3f75b1-3f75b9 660->682 673 3f7743-3f774e CertAddCRLContextToStore 661->673 662->580 663 3f7766-3f7776 call 3f6c6b 662->663 679 3f7754-3f775b 663->679 683 3f7778-3f7780 663->683 664->664 664->665 665->653 666->624 675 3f78ec-3f78ef free 667->675 676 3f78d5-3f78ea CertFreeCRLContext 667->676 668->564 668->581 670->595 670->611 671->624 673->580 673->679 675->668 676->675 676->676 679->624 681->655 682->659 683->673
                                    APIs
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 003F7446
                                    • CertFindCertificateInStore.CRYPT32(?,00000000,00010000,?,00000000), ref: 003F7495
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 003F7820
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F782E
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F783C
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 003F784A
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F7858
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F7866
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 003F7887
                                    • free.MSVCRT(?,00000000), ref: 003F7899
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F78B1
                                    • free.MSVCRT(?,00000000), ref: 003F78C3
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F78DB
                                    • free.MSVCRT(?,00000000), ref: 003F78ED
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextFree$Certificate$free$Store$FindLoadOpenStringvwprintf
                                    • String ID:
                                    • API String ID: 22078982-0
                                    • Opcode ID: b19ff4b39091a5f3c26628f733c990813e7d766e76a40c451fdc562b242dbda5
                                    • Instruction ID: 4f5178cbef8f42ebeebbbf16aff454e81fb3d64de4b2f03149203330360d2f90
                                    • Opcode Fuzzy Hash: b19ff4b39091a5f3c26628f733c990813e7d766e76a40c451fdc562b242dbda5
                                    • Instruction Fuzzy Hash: B2F15970D0824DEFDB239F95ED89DBEBBB9FB44380F20411AE605A6220D7719E80DB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F7934, Relevance: 37.9, APIs: 25, Instructions: 411encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 003F79AA
                                    • CertFindCertificateInStore.CRYPT32(?,00000000,00010000,?,00000000), ref: 003F7A3F
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 003F7D8A
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F7D98
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F7DA6
                                      • Part of subcall function 003F1EB2: CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 003F1EFC
                                      • Part of subcall function 003F1EB2: CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 003F1F30
                                      • Part of subcall function 003F1EB2: CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 003F1F6D
                                      • Part of subcall function 003F1EB2: CertFreeCertificateContext.CRYPT32(?), ref: 003F1F85
                                      • Part of subcall function 003F1EB2: CertFreeCRLContext.CRYPT32(?), ref: 003F1F93
                                      • Part of subcall function 003F1EB2: CertFreeCRLContext.CRYPT32(00000004), ref: 003F1FA4
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 003F7DC7
                                    • free.MSVCRT(?), ref: 003F7DD9
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F7DF1
                                    • free.MSVCRT(?), ref: 003F7E03
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F7E1B
                                    • free.MSVCRT(?), ref: 003F7E2D
                                    • CertCloseStore.CRYPT32(?,00000000), ref: 003F7E3F
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextFree$Store$Certificate$free$Enum$CertificatesCloseFindFromOpen
                                    • String ID:
                                    • API String ID: 3594960610-0
                                    • Opcode ID: c58f936c99f14f5413baeae7b6df4143044e925070f2188c5e678793f430db95
                                    • Instruction ID: f9b6334870c09c8ab706a5ebaefcec8a7df18dc822168d8c1dbb65b0cb65b067
                                    • Opcode Fuzzy Hash: c58f936c99f14f5413baeae7b6df4143044e925070f2188c5e678793f430db95
                                    • Instruction Fuzzy Hash: F9F135B090820DEBDF239F94ED849FEBBB9FF44340F21416AEA05A6220D7755E81DB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F4254, Relevance: 31.7, APIs: 10, Strings: 8, Instructions: 201encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 43%
                                    			E003F4254(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr* _t58;
				intOrPtr* _t68;
				intOrPtr _t79;
				intOrPtr _t81;
				intOrPtr _t83;
				void* _t86;
				intOrPtr _t88;
				int _t92;
				intOrPtr _t94;
				char* _t95;
				unsigned int _t97;
				intOrPtr* _t98;
				intOrPtr* _t99;
				intOrPtr* _t101;
				intOrPtr _t103;
				void* _t112;
				intOrPtr* _t113;
				void* _t114;

				_t94 = 0;
				_t58 = E003F82C8(__ecx, 7, _a4, _a8, 0);
				_v24 = _t58;
				if(_t58 != 0) {
					_t101 =  *((intOrPtr*)(_t58 + 4));
					_a4 = 0;
					_v12 = _t101;
					if( *_t58 <= 0) {
						L30:
						_t112 = 1;
						E003F8F35(_t58, _t58);
						goto L31;
					} else {
						do {
							_t113 =  *((intOrPtr*)(_t101 + 4));
							_a8 = _t94;
							if( *_t101 <= _t94) {
								goto L28;
							}
							_v16 = _a12 & 0x00010000;
							do {
								_t95 =  *_t113;
								if(_t95 == 0) {
									_t95 = "<NULL>";
								}
								if(_v16 != 0) {
									L25:
									_push(E003F3272(0, _t95, 0));
									_push(_t95);
									_push(_a8);
									_push(_a4);
									printf("  [%d,%d] %s (%S) ");
									E003F8F8E( *0x3fa7f8, 0x1baa,  *((intOrPtr*)(_t113 + 4)));
									_t114 = _t114 + 0x20;
									E003F28A5(L"    ",  *((intOrPtr*)(_t113 + 0xc)),  *(_t113 + 8));
								} else {
									_t103 =  *((intOrPtr*)(_t113 + 4));
									if(_t103 == 1 || _t103 == 2) {
										goto L25;
									} else {
										if(_t103 != 0xb) {
											_push( *((intOrPtr*)(_t113 + 0xc)));
											_push(0);
											_push(_t95);
											if(_t103 != 0xc) {
												E003F3272(0);
												_push(_a8);
												_push(_a4);
												_push("  [%d,%d] %s (%S) %s\n");
											} else {
												E003F3272(0);
												_push(_a8);
												_push(_a4);
												_push("  [%d,%d] %s (%S) %S\n");
											}
											printf();
											_t114 = _t114 + 0x18;
											goto L26;
										}
										_push(E003F3272(0, _t95, 0));
										_push(_t95);
										_push(_a8);
										_push(_a4);
										printf("  [%d,%d] %s (%S)");
										_t114 = _t114 + 0x14;
										_t97 =  *(_t113 + 8) >> 2;
										_v8 =  *((intOrPtr*)(_t113 + 0xc));
										while(_t97 > 0) {
											_push( *_v8);
											printf(" 0x%08X");
											_t97 = _t97 - 1;
											_v8 = _v8 + 4;
										}
										printf("\n");
										_t98 = __imp__CertRDNValueToStrA;
										_t79 =  *_t98( *((intOrPtr*)(_t113 + 4)), _t113 + 8, 0, 0);
										_v20 = _t79;
										if(_t79 > 1) {
											_t88 = E003F9241(_t79, 0, 0);
											_v8 = _t88;
											if(_t88 != 0) {
												 *_t98(_t113 + 8, _t88, _v20);
												E003F8F8E( *0x3fa7f8, 0x1bab,  *((intOrPtr*)(_t113 + 4)));
												_push(_v8);
												_t92 = printf("%s\n");
												_t114 = _t114 + 0x10;
												E003F8F35(_t92, _v8);
											}
										}
										_t99 = __imp__CertRDNValueToStrW;
										_t81 =  *_t99( *((intOrPtr*)(_t113 + 4)), _t113 + 8, 0, 0);
										_v20 = _t81;
										if(_t81 > 1) {
											_t83 = E003F9241(_t81 + _t81, 0, 0);
											_v8 = _t83;
											if(_t83 != 0) {
												 *_t99( *((intOrPtr*)(_t113 + 4)), _t113 + 8, _t83, _v20);
												_t86 = E003F8F8E( *0x3fa7f8, 0x1bac, _v8);
												_t114 = _t114 + 0xc;
												E003F8F35(_t86, _v8);
											}
										}
										goto L26;
									}
								}
								L26:
								_a8 = _a8 + 1;
								_t68 = _v12;
								_t113 = _t113 + 0x10;
							} while (_a8 <  *_t68);
							_t101 = _t68;
							_t58 = _v24;
							_t94 = 0;
							L28:
							_a4 = _a4 + 1;
							_t101 = _t101 + 8;
							_v12 = _t101;
						} while (_a4 <  *_t58);
						goto L30;
					}
				} else {
					_t112 = 0;
					L31:
					return _t112;
				}
			}


























                                    0x003f425e
                                    0x003f4269
                                    0x003f426e
                                    0x003f4273
                                    0x003f427c
                                    0x003f427f
                                    0x003f4282
                                    0x003f4287
                                    0x003f448b
                                    0x003f448e
                                    0x003f448f
                                    0x00000000
                                    0x003f428d
                                    0x003f4294
                                    0x003f4294
                                    0x003f4297
                                    0x003f429c
                                    0x00000000
                                    0x00000000
                                    0x003f42aa
                                    0x003f42ad
                                    0x003f42ad
                                    0x003f42b3
                                    0x003f42b5
                                    0x003f42b5
                                    0x003f42bd
                                    0x003f441f
                                    0x003f4426
                                    0x003f4427
                                    0x003f4428
                                    0x003f442b
                                    0x003f4433
                                    0x003f4443
                                    0x003f4448
                                    0x003f4456
                                    0x003f42c3
                                    0x003f42c3
                                    0x003f42c9
                                    0x00000000
                                    0x003f42d8
                                    0x003f42db
                                    0x003f43e8
                                    0x003f43eb
                                    0x003f43ec
                                    0x003f43f0
                                    0x003f4406
                                    0x003f440d
                                    0x003f4410
                                    0x003f4413
                                    0x003f43f2
                                    0x003f43f2
                                    0x003f43f9
                                    0x003f43fc
                                    0x003f43ff
                                    0x003f43ff
                                    0x003f4418
                                    0x003f441a
                                    0x00000000
                                    0x003f441a
                                    0x003f42e8
                                    0x003f42e9
                                    0x003f42ea
                                    0x003f42ed
                                    0x003f42f5
                                    0x003f42fd
                                    0x003f4300
                                    0x003f4303
                                    0x003f431b
                                    0x003f430b
                                    0x003f4312
                                    0x003f4315
                                    0x003f4316
                                    0x003f431a
                                    0x003f4324
                                    0x003f4326
                                    0x003f4338
                                    0x003f433a
                                    0x003f4340
                                    0x003f4347
                                    0x003f434c
                                    0x003f4351
                                    0x003f435e
                                    0x003f436b
                                    0x003f4370
                                    0x003f4378
                                    0x003f437a
                                    0x003f4380
                                    0x003f4380
                                    0x003f4351
                                    0x003f4385
                                    0x003f4396
                                    0x003f4398
                                    0x003f439e
                                    0x003f43ab
                                    0x003f43b0
                                    0x003f43b5
                                    0x003f43c6
                                    0x003f43d6
                                    0x003f43db
                                    0x003f43e1
                                    0x003f43e1
                                    0x003f43b5
                                    0x00000000
                                    0x003f439e
                                    0x003f42c9
                                    0x003f445b
                                    0x003f445b
                                    0x003f445e
                                    0x003f4464
                                    0x003f4467
                                    0x003f446f
                                    0x003f4471
                                    0x003f4474
                                    0x003f4476
                                    0x003f4476
                                    0x003f447c
                                    0x003f447f
                                    0x003f4482
                                    0x00000000
                                    0x003f448a
                                    0x003f4275
                                    0x003f4275
                                    0x003f4494
                                    0x003f4499
                                    0x003f4499

                                    APIs
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 003F82FF
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 003F832B
                                    • printf.MSVCRT ref: 003F42F5
                                    • printf.MSVCRT ref: 003F4324
                                    • CertRDNValueToStrA.CRYPT32(?,?,00000000,00000000), ref: 003F4338
                                    • CertRDNValueToStrA.CRYPT32(?,?,00000000,?), ref: 003F435E
                                    • printf.MSVCRT ref: 003F4378
                                    • CertRDNValueToStrW.CRYPT32(?,?,00000000,00000000), ref: 003F4396
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertValueprintf$CryptDecodeObject
                                    • String ID: $ [%d,%d] %s (%S)$ [%d,%d] %s (%S) $ [%d,%d] %s (%S) %S$ [%d,%d] %s (%S) %s$ 0x%08X$%s$<NULL>
                                    • API String ID: 4228225058-790891399
                                    • Opcode ID: 80411c38a44d0671bdb5dd1181d95ecc5065d8a39814e94063ff927a44d41ba7
                                    • Instruction ID: eb1d48290cd92a3cbfb43b9d4cc256f5e1da25203be8c184a36536a2ce54f3f2
                                    • Opcode Fuzzy Hash: 80411c38a44d0671bdb5dd1181d95ecc5065d8a39814e94063ff927a44d41ba7
                                    • Instruction Fuzzy Hash: BD617D7590020CFFDB12AFA5CC81EBEBBB9EF48300F118429FB15AA161D7719A509B61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F6795, Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 184encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    • printf.MSVCRT ref: 003F67FC
                                    • printf.MSVCRT ref: 003F685D
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,?,00000014), ref: 003F68D4
                                    • CertGetCRLContextProperty.CRYPT32(?,00000004,?,00000014), ref: 003F68F9
                                    • printf.MSVCRT ref: 003F694C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CertContextProperty$LoadStringvwprintf
                                    • String ID: $ [%d] %s$%s $<NULL>$MD5$SHA1
                                    • API String ID: 1489666178-2308969636
                                    • Opcode ID: 03fe753aac273c9135833b6670d7c4feb993a1fd0821fdf0e4fa55df988ea200
                                    • Instruction ID: ec80950ec1335c2a97c7f1c137dbc8c52d0955a7eccef641f36d2510d3d86ea5
                                    • Opcode Fuzzy Hash: 03fe753aac273c9135833b6670d7c4feb993a1fd0821fdf0e4fa55df988ea200
                                    • Instruction Fuzzy Hash: B351CB7250430DEFDB13ABA0ED02EBA77BAFB04310F040419F7156A0A1EB71A9A5DB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F1EB2, Relevance: 18.1, APIs: 12, Instructions: 93encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertDuplicateCertificateContext.CRYPT32(?), ref: 003F1EE3
                                    • CertDeleteCRLFromStore.CRYPT32(00000000), ref: 003F1EEA
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 003F1EFC
                                    • CertDuplicateCRLContext.CRYPT32(?), ref: 003F1F17
                                    • CertDeleteCRLFromStore.CRYPT32(00000000), ref: 003F1F22
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 003F1F30
                                    • CertDuplicateCRLContext.CRYPT32(00000004), ref: 003F1F4F
                                    • CertDeleteCRLFromStore.CRYPT32(00000000), ref: 003F1F5A
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 003F1F6D
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 003F1F85
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F1F93
                                    • CertFreeCRLContext.CRYPT32(00000004), ref: 003F1FA4
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextStore$From$DeleteDuplicateFree$CertificateEnum$Certificates
                                    • String ID:
                                    • API String ID: 3778652152-0
                                    • Opcode ID: 6a38a725665209bf05f9c973f75b7ca7d6246e4b4b281de831a7edae7409e0c2
                                    • Instruction ID: 9f2c518a3c00036ba276953cd8c72446d7813f7345722eb22d6f0ee64ace76b0
                                    • Opcode Fuzzy Hash: 6a38a725665209bf05f9c973f75b7ca7d6246e4b4b281de831a7edae7409e0c2
                                    • Instruction Fuzzy Hash: CE313A71D0424EEBCF139FA5EC489BEBBBDBF44351F258556E601A2020DB758A80DF60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F28A5, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 85COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 93%
                                    			E003F28A5(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t15;
				int _t18;
				signed char _t20;
				intOrPtr _t30;
				void* _t42;
				void* _t43;
				void* _t44;
				intOrPtr _t46;

				if(_a12 == 0) {
					return E003F8F8E( *0x3fa7f8, 0x1b8e, _a4);
				}
				if(__eflags > 0) {
					do {
						_push(_a4);
						wprintf(L"%s");
						_t30 = 0x10;
						__eflags = _a12 - _t30;
						if(_a12 <= _t30) {
							_t30 = _a12;
						}
						_a12 = _a12 - _t30;
						_t42 = 0;
						__eflags = _t30;
						if(_t30 <= 0) {
							L8:
							_t43 = 0x10;
							__eflags = _t30 - _t43;
							if(_t30 >= _t43) {
								L11:
								wprintf(L"    \'");
								_t44 = 0;
								__eflags = _t30;
								if(_t30 <= 0) {
									goto L17;
								} else {
									goto L12;
								}
								do {
									L12:
									_t20 =  *((intOrPtr*)(_t44 + _a8));
									__eflags = _t20 - 0x20;
									if(_t20 < 0x20) {
										L15:
										wprintf(".");
										goto L16;
									}
									__eflags = _t20 - 0x7f;
									if(_t20 > 0x7f) {
										goto L15;
									}
									_push(_t20 & 0x000000ff);
									wprintf(L"%c");
									L16:
									_t44 = _t44 + 1;
									__eflags = _t44 - _t30;
								} while (_t44 < _t30);
								goto L17;
							}
							_t46 = _t43 - _t30;
							__eflags = _t46;
							do {
								wprintf(L"   ");
								_t46 = _t46 - 1;
								__eflags = _t46;
							} while (_t46 != 0);
							goto L11;
						} else {
							do {
								_push( *(_t42 + _a8) & 0x000000ff);
								wprintf(L" %02X");
								_t42 = _t42 + 1;
								__eflags = _t42 - _t30;
							} while (_t42 < _t30);
							goto L8;
						}
						L17:
						_a8 = _a8 + _t30;
						_t18 = wprintf(L"\'\n");
						__eflags = _a12;
					} while (_a12 > 0);
					return _t18;
				}
				return _t15;
			}











                                    0x003f28ae
                                    0x00000000
                                    0x003f28c3
                                    0x003f28cb
                                    0x003f28da
                                    0x003f28da
                                    0x003f28e2
                                    0x003f28e8
                                    0x003f28e9
                                    0x003f28ec
                                    0x003f28ee
                                    0x003f28ee
                                    0x003f28f1
                                    0x003f28f4
                                    0x003f28f6
                                    0x003f28f8
                                    0x003f2910
                                    0x003f2912
                                    0x003f2913
                                    0x003f2915
                                    0x003f2924
                                    0x003f2929
                                    0x003f292b
                                    0x003f292e
                                    0x003f2930
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f2932
                                    0x003f2932
                                    0x003f2935
                                    0x003f2938
                                    0x003f293a
                                    0x003f294e
                                    0x003f2953
                                    0x00000000
                                    0x003f2953
                                    0x003f293c
                                    0x003f293e
                                    0x00000000
                                    0x00000000
                                    0x003f2943
                                    0x003f2949
                                    0x003f2955
                                    0x003f2955
                                    0x003f2957
                                    0x003f2957
                                    0x00000000
                                    0x003f2932
                                    0x003f2917
                                    0x003f2917
                                    0x003f2919
                                    0x003f291e
                                    0x003f2920
                                    0x003f2920
                                    0x003f2921
                                    0x00000000
                                    0x003f28fa
                                    0x003f28fa
                                    0x003f2901
                                    0x003f2907
                                    0x003f2909
                                    0x003f290c
                                    0x003f290c
                                    0x00000000
                                    0x003f28fa
                                    0x003f295b
                                    0x003f295b
                                    0x003f2963
                                    0x003f2965
                                    0x003f2969
                                    0x00000000
                                    0x003f2972
                                    0x003f2974

                                    APIs
                                    • wprintf.MSVCRT ref: 003F28E2
                                    • wprintf.MSVCRT ref: 003F2907
                                    • wprintf.MSVCRT ref: 003F291E
                                    • wprintf.MSVCRT ref: 003F2929
                                    • wprintf.MSVCRT ref: 003F2949
                                    • wprintf.MSVCRT ref: 003F2963
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: wprintf$LoadStringvwprintf
                                    • String ID: $ '$ %02X
                                    • API String ID: 2851814717-3839679036
                                    • Opcode ID: 245c9249f09b89ed3fa437c71be5afc00287c7f03016fb676197697a5bda47e9
                                    • Instruction ID: 40e8aa816d016fb3de4e6f59fef33681070b4fce311fccddd6efbb84aa6c9358
                                    • Opcode Fuzzy Hash: 245c9249f09b89ed3fa437c71be5afc00287c7f03016fb676197697a5bda47e9
                                    • Instruction Fuzzy Hash: A721F03BB4031EEED7135EA5AC81EBF7759EB90761F11402BFB504A480CBF149A19AA4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F69E9, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 138encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 20%
                                    			E003F69E9(void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				char _v28;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				char _t83;
				void* _t86;
				void* _t95;
				void* _t96;
				char* _t97;
				intOrPtr _t98;
				signed int _t99;

				_t95 = __edx;
				_t42 =  *0x3fa078; // 0x3e25e9e2
				_v8 = _t42 ^ _t99;
				_t98 = _a4;
				_t83 = 0x14;
				_push(0x1b5d);
				_push( *0x3fa7f8);
				_v32 = _t83;
				E003F8F8E();
				_pop(_t86);
				E003F4254(_t86, _t96,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x14)),  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x10)), _a8);
				E003F8F8E( *0x3fa7f8, 0x1b7d, E003F3E22(_t95, _t96,  *((intOrPtr*)(_t98 + 0xc)) + 0x18));
				E003F8F8E( *0x3fa7f8, 0x1b7e, E003F3E22(_t95, _t96,  *((intOrPtr*)(_t98 + 0xc)) + 0x20));
				_t97 = __imp__CertGetCRLContextProperty;
				 *_t97(_t98, 3,  &_v28,  &_v32);
				E003F297C("SHA1",  &_v28, _v32);
				_v32 = _t83;
				 *_t97(_t98, 4,  &_v28,  &_v32);
				E003F297C("MD5",  &_v28, _v32);
				if((_a8 & 0x00010000) != 0) {
					E003F8F8E( *0x3fa7f8, 0x1b68,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)))));
					_t97 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 4));
					if(_t97 == 0) {
						_t97 = "<NULL>";
					}
					_push(0x1b69);
					_push( *0x3fa7f8);
					E003F8F8E();
					_push(_t97);
					printf("%s \n");
					if( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 8)) != 0) {
						_push(0x1b6a);
						_push( *0x3fa7f8);
						E003F8F8E();
						E003F28A5(L"    ",  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0xc)),  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 8)));
					}
					_t78 =  *((intOrPtr*)(_t98 + 0xc));
					if( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x30)) != 0) {
						E003F57BD( *((intOrPtr*)(_t78 + 0x30)),  *((intOrPtr*)(_t78 + 0x34)), _a8);
					}
				}
				if( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x28)) != 0) {
					_push(0x1b83);
					_push( *0x3fa7f8);
					E003F8F8E();
					E003F6391(_t95,  *((intOrPtr*)(_t98 + 0x28)),  *((intOrPtr*)(_t98 + 0x2c)), _a8);
				} else {
					_push(0x1b82);
					_push( *0x3fa7f8);
					E003F8F8E();
				}
				return E003F86C7(1, 0, _v8 ^ _t99, _t95, _t97, _t98);
			}

















                                    0x003f69e9
                                    0x003f69f1
                                    0x003f69f8
                                    0x003f69fd
                                    0x003f6a03
                                    0x003f6a04
                                    0x003f6a09
                                    0x003f6a0f
                                    0x003f6a12
                                    0x003f6a1b
                                    0x003f6a25
                                    0x003f6a42
                                    0x003f6a62
                                    0x003f6a67
                                    0x003f6a7b
                                    0x003f6a89
                                    0x003f6a99
                                    0x003f6a9c
                                    0x003f6aaa
                                    0x003f6ab8
                                    0x003f6ace
                                    0x003f6ad6
                                    0x003f6ade
                                    0x003f6ae0
                                    0x003f6ae0
                                    0x003f6ae5
                                    0x003f6aea
                                    0x003f6af0
                                    0x003f6af5
                                    0x003f6afb
                                    0x003f6b0a
                                    0x003f6b0c
                                    0x003f6b11
                                    0x003f6b17
                                    0x003f6b2c
                                    0x003f6b2c
                                    0x003f6b31
                                    0x003f6b37
                                    0x003f6b42
                                    0x003f6b42
                                    0x003f6b37
                                    0x003f6b4d
                                    0x003f6b63
                                    0x003f6b68
                                    0x003f6b6e
                                    0x003f6b81
                                    0x003f6b4f
                                    0x003f6b4f
                                    0x003f6b54
                                    0x003f6b5a
                                    0x003f6b60
                                    0x003f6b97

                                    APIs
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                      • Part of subcall function 003F3E22: LoadStringW.USER32(00001C0C,003FA870,00000064), ref: 003F3E62
                                      • Part of subcall function 003F3E22: LoadStringW.USER32(00001B9D,?,00000032), ref: 003F3E8A
                                      • Part of subcall function 003F3E22: LoadStringW.USER32(00001B9E,?,00000032), ref: 003F3EA5
                                      • Part of subcall function 003F3E22: FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003F3EB7
                                      • Part of subcall function 003F3E22: FileTimeToSystemTime.KERNEL32(?,?), ref: 003F3ECB
                                      • Part of subcall function 003F3E22: _wasctime.MSVCRT ref: 003F3F4D
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,?,?), ref: 003F6A7B
                                      • Part of subcall function 003F297C: printf.MSVCRT ref: 003F29B0
                                      • Part of subcall function 003F297C: printf.MSVCRT ref: 003F29F0
                                    • CertGetCRLContextProperty.CRYPT32(?,00000004,?,?), ref: 003F6A9C
                                      • Part of subcall function 003F297C: printf.MSVCRT ref: 003F29E3
                                    • printf.MSVCRT ref: 003F6AFB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadStringTimeprintf$File$CertContextProperty$LocalSystem_wasctimevwprintf
                                    • String ID: $%s $<NULL>$MD5$SHA1
                                    • API String ID: 1904437375-3298317204
                                    • Opcode ID: 83d8fd873e00f0a26ed31317019d1ba6a5669dec34067ee05b0046c3b929be93
                                    • Instruction ID: ce1a0523c286608a0324a6e989c3a144c3278c3066bea1f7c69d4b7dcf298bec
                                    • Opcode Fuzzy Hash: 83d8fd873e00f0a26ed31317019d1ba6a5669dec34067ee05b0046c3b929be93
                                    • Instruction Fuzzy Hash: 39419072900609EFDB13AF94EC42CBAB7BAFF04320B058425F7159B161DB71E955DB81
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F6D37, Relevance: 13.7, APIs: 9, Instructions: 154encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCertificatesInStore.CRYPT32(?,?), ref: 003F6DAD
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 003F6D65
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                      • Part of subcall function 003F5CD6: printf.MSVCRT ref: 003F5D61
                                      • Part of subcall function 003F5CD6: CertGetCertificateContextProperty.CRYPT32(?,00000003,?,?), ref: 003F5D79
                                      • Part of subcall function 003F5CD6: CertGetCertificateContextProperty.CRYPT32(?,00000004,?,?), ref: 003F5D9A
                                      • Part of subcall function 003F5CD6: CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,00000000), ref: 003F5DB8
                                      • Part of subcall function 003F5CD6: CryptHashPublicKeyInfo.CRYPT32(00000000,00008003,00000000,?,?,?), ref: 003F5DE6
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 003F6DE1
                                    • CertEnumCTLsInStore.CRYPT32(?,?), ref: 003F6E29
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 003F6E62
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,?,?), ref: 003F6EAF
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 003F6ED6
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F6EE4
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F6EF5
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextStore$Enum$CertificateFree$CertificatesCryptFromProperty$AcquireHashInfoLoadPublicStringprintfvwprintf
                                    • String ID:
                                    • API String ID: 2852249584-0
                                    • Opcode ID: cbf46e756bb26149d45e0ebcdb1a04b359fae8f9dafe15bb27d07947cec34329
                                    • Instruction ID: 59fd876e578a85fd3bdd3189c9726e5efbdb65a1775a6b7e7d10e384539785fa
                                    • Opcode Fuzzy Hash: cbf46e756bb26149d45e0ebcdb1a04b359fae8f9dafe15bb27d07947cec34329
                                    • Instruction Fuzzy Hash: 79519E7290420DFEDB136BA0ED428BEBFBAFB50744F25406AF215A5070DB720E95EB40
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F1FB6, Relevance: 13.6, APIs: 9, Instructions: 115encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • realloc.MSVCRT ref: 003F2007
                                    • CertDuplicateCertificateContext.CRYPT32(?), ref: 003F201C
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 003F203A
                                    • realloc.MSVCRT ref: 003F2055
                                    • CertDuplicateCertificateContext.CRYPT32(?), ref: 003F2066
                                    • CertFindCertificateInStore.CRYPT32(?,00000000,00080007,?,00000000), ref: 003F208F
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 003F20B4
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 003F20D5
                                    • free.MSVCRT(?), ref: 003F20E3
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Certificate$Context$DuplicateFreeStorerealloc$CertificatesEnumFindfree
                                    • String ID:
                                    • API String ID: 3052196173-0
                                    • Opcode ID: 343f0d2693babffebb183581a6191e8b3ad37e14dcd3f7cfc5fd3ed604c80444
                                    • Instruction ID: a790dc8cd26a4b805c8f69803fe4e5d950ace7ddff6686da53b6b328f7a6046d
                                    • Opcode Fuzzy Hash: 343f0d2693babffebb183581a6191e8b3ad37e14dcd3f7cfc5fd3ed604c80444
                                    • Instruction Fuzzy Hash: 2E412AB650024BEFCB229F54E8848BEBBB5FB44345B25487DFA9197221CB329D90DF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F560E, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 140COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 21%
                                    			E003F560E(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8, signed int _a12) {
				char* _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* __edi;
				intOrPtr _t42;
				char* _t43;
				void* _t57;
				intOrPtr* _t65;
				intOrPtr _t67;
				void* _t72;
				void* _t74;
				void* _t77;
				char _t78;
				intOrPtr* _t83;
				void* _t90;
				void* _t93;

				_t77 = __edx;
				_t78 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_a4 <= 0) {
					L26:
					return _t42;
				} else {
					goto L3;
					L6:
					_v20 = _t78;
					if(_t93 <= 0) {
						L23:
						_v12 = _v12 + 1;
						_t42 = _v12;
						_a8 = _t83 + 0xc;
						if(_t42 < _a4) {
							_t78 = 0;
							L3:
							_t83 = _a8;
							_t43 =  *_t83;
							_t67 =  *((intOrPtr*)(_t83 + 4));
							_t65 =  *((intOrPtr*)(_t83 + 8));
							_v24 = _t67;
							_v8 = _t43;
							if(_t43 == _t78) {
								_v8 = "<NULL>";
							}
							_t93 = _t67 - _t78;
							if(_t93 == 0) {
								goto L20;
							} else {
								goto L6;
							}
						}
						if(_v16 == 0) {
							goto L26;
						}
						return E003F8F35(_t42, _v16);
					} else {
						goto L7;
					}
					do {
						L7:
						_push(_v8);
						_push(_v20);
						_push(_v12);
						printf("  [%d,%d] %s\n");
						_t49 =  *_t65;
						_t90 = _t90 + 0x10;
						if( *_t65 == 0) {
							_push(0x1b90);
							_push( *0x3fa7f8);
							E003F8F8E();
						} else {
							if((_a12 & 0x00010000) != 0) {
								E003F28A5(L"    ",  *((intOrPtr*)(_t65 + 4)), _t49);
							}
							_push(0x15);
							asm("repe cmpsb");
							if(0 == 0) {
								_push(0x1b8f);
								_push( *0x3fa7f8);
								E003F8F8E();
								E003F55AE( *((intOrPtr*)(_t65 + 4)),  *_t65, _a12);
							}
							_push(0x15);
							asm("repe cmpsb");
							if(0 == 0) {
								_push(0x1c13);
								_push( *0x3fa7f8);
								E003F8F8E();
								_pop(_t74);
								E003F4F00(_t74, "1.2.840.113549.1.9.6",  *((intOrPtr*)(_t65 + 4)),  *_t65, _a12);
							}
							_t72 = 0x15;
							asm("repe cmpsb");
							if(0 == 0) {
								_t89 = E003F82C8(_t72, 0x11,  *((intOrPtr*)(_t65 + 4)),  *_t65, 0);
								if(_t55 != 0) {
									_t57 = E003F8F8E( *0x3fa7f8, 0x1c14, E003F3E22(_t77, "1.2.840.113549.1.9.5", _t89));
									_t90 = _t90 + 0xc;
									E003F8F35(_t57, _t89);
								}
							}
						}
						_v20 = _v20 + 1;
						_t65 = _t65 + 8;
					} while (_v20 < _v24);
					_t83 = _a8;
					goto L23;
					L20:
					if(E003F8241(_v8,  &_v16) != 0) {
						_v16 = _t78;
					} else {
						_push(_v16);
						E003F8F8E( *0x3fa7f8, 0x1b91, _v12);
						_t90 = _t90 + 0x10;
					}
					goto L23;
				}
			}





















                                    0x003f560e
                                    0x003f5617
                                    0x003f5619
                                    0x003f561c
                                    0x003f5622
                                    0x003f57b5
                                    0x003f57b5
                                    0x003f5628
                                    0x003f562a
                                    0x003f5652
                                    0x003f5652
                                    0x003f5655
                                    0x003f578e
                                    0x003f578e
                                    0x003f5791
                                    0x003f5797
                                    0x003f579d
                                    0x003f562c
                                    0x003f562e
                                    0x003f562e
                                    0x003f5631
                                    0x003f5633
                                    0x003f5636
                                    0x003f5639
                                    0x003f563c
                                    0x003f5641
                                    0x003f5643
                                    0x003f5643
                                    0x003f564a
                                    0x003f564c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f564c
                                    0x003f57a9
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f565b
                                    0x003f565b
                                    0x003f565e
                                    0x003f565f
                                    0x003f5662
                                    0x003f566a
                                    0x003f5670
                                    0x003f5672
                                    0x003f5677
                                    0x003f5737
                                    0x003f573c
                                    0x003f5742
                                    0x003f567d
                                    0x003f5684
                                    0x003f568f
                                    0x003f568f
                                    0x003f5694
                                    0x003f569e
                                    0x003f56a0
                                    0x003f56a2
                                    0x003f56a7
                                    0x003f56ad
                                    0x003f56bc
                                    0x003f56bc
                                    0x003f56c4
                                    0x003f56ce
                                    0x003f56d0
                                    0x003f56d2
                                    0x003f56d7
                                    0x003f56dd
                                    0x003f56e3
                                    0x003f56ec
                                    0x003f56ec
                                    0x003f56fb
                                    0x003f56fe
                                    0x003f5700
                                    0x003f570f
                                    0x003f5713
                                    0x003f5727
                                    0x003f572c
                                    0x003f5730
                                    0x003f5730
                                    0x003f5713
                                    0x003f5700
                                    0x003f5749
                                    0x003f574f
                                    0x003f5752
                                    0x003f575b
                                    0x00000000
                                    0x003f5760
                                    0x003f576e
                                    0x003f578b
                                    0x003f5770
                                    0x003f5770
                                    0x003f5781
                                    0x003f5786
                                    0x003f5786
                                    0x00000000
                                    0x003f576e

                                    APIs
                                    • printf.MSVCRT ref: 003F566A
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadStringprintfvwprintf
                                    • String ID: $ [%d,%d] %s$1.2.840.113549.1.9.5$1.2.840.113549.1.9.6$1.3.6.1.4.1.311.10.2$<NULL>
                                    • API String ID: 3914510563-3034289211
                                    • Opcode ID: cebc7f86994f2f8ad20536f60271cc8929cd93a601576fa6814fad6d59d69291
                                    • Instruction ID: 816efdfccc4780ff57853616739a07b273062301171761d1521819d785cd6959
                                    • Opcode Fuzzy Hash: cebc7f86994f2f8ad20536f60271cc8929cd93a601576fa6814fad6d59d69291
                                    • Instruction Fuzzy Hash: 7B419C36900A0CFFDF13AF80DD418BEBBBAEB44310F254455FB25AE151DB319A90AB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F2C72, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 92COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 24%
                                    			E003F2C72(intOrPtr _a4, signed int _a8, signed int _a12) {
				intOrPtr _v8;
				intOrPtr* _v12;
				void* __ecx;
				intOrPtr* _t29;
				intOrPtr _t39;
				void* _t42;
				void* _t52;
				intOrPtr* _t53;
				intOrPtr* _t56;
				intOrPtr _t58;
				intOrPtr* _t59;
				void* _t60;

				_push(_t42);
				_push(_t42);
				_t29 = E003F82C8(_t42, 0x10, _a8, _a12, 0);
				_t56 = _t29;
				_v12 = _t56;
				if(_t56 != 0) {
					_t39 =  *_t56;
					_t53 =  *((intOrPtr*)(_t56 + 4));
					_v8 = _t39;
					_t30 = E003F8F8E( *0x3fa7f8, _a4, _t52);
					if(_t39 == 0) {
						_push(0x1bc1);
						_push( *0x3fa7f8);
						_t30 = E003F8F8E();
					}
					_a8 = _a8 & 0x00000000;
					if(_t39 > 0) {
						do {
							_push( *_t53);
							_t58 =  *((intOrPtr*)(_t53 + 4));
							_push(_a8);
							_a4 = _t58;
							printf("    [%d] %s");
							_t60 = _t60 + 0xc;
							if(_t58 != 0) {
								_push(0x1bda);
								_push( *0x3fa7f8);
								E003F8F8E();
							}
							_a12 = _a12 & 0x00000000;
							_t59 =  *((intOrPtr*)(_t53 + 8));
							if(_a4 > 0) {
								do {
									_push( *_t59);
									_push(_a12);
									printf("      [%d] %s");
									_t60 = _t60 + 0xc;
									if( *((intOrPtr*)(_t59 + 4)) == 0) {
										printf("\n");
									} else {
										_push(0x1bdb);
										_push( *0x3fa7f8);
										E003F8F8E();
										E003F28A5(L"    ",  *((intOrPtr*)(_t59 + 8)),  *((intOrPtr*)(_t59 + 4)));
									}
									_a12 = _a12 + 1;
									_t59 = _t59 + 0xc;
								} while (_a12 < _a4);
							}
							_a8 = _a8 + 1;
							_t30 = _a8;
							_t53 = _t53 + 0xc;
						} while (_a8 < _v8);
						_t56 = _v12;
					}
					_t29 = E003F8F35(_t30, _t56);
				}
				return _t29;
			}















                                    0x003f2c77
                                    0x003f2c78
                                    0x003f2c84
                                    0x003f2c89
                                    0x003f2c8b
                                    0x003f2c90
                                    0x003f2c97
                                    0x003f2c9d
                                    0x003f2ca6
                                    0x003f2ca9
                                    0x003f2cb2
                                    0x003f2cb4
                                    0x003f2cb9
                                    0x003f2cbf
                                    0x003f2cc5
                                    0x003f2cc6
                                    0x003f2ccc
                                    0x003f2cd8
                                    0x003f2cd8
                                    0x003f2cda
                                    0x003f2cdd
                                    0x003f2ce0
                                    0x003f2ce8
                                    0x003f2cea
                                    0x003f2cef
                                    0x003f2cf1
                                    0x003f2cf6
                                    0x003f2cfc
                                    0x003f2d02
                                    0x003f2d03
                                    0x003f2d0b
                                    0x003f2d0e
                                    0x003f2d10
                                    0x003f2d10
                                    0x003f2d12
                                    0x003f2d1a
                                    0x003f2d1c
                                    0x003f2d23
                                    0x003f2d4e
                                    0x003f2d25
                                    0x003f2d25
                                    0x003f2d2a
                                    0x003f2d30
                                    0x003f2d42
                                    0x003f2d42
                                    0x003f2d51
                                    0x003f2d57
                                    0x003f2d5a
                                    0x003f2d10
                                    0x003f2d5f
                                    0x003f2d62
                                    0x003f2d65
                                    0x003f2d68
                                    0x003f2d71
                                    0x003f2d71
                                    0x003f2d75
                                    0x003f2d7b
                                    0x003f2d7e

                                    APIs
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 003F82FF
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 003F832B
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    • printf.MSVCRT ref: 003F2CE8
                                    • printf.MSVCRT ref: 003F2D1A
                                    • printf.MSVCRT ref: 003F2D4E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CryptDecodeObject$LoadStringvwprintf
                                    • String ID: $ [%d] %s$ [%d] %s
                                    • API String ID: 1559741091-2298187835
                                    • Opcode ID: df775bd38d82819df6d240472baba3071f21754551506f73b32d46c346923639
                                    • Instruction ID: c448439b56efb14d6cd6637c437d45e1a9b0dfb6c64308231da14806fa397dd9
                                    • Opcode Fuzzy Hash: df775bd38d82819df6d240472baba3071f21754551506f73b32d46c346923639
                                    • Instruction Fuzzy Hash: 5E319E36500608FFDB16AF40ED42AAE7BB5FB04720F15440AFE241A151CB71A990DB91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F21ED, Relevance: 10.6, APIs: 7, Instructions: 88encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 003F2223
                                    • realloc.MSVCRT ref: 003F223E
                                    • CertDuplicateCRLContext.CRYPT32(?), ref: 003F224F
                                    • CertEnumCTLsInStore.CRYPT32(?,?), ref: 003F226A
                                    • CertFreeCRLContext.CRYPT32(00000000), ref: 003F228C
                                    • CertFreeCRLContext.CRYPT32(00000000), ref: 003F22AE
                                    • free.MSVCRT(?), ref: 003F22BC
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Context$EnumFreeStore$Duplicatefreerealloc
                                    • String ID:
                                    • API String ID: 2405492650-0
                                    • Opcode ID: 3b5b831a241efd48e148e649d2747d3854b8eae38c6f53bc43b82b9ac1c402f9
                                    • Instruction ID: 861b3c2e463a6c4a18fb453de2087065034f7b4cf36538052653be1a24d559d2
                                    • Opcode Fuzzy Hash: 3b5b831a241efd48e148e649d2747d3854b8eae38c6f53bc43b82b9ac1c402f9
                                    • Instruction Fuzzy Hash: 1C317A71400209FFDB628F59D844AAEBBF5FF84361F21886AE95497260D7329E80EF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F3155, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 71%
                                    			E003F3155(void* __ebx, void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _t8;
				intOrPtr _t10;
				int _t11;
				char* _t22;
				void* _t32;
				intOrPtr* _t36;

				_t8 = E003F82C8(__ecx, 0x1a, _a8, _a12, 0);
				_t36 = _t8;
				if(_t36 != 0) {
					E003F8F8E( *0x3fa7f8, _a4, _t32);
					_t10 =  *_t36;
					if(_t10 != 1) {
						if(_t10 == 0) {
							_push(0x1bc1);
							_push( *0x3fa7f8);
							_t11 = E003F8F8E();
							L8:
							L9:
							return E003F8F35(_t11, _t36);
						}
						_t22 = "\n";
						printf(_t22);
						E003F28A5(L"    ",  *(_t36 + 4),  *_t36);
						E003F8F8E( *0x3fa7f8, 0x1b73,  *((intOrPtr*)(_t36 + 8)));
						_t11 = printf(_t22);
						goto L9;
					}
					_push( *( *(_t36 + 4)) & 0x000000ff);
					printf(" %02X");
					_t19 =  *((intOrPtr*)(_t36 + 8));
					if( *((intOrPtr*)(_t36 + 8)) != 0) {
						E003F8F8E( *0x3fa7f8, 0x1b73, _t19);
					}
					_t11 = printf("\n");
					goto L8;
				}
				return _t8;
			}









                                    0x003f3165
                                    0x003f316a
                                    0x003f316e
                                    0x003f317e
                                    0x003f3183
                                    0x003f318a
                                    0x003f31c8
                                    0x003f3205
                                    0x003f320a
                                    0x003f3210
                                    0x003f3216
                                    0x003f3217
                                    0x00000000
                                    0x003f321d
                                    0x003f31d1
                                    0x003f31d7
                                    0x003f31e4
                                    0x003f31f7
                                    0x003f31fd
                                    0x00000000
                                    0x003f3202
                                    0x003f3198
                                    0x003f319e
                                    0x003f31a0
                                    0x003f31a7
                                    0x003f31b5
                                    0x003f31ba
                                    0x003f31c2
                                    0x00000000
                                    0x003f31c2
                                    0x003f3220

                                    APIs
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 003F82FF
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 003F832B
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    • printf.MSVCRT ref: 003F319E
                                    • printf.MSVCRT ref: 003F31C2
                                    • printf.MSVCRT ref: 003F31D7
                                    • printf.MSVCRT ref: 003F31FD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CryptDecodeObject$LoadStringvwprintf
                                    • String ID: $ %02X
                                    • API String ID: 1559741091-2119626176
                                    • Opcode ID: eb562024911b33c1917fd7eeebf7dad48c32e24cd0f2d3fa6953cf9d56358c54
                                    • Instruction ID: af86ad79371aee2794cfe3d99b3a0926f93544a0c9110a1a983b2dfddc185771
                                    • Opcode Fuzzy Hash: eb562024911b33c1917fd7eeebf7dad48c32e24cd0f2d3fa6953cf9d56358c54
                                    • Instruction Fuzzy Hash: CE11223620470CFED7133B91FC02CBA7BAAEB84320B160815F7145A1A1DF32E960AA50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F297C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E003F297C(intOrPtr _a4, signed char* _a8, signed char* _a12) {
				signed char* _t13;
				signed char* _t21;

				E003F8F8E( *0x3fa7f8, 0x1b9c, _a4);
				_t13 = _a12;
				if(_t13 != 0) {
					if(__eflags > 0) {
						do {
							_t21 = 4;
							__eflags = _t13 - _t21;
							if(_t13 <= _t21) {
								_t21 = _t13;
							}
							_t13 = _t13 - _t21;
							while(1) {
								__eflags = _t21;
								if(_t21 <= 0) {
									goto L9;
								}
								_push( *_a8 & 0x000000ff);
								printf("%02X");
								_t21 = _t21 - 1;
								_t4 =  &_a8;
								 *_t4 =  &(_a8[1]);
								__eflags =  *_t4;
							}
							L9:
							printf(" ");
							__eflags = _t13;
						} while (_t13 > 0);
					}
				} else {
					_push("<NULL>");
					printf("%s");
				}
				return printf("\n");
			}





                                    0x003f2991
                                    0x003f2996
                                    0x003f29a4
                                    0x003f29b6
                                    0x003f29b9
                                    0x003f29bb
                                    0x003f29bc
                                    0x003f29be
                                    0x003f29c0
                                    0x003f29c0
                                    0x003f29c2
                                    0x003f29da
                                    0x003f29da
                                    0x003f29dc
                                    0x00000000
                                    0x00000000
                                    0x003f29cc
                                    0x003f29d2
                                    0x003f29d5
                                    0x003f29d6
                                    0x003f29d6
                                    0x003f29d6
                                    0x003f29d9
                                    0x003f29de
                                    0x003f29e3
                                    0x003f29e6
                                    0x003f29e6
                                    0x003f29ea
                                    0x003f29a6
                                    0x003f29a6
                                    0x003f29b0
                                    0x003f29b3
                                    0x003f29f6

                                    APIs
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    • printf.MSVCRT ref: 003F29B0
                                    • printf.MSVCRT ref: 003F29E3
                                    • printf.MSVCRT ref: 003F29F0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$LoadStringvwprintf
                                    • String ID: %02X$<NULL>
                                    • API String ID: 3594943052-3318528641
                                    • Opcode ID: cf8c8040cdc3bd60e0d8316aa95f521dc97985e8304001a5169388d4584e666c
                                    • Instruction ID: 49d6f3f083ce90d040109baad17f88739fefb342676ffff97a30cbbe554ebc92
                                    • Opcode Fuzzy Hash: cf8c8040cdc3bd60e0d8316aa95f521dc97985e8304001a5169388d4584e666c
                                    • Instruction Fuzzy Hash: 2801F93A74474DEA96136B81BC52DBB7B19EB917F1F250037FB140B581DBF268208661
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F900B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 53%
                                    			E003F900B(struct HINSTANCE__* _a4, int _a8, int _a12, int _a16, int _a20) {

				LoadStringW(_a4, _a8, "CertMgr Succeeded",  *0x3fa390);
				LoadStringW(_a4, _a12, 0x3fb4d8,  *0x3fa390);
				LoadStringW(_a4, _a16, 0x3fb0d8,  *0x3fa390);
				LoadStringW(_a4, _a20, 0x3fbcd8,  *0x3fa390);
				_push(0x3fbcd8);
				_push(0x3fb0d8);
				_push(0x3fb4d8);
				return wprintf("CertMgr Succeeded");
			}



                                    0x003f902a
                                    0x003f903d
                                    0x003f9051
                                    0x003f9065
                                    0x003f9067
                                    0x003f9068
                                    0x003f9069
                                    0x003f907f

                                    APIs
                                    • LoadStringW.USER32(0000177F,0000177E,CertMgr Succeeded,?), ref: 003F902A
                                    • LoadStringW.USER32(0000177F,0000177D,003FB4D8), ref: 003F903D
                                    • LoadStringW.USER32(0000177F,003F1936,003FB0D8), ref: 003F9051
                                    • LoadStringW.USER32(0000177F,?,003FBCD8), ref: 003F9065
                                    • wprintf.MSVCRT ref: 003F9073
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString$wprintf
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 698749725-2974366063
                                    • Opcode ID: f2166f4c759275dab958ac235bafefce57924040d2c179a59359ecd30955ea33
                                    • Instruction ID: fc2f2103b6dee012cd30cf711e3d9d0399c171c452ac7a4b0ed8a6e56936bd93
                                    • Opcode Fuzzy Hash: f2166f4c759275dab958ac235bafefce57924040d2c179a59359ecd30955ea33
                                    • Instruction Fuzzy Hash: DAF0C4BA54051CBBCB131F86EC05CBB7F2EEB997A5B044016FA1C15231C7328921EBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F26A9, Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E003F26A9(signed short* _a4, signed int* _a8, intOrPtr* _a12) {
				intOrPtr* _t21;
				intOrPtr* _t22;
				signed int _t28;
				char _t42;
				signed int _t45;
				signed char _t56;
				signed int* _t59;
				void* _t60;
				void* _t61;
				signed int* _t65;
				void* _t66;
				intOrPtr _t72;
				long _t73;
				long _t75;
				signed int _t77;
				signed short* _t80;
				void* _t81;

				if(_a4 == 0) {
					L27:
					return 0x80070057;
				}
				_t59 = _a8;
				if(_t59 == 0) {
					goto L27;
				}
				_t21 = _a12;
				if(_t21 == 0) {
					goto L27;
				}
				 *_t59 = 0;
				 *_t21 = 0;
				_t22 = _a4;
				_t60 = _t22 + 2;
				do {
					_t72 =  *_t22;
					_t22 = _t22 + 2;
				} while (_t72 != 0);
				if(_t22 - _t60 >> 1 == 0x28) {
					_t77 = E003F9241(0x14, 0, 0);
					 *_t59 = _t77;
					if(_t77 == 0) {
						goto L27;
					}
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_a8 = 0;
					_t80 = _a4;
					do {
						_t73 =  *_t80 & 0x0000ffff;
						_t28 = _t73 & 0x0000ffff;
						_t8 = _t28 - 0x30; // -48
						_t61 = _t8;
						if(_t61 > 9 || _t61 < 0) {
							if((towupper(_t73) & 0x0000ffff) - 0x41 < 0 || (towupper( *_t80 & 0x0000ffff) & 0x0000ffff) - 0x41 > 5) {
								goto L24;
							} else {
								_t42 = (towupper( *_t80 & 0x0000ffff) & 0x0000ffff) - 0x37;
								goto L15;
							}
						} else {
							_t42 = _t28 + 0xffffffd0;
							L15:
							_t65 = _a8;
							 *((char*)(_t65 +  *_t59)) = _t42;
							 *( *_t59 + _t65) =  *( *_t59 + _t65) << 4;
							_t75 = _t80[1] & 0x0000ffff;
							_t45 = _t75 & 0x0000ffff;
							_t66 = _t45 - 0x30;
							if(_t66 > 9 || _t66 < 0) {
								if((towupper(_t75) & 0x0000ffff) - 0x41 < 0 || (towupper(_t80[1] & 0x0000ffff) & 0x0000ffff) - 0x41 > 5) {
									L24:
									_t32 =  *_t59;
									_t81 = 0x80070057;
									if( *_t59 != 0) {
										E003F8F35(_t32, _t32);
									}
									 *_t59 =  *_t59 & 0x00000000;
									L23:
									return _t81;
								} else {
									_t56 = (towupper(_t80[1] & 0x0000ffff) & 0x0000ffff) - 0x37;
									goto L21;
								}
							} else {
								_t56 = _t45 + 0xffffffd0;
								goto L21;
							}
						}
						L21:
						 *(_a8 +  *_t59) =  *(_a8 +  *_t59) | _t56;
						_a8 =  &(_a8[0]);
						_t80 =  &(_t80[2]);
					} while (_a8 < 0x14);
					_t81 = 0;
					 *_a12 = 0x14;
					goto L23;
				}
				return 0x80004005;
			}




















                                    0x003f26b6
                                    0x003f27fd
                                    0x00000000
                                    0x003f27fd
                                    0x003f26bc
                                    0x003f26c1
                                    0x00000000
                                    0x00000000
                                    0x003f26c7
                                    0x003f26cc
                                    0x00000000
                                    0x00000000
                                    0x003f26d2
                                    0x003f26d4
                                    0x003f26d6
                                    0x003f26d9
                                    0x003f26dc
                                    0x003f26dc
                                    0x003f26e0
                                    0x003f26e1
                                    0x003f26ed
                                    0x003f2702
                                    0x003f2704
                                    0x003f2708
                                    0x00000000
                                    0x00000000
                                    0x003f2710
                                    0x003f2711
                                    0x003f2712
                                    0x003f2713
                                    0x003f2714
                                    0x003f271b
                                    0x003f271e
                                    0x003f2721
                                    0x003f2721
                                    0x003f2724
                                    0x003f2727
                                    0x003f2727
                                    0x003f272d
                                    0x003f2742
                                    0x00000000
                                    0x003f275e
                                    0x003f2768
                                    0x00000000
                                    0x003f2768
                                    0x003f2733
                                    0x003f2733
                                    0x003f276b
                                    0x003f276d
                                    0x003f2770
                                    0x003f2777
                                    0x003f277a
                                    0x003f277e
                                    0x003f2781
                                    0x003f2787
                                    0x003f279c
                                    0x003f27e7
                                    0x003f27e7
                                    0x003f27e9
                                    0x003f27f0
                                    0x003f27f3
                                    0x003f27f3
                                    0x003f27f8
                                    0x003f27e3
                                    0x00000000
                                    0x003f27b1
                                    0x003f27bc
                                    0x00000000
                                    0x003f27bc
                                    0x003f278d
                                    0x003f278d
                                    0x00000000
                                    0x003f278d
                                    0x003f2787
                                    0x003f27bf
                                    0x003f27c6
                                    0x003f27c8
                                    0x003f27cb
                                    0x003f27ce
                                    0x003f27db
                                    0x003f27dd
                                    0x00000000
                                    0x003f27dd
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: towupper$malloc
                                    • String ID:
                                    • API String ID: 655879201-0
                                    • Opcode ID: 362ca30b8e3122675266ff5415cf499e37b0bc6ebcb55d665bb89ea9240880dd
                                    • Instruction ID: d09f37429ed677a41fe7a3dd1223564dd6b67f2793e48b7f1d7afe2d0b005207
                                    • Opcode Fuzzy Hash: 362ca30b8e3122675266ff5415cf499e37b0bc6ebcb55d665bb89ea9240880dd
                                    • Instruction Fuzzy Hash: B74138751002A9DBDB16AF29CC8093B77E8EF51721B11805AFA91CF296C238CC45EBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F3E22, Relevance: 9.1, APIs: 6, Instructions: 136timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 52%
                                    			E003F3E22(short* __edx, void* __edi, FILETIME* _a4) {
				signed int _v8;
				short _v108;
				short _v208;
				struct _SYSTEMTIME _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				signed int _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				struct _FILETIME _v268;
				void* __ebx;
				void* __esi;
				signed int _t38;
				WCHAR* _t43;
				WCHAR* _t65;
				WCHAR* _t69;
				signed int _t72;
				short _t80;
				short _t82;
				void* _t85;
				short* _t87;
				void* _t88;
				signed int _t91;

				_t88 = __edi;
				_t87 = __edx;
				_t38 =  *0x3fa078; // 0x3e25e9e2
				_v8 = _t38 ^ _t91;
				_t90 = _a4;
				 *0x3fa870 = 0;
				if(_t90->dwLowDateTime != 0 || _t90->dwHighDateTime != 0) {
					_push(_t88);
					if(LoadStringW( *0x3fa7f8, 0x1b9d,  &_v208, 0x32) == 0 || LoadStringW( *0x3fa7f8, 0x1b9e,  &_v108, 0x32) == 0) {
						_t43 = 0x3fa870;
					} else {
						FileTimeToLocalFileTime(_t90,  &_v268);
						if(FileTimeToSystemTime( &_v268,  &_v224) == 0) {
							_push(_t90->dwLowDateTime);
							_t90 = 0x3fa870;
							E003F341A(0x3fa870, 0x64,  &_v208,  *0x003FA874);
						} else {
							_v260 = _v224.wSecond & 0x0000ffff;
							_v256 = _v224.wMinute & 0x0000ffff;
							_v252 = _v224.wHour & 0x0000ffff;
							_v248 = _v224.wDay & 0x0000ffff;
							_v244 = (_v224.wMonth & 0x0000ffff) - 1;
							_v240 = (_v224.wYear & 0x0000ffff) - 0x76c;
							_v236 = _v224.wDayOfWeek & 0x0000ffff;
							_v232 = 0;
							_v228 = 0;
							__imp___wasctime( &_v260);
							_t90 = 0x3fa870;
							E003F3386(0x3fa870, 0x64,  &_v260);
							_t65 = 0x3fa870;
							_t26 =  &(_t65[1]); // 0x3fa872
							_t87 = _t26;
							do {
								_t80 =  *_t65;
								_t65 =  &(_t65[1]);
							} while (_t80 != 0);
							 *((short*)(0x3fa86e + (_t65 - _t87 >> 1) * 2)) = 0;
							if(_v224.wMilliseconds != 0) {
								_t69 = 0x3fa870;
								_t30 =  &(_t69[1]); // 0x3fa872
								_t87 = _t30;
								do {
									_t82 =  *_t69;
									_t69 =  &(_t69[1]);
								} while (_t82 != 0);
								_push(_v224.wMilliseconds & 0x0000ffff);
								_push( &_v108);
								_t72 = _t69 - _t87 >> 1;
								_t85 = 0x64;
								_push(_t85 - _t72);
								_push( &(0x3fa870[_t72]));
								E003F341A();
							}
						}
						_t43 = _t90;
					}
					_pop(_t88);
				} else {
					_t90 = 0x3fa870;
					LoadStringW( *0x3fa7f8, 0x1c0c, 0x3fa870, 0x64);
					_t43 = 0x3fa870;
				}
				return E003F86C7(_t43, 0, _v8 ^ _t91, _t87, _t88, _t90);
			}






























                                    0x003f3e22
                                    0x003f3e22
                                    0x003f3e2d
                                    0x003f3e34
                                    0x003f3e3b
                                    0x003f3e40
                                    0x003f3e48
                                    0x003f3e6f
                                    0x003f3e8e
                                    0x003f3fdf
                                    0x003f3eaf
                                    0x003f3eb7
                                    0x003f3ed3
                                    0x003f3fbf
                                    0x003f3fca
                                    0x003f3fd3
                                    0x003f3ed9
                                    0x003f3ee0
                                    0x003f3eed
                                    0x003f3efa
                                    0x003f3f07
                                    0x003f3f15
                                    0x003f3f27
                                    0x003f3f34
                                    0x003f3f41
                                    0x003f3f47
                                    0x003f3f4d
                                    0x003f3f57
                                    0x003f3f5d
                                    0x003f3f62
                                    0x003f3f64
                                    0x003f3f64
                                    0x003f3f67
                                    0x003f3f67
                                    0x003f3f6b
                                    0x003f3f6c
                                    0x003f3f77
                                    0x003f3f86
                                    0x003f3f88
                                    0x003f3f8a
                                    0x003f3f8a
                                    0x003f3f8d
                                    0x003f3f8d
                                    0x003f3f91
                                    0x003f3f92
                                    0x003f3f9e
                                    0x003f3fa2
                                    0x003f3fa7
                                    0x003f3fa9
                                    0x003f3fac
                                    0x003f3fb4
                                    0x003f3fb5
                                    0x003f3fba
                                    0x003f3f86
                                    0x003f3fdb
                                    0x003f3fdb
                                    0x003f3fe4
                                    0x003f3e4f
                                    0x003f3e51
                                    0x003f3e62
                                    0x003f3e68
                                    0x003f3e68
                                    0x003f3ff2

                                    APIs
                                    • LoadStringW.USER32(00001C0C,003FA870,00000064), ref: 003F3E62
                                    • LoadStringW.USER32(00001B9D,?,00000032), ref: 003F3E8A
                                    • LoadStringW.USER32(00001B9E,?,00000032), ref: 003F3EA5
                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 003F3EB7
                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 003F3ECB
                                    • _wasctime.MSVCRT ref: 003F3F4D
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Time$FileLoadString$LocalSystem_wasctime
                                    • String ID:
                                    • API String ID: 3399651677-0
                                    • Opcode ID: 08e3c7726e54748e497a788357087981fe615d77e4fffcd64551d945dc6e0518
                                    • Instruction ID: c0c8c7116615be309d37f357ee848e87c4281245570fd4c8305faa50d5c9dee9
                                    • Opcode Fuzzy Hash: 08e3c7726e54748e497a788357087981fe615d77e4fffcd64551d945dc6e0518
                                    • Instruction Fuzzy Hash: 7E5161B590022DDADB229F64DC04FF9B7B8EB04700F0144AAFA49E6150E7749F85CB60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F2100, Relevance: 9.1, APIs: 6, Instructions: 89encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • realloc.MSVCRT ref: 003F214C
                                    • CertDuplicateCRLContext.CRYPT32(?), ref: 003F215D
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 003F217C
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F21A1
                                    • CertFreeCRLContext.CRYPT32(00000000), ref: 003F21C2
                                    • free.MSVCRT(?), ref: 003F21D0
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Context$Free$DuplicateFromStorefreerealloc
                                    • String ID:
                                    • API String ID: 420543247-0
                                    • Opcode ID: 9a1fcd70c94195611b37ff8539cd5f103688eba1eda17d7d7c3629cbfe1be57b
                                    • Instruction ID: b42bbb4fda4533099ae27e572905d8f13366b00b40b13dd1e8104ae4c36aa90b
                                    • Opcode Fuzzy Hash: 9a1fcd70c94195611b37ff8539cd5f103688eba1eda17d7d7c3629cbfe1be57b
                                    • Instruction Fuzzy Hash: 5E312876900249EFDB229F94D8848AEBBF9FB44354B22847EEB51A7210C7319E41DF14
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F40DE, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 121COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 003F82FF
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 003F832B
                                    • printf.MSVCRT ref: 003F412D
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeObject$LoadStringprintfvwprintf
                                    • String ID: $%s (%S)$($<NULL>
                                    • API String ID: 3576710509-3389890325
                                    • Opcode ID: 20262a3eb7b2c776971a935d091c9c0b4dbe83ecb011a7489ef83cfc59200994
                                    • Instruction ID: b0a440f1177cbd21c58e5a2448ea4b1ced5209f4f61f6c123c4078f9eeacdd91
                                    • Opcode Fuzzy Hash: 20262a3eb7b2c776971a935d091c9c0b4dbe83ecb011a7489ef83cfc59200994
                                    • Instruction Fuzzy Hash: 0231C472104708FEEB272B90EC46D7B77BAEF04750F004529F315190A2EF76A9949A62
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F3FFA, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCertificateContextProperties.CRYPT32(?,00000000), ref: 003F4008
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000000,00000000,?), ref: 003F404B
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000000,00000000,?), ref: 003F406B
                                    • CertEnumCertificateContextProperties.CRYPT32(?,00000000), ref: 003F40C0
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertCertificateContext$EnumPropertiesProperty$LoadStringvwprintf
                                    • String ID:
                                    • API String ID: 1334782540-399585960
                                    • Opcode ID: 2b97ed073ce8cfdb837836e855f75371378aad1bb9105d2e3aec107b9c29e9a2
                                    • Instruction ID: 52309969956ed0156a8fa61fc56b1dc09aed72c5455c45959db9ba4ac68bab55
                                    • Opcode Fuzzy Hash: 2b97ed073ce8cfdb837836e855f75371378aad1bb9105d2e3aec107b9c29e9a2
                                    • Instruction Fuzzy Hash: 2221C67280021EFEDB237B95DC81CBFBA6EEF00394B010035F71566121DF715E94A6A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F2F08, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 39%
                                    			E003F2F08(void* __ecx, void* __esi, intOrPtr* _a4, char _a8) {
				void* __ebx;
				intOrPtr* _t19;
				char* _t28;
				intOrPtr _t30;
				intOrPtr* _t38;
				intOrPtr* _t40;
				void* _t42;

				_t30 = 0;
				_t19 = E003F82C8(__ecx, 0xb, _a4, _a8, 0);
				_t38 = _t19;
				if(_t38 != 0) {
					_push(0x1beb);
					_push( *0x3fa7f8);
					_t20 = E003F8F8E();
					if( *_t38 == 0) {
						L11:
						if( *((intOrPtr*)(_t38 + 8)) != 0) {
							_push(0x1bed);
							_push( *0x3fa7f8);
							_a8 =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 0xc))));
							E003F8F8E();
							_t20 = E003F2E33(_t30, _a8);
						}
						return E003F8F35(_t20, _t38);
					}
					_t20 = E003F8F8E( *0x3fa7f8, 0x1bec, __esi);
					_t40 =  *((intOrPtr*)(_t38 + 4));
					_a8 = 0;
					if( *_t38 <= 0) {
						L10:
						goto L11;
					} else {
						goto L3;
					}
					do {
						L3:
						_t30 = 0;
						if( *_t40 == 0) {
							_push("<NULL>");
							_push(_a8);
							printf("     [%d,*] %s\n");
							_t42 = _t42 + 0xc;
						}
						_a4 =  *((intOrPtr*)(_t40 + 4));
						if( *_t40 > 0) {
							do {
								_t28 =  *_a4;
								if(_t28 == 0) {
									_t28 = "<NULL>";
								}
								_push(_t28);
								_push(_t30);
								_push(_a8);
								printf("     [%d,%d] %s\n");
								_a4 = _a4 + 4;
								_t42 = _t42 + 0x10;
								_t30 = _t30 + 1;
							} while (_t30 <  *_t40);
						}
						_a8 = _a8 + 1;
						_t20 = _a8;
						_t40 = _t40 + 8;
					} while (_a8 <  *_t38);
					goto L10;
				}
				return _t19;
			}










                                    0x003f2f0f
                                    0x003f2f1a
                                    0x003f2f1f
                                    0x003f2f23
                                    0x003f2f29
                                    0x003f2f2e
                                    0x003f2f34
                                    0x003f2f3d
                                    0x003f2fbb
                                    0x003f2fbf
                                    0x003f2fc6
                                    0x003f2fcb
                                    0x003f2fd1
                                    0x003f2fd4
                                    0x003f2fde
                                    0x003f2fde
                                    0x00000000
                                    0x003f2fe4
                                    0x003f2f4b
                                    0x003f2f50
                                    0x003f2f55
                                    0x003f2f5a
                                    0x003f2fba
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x003f2f5c
                                    0x003f2f5c
                                    0x003f2f5c
                                    0x003f2f60
                                    0x003f2f62
                                    0x003f2f67
                                    0x003f2f6f
                                    0x003f2f75
                                    0x003f2f75
                                    0x003f2f7e
                                    0x003f2f81
                                    0x003f2f83
                                    0x003f2f86
                                    0x003f2f8a
                                    0x003f2f8c
                                    0x003f2f8c
                                    0x003f2f91
                                    0x003f2f92
                                    0x003f2f93
                                    0x003f2f9b
                                    0x003f2fa1
                                    0x003f2fa5
                                    0x003f2fa8
                                    0x003f2fa9
                                    0x003f2f83
                                    0x003f2fad
                                    0x003f2fb0
                                    0x003f2fb3
                                    0x003f2fb6
                                    0x00000000
                                    0x003f2f5c
                                    0x003f2fec

                                    APIs
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 003F82FF
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 003F832B
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    • printf.MSVCRT ref: 003F2F6F
                                    • printf.MSVCRT ref: 003F2F9B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeObjectprintf$LoadStringvwprintf
                                    • String ID: [%d,%d] %s$ [%d,*] %s$<NULL>
                                    • API String ID: 3954790218-3661550745
                                    • Opcode ID: 64b2810dcb345a70715892464faca8ad8221b72262d2119cbbea85f6be5fbf45
                                    • Instruction ID: 8cd399ed08b57b91cd458c0e79020ab8a4e14ce82f33f5417020fa67021f5d23
                                    • Opcode Fuzzy Hash: 64b2810dcb345a70715892464faca8ad8221b72262d2119cbbea85f6be5fbf45
                                    • Instruction Fuzzy Hash: F821BD7510830EFFDB136F94EC81DBABBB5FB04361F218029FA284A251D731A9A0CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F1CD9, Relevance: 7.6, APIs: 5, Instructions: 91encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 003F1D0D
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,00000000,?), ref: 003F1D2F
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,00000000,?), ref: 003F1D50
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,?,?), ref: 003F1D79
                                    • CertFreeCRLContext.CRYPT32(?), ref: 003F1DAB
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Context$FromPropertyStore$Free
                                    • String ID:
                                    • API String ID: 1268920413-0
                                    • Opcode ID: 5cda97d0714b3e0e186aae6fd5eae7eee0786f7eefc54b7ad611d281aead1a97
                                    • Instruction ID: 2bd631a1e4e271300628c9852b5e038f27f8337c8af1fb8285d5589ca5c29534
                                    • Opcode Fuzzy Hash: 5cda97d0714b3e0e186aae6fd5eae7eee0786f7eefc54b7ad611d281aead1a97
                                    • Instruction Fuzzy Hash: E131C27190122DFBCB22DBA5ED449FEFBB9EF08760F154466FA15A2110D7309E41DBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F1C45, Relevance: 7.6, APIs: 5, Instructions: 61encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 003F1C82
                                    • CertSetCertificateContextProperty.CRYPT32(00000000,0000000B,00000000,00000000), ref: 003F1C97
                                    • CertSetCertificateContextProperty.CRYPT32(00000000,0000000B,00000000,?), ref: 003F1CA6
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 003F1CB0
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 003F1CC4
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$CertificateContext$CertificatesEnumPropertyStore$Free
                                    • String ID:
                                    • API String ID: 1316045383-0
                                    • Opcode ID: 34843715780e478ff51e846e0eb0da0f338525d60258d1462ec4ff3d1f0a9bb8
                                    • Instruction ID: 150136c89c148a94a3851eb9f28363c12577e9872d61360338ff5ce539a7e953
                                    • Opcode Fuzzy Hash: 34843715780e478ff51e846e0eb0da0f338525d60258d1462ec4ff3d1f0a9bb8
                                    • Instruction Fuzzy Hash: 1611823654020AFBD7278B59EC45FBA77B9AB84740F164025E604E7290DBB4EE01DB54
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F8CA1, Relevance: 7.5, APIs: 5, Instructions: 49timethreadCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E003F8CA1() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t22;
				signed int _t23;
				signed int _t32;

				_t14 =  *0x3fa078; // 0x3e25e9e2
				_v12.dwLowDateTime = _v12.dwLowDateTime & 0x00000000;
				_v12.dwHighDateTime = _v12.dwHighDateTime & 0x00000000;
				if(_t14 == 0xbb40e64e || (0xffff0000 & _t14) == 0) {
					GetSystemTimeAsFileTime( &_v12);
					_t16 = GetCurrentProcessId();
					_t17 = GetCurrentThreadId();
					_t18 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t22 = _v16 ^ _v20.LowPart;
					_t32 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t16 ^ _t17 ^ _t18 ^ _t22;
					if(_t32 == 0xbb40e64e || ( *0x3fa078 & 0xffff0000) == 0) {
						_t32 = 0xbb40e64f;
					}
					 *0x3fa078 = _t32;
					 *0x3fa07c =  !_t32;
					return _t22;
				} else {
					_t23 =  !_t14;
					 *0x3fa07c = _t23;
					return _t23;
				}
			}













                                    0x003f8ca9
                                    0x003f8cae
                                    0x003f8cb2
                                    0x003f8cc4
                                    0x003f8cd8
                                    0x003f8ce4
                                    0x003f8cec
                                    0x003f8cf4
                                    0x003f8d00
                                    0x003f8d09
                                    0x003f8d0c
                                    0x003f8d10
                                    0x003f8d1a
                                    0x003f8d1a
                                    0x003f8d1f
                                    0x003f8d27
                                    0x00000000
                                    0x003f8cca
                                    0x003f8cca
                                    0x003f8ccc
                                    0x00000000
                                    0x003f8ccc

                                    APIs
                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 003F8CD8
                                    • GetCurrentProcessId.KERNEL32 ref: 003F8CE4
                                    • GetCurrentThreadId.KERNEL32 ref: 003F8CEC
                                    • GetTickCount.KERNEL32 ref: 003F8CF4
                                    • QueryPerformanceCounter.KERNEL32(?), ref: 003F8D00
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                    • String ID:
                                    • API String ID: 1445889803-0
                                    • Opcode ID: c87c7ba37ff4aea937cbc74d1cc93e99b8de7770af51e7810de9129111c6a0f3
                                    • Instruction ID: 10a4df647a3d3cb5fcd39d46186938e2d260a16486926585e804706580dff9d9
                                    • Opcode Fuzzy Hash: c87c7ba37ff4aea937cbc74d1cc93e99b8de7770af51e7810de9129111c6a0f3
                                    • Instruction Fuzzy Hash: F001C472C0061ADBCB129BF5F848ABAF7BCEF08352F560411E915E7110EE305D84CB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F44A1, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 40%
                                    			E003F44A1(intOrPtr _a4, signed int _a8) {
				intOrPtr* _v8;
				void* __ecx;
				intOrPtr* _t15;
				int _t16;
				intOrPtr _t21;
				void* _t24;
				intOrPtr* _t33;
				intOrPtr _t35;
				signed int _t36;
				signed int _t37;
				void* _t38;
				intOrPtr* _t39;
				void* _t41;

				_push(_t24);
				_t15 = E003F82C8(_t24, 0x2a, _a4, _a8, 0);
				_t33 = _t15;
				_v8 = _t33;
				if(_t33 != 0) {
					_t21 =  *_t33;
					_t39 =  *((intOrPtr*)(_t33 + 4));
					_a4 = _t21;
					_t16 = E003F8F8E( *0x3fa7f8, 0x1bc0, _t38);
					if(_t21 == 0) {
						_push(0x1bc1);
						_push( *0x3fa7f8);
						_t16 = E003F8F8E();
					}
					_a8 = _a8 & 0x00000000;
					if(_t21 > 0) {
						do {
							_t35 =  *_t39;
							_push(E003F3272(_t16, _t35, 0));
							_push(_t35);
							_t36 = _a8;
							_push(_t36);
							printf("    [%d] %s (%S)");
							_t41 = _t41 + 0x10;
							if( *((intOrPtr*)(_t39 + 4)) == 0) {
								_t16 = printf("\n");
							} else {
								_push(0x1b64);
								_push( *0x3fa7f8);
								E003F8F8E();
								_t16 = E003F28A5(L"      ",  *((intOrPtr*)(_t39 + 8)),  *((intOrPtr*)(_t39 + 4)));
							}
							_t37 = _t36 + 1;
							_t39 = _t39 + 0xc;
							_a8 = _t37;
						} while (_t37 < _a4);
						_t33 = _v8;
					}
					_t15 = E003F8F35(_t16, _t33);
				}
				return _t15;
			}
















                                    0x003f44a6
                                    0x003f44b2
                                    0x003f44b7
                                    0x003f44b9
                                    0x003f44be
                                    0x003f44c5
                                    0x003f44c8
                                    0x003f44d6
                                    0x003f44d9
                                    0x003f44e2
                                    0x003f44e4
                                    0x003f44e9
                                    0x003f44ef
                                    0x003f44f5
                                    0x003f44f6
                                    0x003f44fc
                                    0x003f4504
                                    0x003f4504
                                    0x003f450e
                                    0x003f450f
                                    0x003f4510
                                    0x003f4513
                                    0x003f4519
                                    0x003f451b
                                    0x003f4522
                                    0x003f454d
                                    0x003f4524
                                    0x003f4524
                                    0x003f4529
                                    0x003f452f
                                    0x003f4541
                                    0x003f4541
                                    0x003f4550
                                    0x003f4551
                                    0x003f4554
                                    0x003f4557
                                    0x003f455c
                                    0x003f455c
                                    0x003f4560
                                    0x003f4566
                                    0x003f4569

                                    APIs
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 003F82FF
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 003F832B
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    • printf.MSVCRT ref: 003F4519
                                    • printf.MSVCRT ref: 003F454D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeObjectprintf$LoadStringvwprintf
                                    • String ID: $ [%d] %s (%S)
                                    • API String ID: 3954790218-4092857480
                                    • Opcode ID: 888cd24e2b0654ac7c0e33d4ca3a631c520073c0c5b61259cbab1974d0698423
                                    • Instruction ID: b6413b9db0362c609509855e65e598251429778c2ae42492ca0aedb5f8a01889
                                    • Opcode Fuzzy Hash: 888cd24e2b0654ac7c0e33d4ca3a631c520073c0c5b61259cbab1974d0698423
                                    • Instruction Fuzzy Hash: 0E119036504308FBDB12AF85EC42EBE77BAEB85720F218019FB182B190DB71A941DB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F8FC0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 68%
                                    			E003F8FC0(struct HINSTANCE__* _a4, int _a8, int _a12) {

				LoadStringW(_a4, _a8, 0x3facd8,  *0x3fa390);
				LoadStringW(_a4, _a12, 0x3fb4d8,  *0x3fa390);
				_push(0x3fb4d8);
				return wprintf(0x3facd8);
			}



                                    0x003f8fe0
                                    0x003f8ff4
                                    0x003f8ff6
                                    0x003f9003

                                    APIs
                                    • LoadStringW.USER32(00001BB1,003F585D,CertMgr Succeeded,-00001BAE), ref: 003F8FE0
                                    • LoadStringW.USER32(00001BB1,?,003FB4D8), ref: 003F8FF4
                                    • wprintf.MSVCRT ref: 003F8FF8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString$wprintf
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 698749725-2974366063
                                    • Opcode ID: 14dd64c20e9452e522d00c2c88e24e5be13303a7c80c411dd6fcfcc399f4fd61
                                    • Instruction ID: df404b899cc8a766843632bffea140749850e13b1bad1aae7648fb2983da939d
                                    • Opcode Fuzzy Hash: 14dd64c20e9452e522d00c2c88e24e5be13303a7c80c411dd6fcfcc399f4fd61
                                    • Instruction Fuzzy Hash: 8CE0127B10425CBBDB131F46EC44C6B7F2EE7C93B47104016FA1C46221C6329821DBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F2A90, Relevance: 6.1, APIs: 4, Instructions: 77encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 43%
                                    			E003F2A90(void* __ebx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				void* __ecx;
				intOrPtr* _t9;
				intOrPtr _t18;
				void* _t22;
				void* _t24;
				intOrPtr* _t33;
				intOrPtr _t34;
				intOrPtr* _t36;

				_push(_t24);
				_v8 = 0;
				_t9 = E003F82C8(_t24, 6, _a4, _a8, 0);
				_t36 = _t9;
				if(_t36 == 0) {
					L9:
					return _t9;
				}
				E003F8F8E( *0x3fa7f8, 0x1bc4, __ebx);
				_t33 = __imp__CertRDNValueToStrW;
				_t4 = _t36 + 4; // 0x4
				_t22 =  *_t33( *_t36, _t4, 0, 0);
				if(_t22 > 1) {
					_t18 = E003F9241(_t22 + _t22, 0, 0);
					_v8 = _t18;
					if(_t18 != 0) {
						_t7 = _t36 + 4; // 0x4
						 *_t33( *_t36, _t7, _t18, _t22);
					}
				}
				E003F8F8E( *0x3fa7f8, 0x1bc5,  *_t36);
				_t34 = _v8;
				if(_t34 == 0) {
					_push(0x1b58);
					_push( *0x3fa7f8);
					E003F8F8E();
				} else {
					_push(_t34);
					wprintf(L"%s");
				}
				_t9 = E003F8F35(printf("\n"), _t36);
				if(_t34 != 0) {
					_t9 = E003F8F35(_t9, _t34);
				}
				goto L9;
			}












                                    0x003f2a95
                                    0x003f2a9e
                                    0x003f2aa6
                                    0x003f2aab
                                    0x003f2aaf
                                    0x003f2b56
                                    0x003f2b59
                                    0x003f2b59
                                    0x003f2ac1
                                    0x003f2aca
                                    0x003f2ad0
                                    0x003f2ad8
                                    0x003f2add
                                    0x003f2ae7
                                    0x003f2aec
                                    0x003f2af1
                                    0x003f2af5
                                    0x003f2afb
                                    0x003f2afb
                                    0x003f2af1
                                    0x003f2b0a
                                    0x003f2b0f
                                    0x003f2b18
                                    0x003f2b28
                                    0x003f2b2d
                                    0x003f2b33
                                    0x003f2b1a
                                    0x003f2b1a
                                    0x003f2b20
                                    0x003f2b20
                                    0x003f2b47
                                    0x003f2b4e
                                    0x003f2b51
                                    0x003f2b51
                                    0x00000000

                                    APIs
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 003F82FF
                                      • Part of subcall function 003F82C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 003F832B
                                      • Part of subcall function 003F8F8E: LoadStringW.USER32(?,003F1A8A,CertMgr Succeeded,00000000), ref: 003F8FA6
                                      • Part of subcall function 003F8F8E: vwprintf.MSVCRT ref: 003F8FB1
                                    • CertRDNValueToStrW.CRYPT32(00000000,00000004,00000000,00000000), ref: 003F2AD6
                                    • CertRDNValueToStrW.CRYPT32(00000000,00000004,00000000,00000000), ref: 003F2AFB
                                    • wprintf.MSVCRT ref: 003F2B20
                                    • printf.MSVCRT ref: 003F2B3F
                                      • Part of subcall function 003F9241: malloc.MSVCRT ref: 003F924A
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertCryptDecodeObjectValue$LoadStringmallocprintfvwprintfwprintf
                                    • String ID:
                                    • API String ID: 626385143-0
                                    • Opcode ID: 677d5c2f2cda843d83cb12c9deb5846d880de2b42ceb4b26c999d84e9683e978
                                    • Instruction ID: 6fb1cca74ef260bb222af4158dd4f51b9f78ce18fb996fbd4e6024996187991d
                                    • Opcode Fuzzy Hash: 677d5c2f2cda843d83cb12c9deb5846d880de2b42ceb4b26c999d84e9683e978
                                    • Instruction Fuzzy Hash: 9911A232100609FED7236B91AC06EBB7BBEEBC0750F11001AFA145A0A0EF72AD50D660
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F9192, Relevance: 6.1, APIs: 4, Instructions: 62fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 62%
                                    			E003F9192(void* __eax, void* __ecx, intOrPtr _a4, void* _a8, long _a12) {
				long _v8;
				signed int _t12;
				signed int _t16;
				signed int _t18;
				void* _t22;
				signed int _t30;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0) {
					_t12 = 0x80070057;
				} else {
					_push(0);
					_push(0);
					_push(2);
					_push(0);
					_push(0);
					_push(0x40000000);
					_push(_a4);
					E003F9349();
					_t22 = __eax;
					if(__eax != 0xffffffff) {
						if(WriteFile(__eax, _a8, _a12,  &_v8, 0) != 0) {
							asm("sbb esi, esi");
							_t30 =  ~(_v8 - _a12) & 0x80004005;
						} else {
							_t16 = GetLastError();
							if(_t16 > 0) {
								_t16 = _t16 & 0x0000ffff | 0x80070000;
							}
							_t30 = _t16;
						}
						CloseHandle(_t22);
					} else {
						_t18 = GetLastError();
						if(_t18 > 0) {
							_t18 = _t18 & 0x0000ffff | 0x80070000;
						}
						_t30 = _t18;
					}
					_t12 = _t30;
				}
				return _t12;
			}









                                    0x003f919b
                                    0x003f91a1
                                    0x003f9232
                                    0x003f91b5
                                    0x003f91b6
                                    0x003f91b7
                                    0x003f91b8
                                    0x003f91ba
                                    0x003f91bb
                                    0x003f91bc
                                    0x003f91c1
                                    0x003f91c4
                                    0x003f91c9
                                    0x003f91ce
                                    0x003f91fc
                                    0x003f921e
                                    0x003f9220
                                    0x003f91fe
                                    0x003f91fe
                                    0x003f9206
                                    0x003f920d
                                    0x003f920d
                                    0x003f9212
                                    0x003f9212
                                    0x003f9227
                                    0x003f91d0
                                    0x003f91d0
                                    0x003f91d8
                                    0x003f91df
                                    0x003f91df
                                    0x003f91e4
                                    0x003f91e4
                                    0x003f922d
                                    0x003f922f
                                    0x003f9239

                                    APIs
                                    • GetLastError.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00000001,00000000,?,003F7811,00000000,00000000), ref: 003F91D0
                                    • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00000001,00000000), ref: 003F91F4
                                    • GetLastError.KERNEL32(?,003F7811,00000000,00000000), ref: 003F91FE
                                    • CloseHandle.KERNEL32(00000000,?,003F7811,00000000,00000000), ref: 003F9227
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: ErrorLast$CloseFileHandleWrite
                                    • String ID:
                                    • API String ID: 2639859636-0
                                    • Opcode ID: c25b080e8936c370d1ae227bd98da483283fc8c835c60ec0251cf39e63b31bd8
                                    • Instruction ID: 191154720df4d212c9aca0dea27c527600b733069d9ffc034782d8ca2f94c0d3
                                    • Opcode Fuzzy Hash: c25b080e8936c370d1ae227bd98da483283fc8c835c60ec0251cf39e63b31bd8
                                    • Instruction Fuzzy Hash: A711A33294102DFBCB224A55AC08FBE7B2CEF46BA0F264936FA15E6044D3388D10D7D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F4FD3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf
                                    • String ID: $%s
                                    • API String ID: 3524737521-1620431320
                                    • Opcode ID: 9da04027e523636e95da9838e20568784ee3580c704e1e4b0a5403a9cf1b6216
                                    • Instruction ID: d91f81de6f60fe1bc387d12430df38a2938927fca9585a8ef067b4908d247111
                                    • Opcode Fuzzy Hash: 9da04027e523636e95da9838e20568784ee3580c704e1e4b0a5403a9cf1b6216
                                    • Instruction Fuzzy Hash: 04119635548B09FFE7272B40ED02C7577BAEB00B14B104415F36A195B0DF622565AA82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F50E4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: wprintf
                                    • String ID: $%s
                                    • API String ID: 3614878089-1620431320
                                    • Opcode ID: 4a924118c4f134faf1f4421d97b2e08491bfdc2dd7b4cf480cd201890b24f038
                                    • Instruction ID: 8be8ab57bf03fdda790cf948b22d5efb1bd00a4679f3b1642acb83c82026fd3c
                                    • Opcode Fuzzy Hash: 4a924118c4f134faf1f4421d97b2e08491bfdc2dd7b4cf480cd201890b24f038
                                    • Instruction Fuzzy Hash: CD01D136100B0CFADE276B80FD02EB7B7EAEB04750B15041AF302569A0EB72B950D791
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F52CB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 89%
                                    			E003F52CB(intOrPtr* _a4, intOrPtr _a8) {
				void* __edi;
				intOrPtr* _t4;
				void* _t6;
				intOrPtr _t9;
				intOrPtr _t10;

				_t4 = _a4;
				_t10 =  *((intOrPtr*)(_t4 + 4));
				_t9 =  *_t4;
				_t6 = 0;
				if(_t9 > 0) {
					do {
						_push(_t6);
						wprintf(L"    [%d] ");
						_t4 = E003F4FD3(_t9, _t10, _a8);
						_t6 = _t6 + 1;
						_t10 = _t10 + 0xc;
					} while (_t6 < _t9);
				}
				return _t4;
			}








                                    0x003f52d0
                                    0x003f52d5
                                    0x003f52d9
                                    0x003f52db
                                    0x003f52df
                                    0x003f52e1
                                    0x003f52e1
                                    0x003f52e7
                                    0x003f52f3
                                    0x003f52f8
                                    0x003f52f9
                                    0x003f52fc
                                    0x003f52e1
                                    0x003f5304

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: wprintf
                                    • String ID: [%d] $1.3.6.1.4.1.311.10.2
                                    • API String ID: 3614878089-3478931004
                                    • Opcode ID: 5e3cb4503381dc9871b6ccef449b5adae0bb121f3800d8ff0369e58eeee9c12e
                                    • Instruction ID: 3e285ebf82b4de8b54b0a30feca396ca886c933f497dfc7fcf0ef7c5cd6d1551
                                    • Opcode Fuzzy Hash: 5e3cb4503381dc9871b6ccef449b5adae0bb121f3800d8ff0369e58eeee9c12e
                                    • Instruction Fuzzy Hash: A7E0DF37100718AF46025AC8AC80CEBB76DEAD93603264022FB0857210CAB2BC0283A4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 003F8F52, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 64%
                                    			E003F8F52(struct HINSTANCE__* _a4, intOrPtr _a8, int _a12) {
				signed int _t4;

				_t4 = LoadStringW(_a4, _a12, 0x3facd8,  *0x3fa390);
				if(_t4 != 0) {
					_push(0x3facd8);
					_push(_a8);
					L003F9332();
					return _t4;
				}
				return _t4 | 0xffffffff;
			}




                                    0x003f8f6a
                                    0x003f8f72
                                    0x003f8f79
                                    0x003f8f7a
                                    0x003f8f7d
                                    0x00000000
                                    0x003f8f83
                                    0x00000000

                                    APIs
                                    • LoadStringW.USER32(?,?,CertMgr Succeeded,?), ref: 003F8F6A
                                    • _wcsicmp.MSVCRT ref: 003F8F7D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000016.00000002.737675784.00000000003F1000.00000020.00020000.sdmp, Offset: 003F0000, based on PE: true
                                    • Associated: 00000016.00000002.737663148.00000000003F0000.00000002.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737700903.00000000003FA000.00000004.00020000.sdmp Download File
                                    • Associated: 00000016.00000002.737715680.00000000003FD000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_22_2_3f0000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString_wcsicmp
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 129124420-2974366063
                                    • Opcode ID: be5139d90addca0394e7bead642d1a54837ff74a26503384e5ac88d1d4ed6d27
                                    • Instruction ID: 827a6aa0b17fd389a5a928ea4b4e251da735c75e4a1c016e78506601f1cf5325
                                    • Opcode Fuzzy Hash: be5139d90addca0394e7bead642d1a54837ff74a26503384e5ac88d1d4ed6d27
                                    • Instruction Fuzzy Hash: 3CE08C3600821CBB8B131F12BC08DAB3F1EEB123B0B144226FA2C402A0DB329820E690
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Analysis Process: CertMgr.exe PID: 5952 Parent PID: 6916 CertMgr.exeCOMMON

                                    Executed Functions

                                    Function 00147E7F, Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 226encryptionmemoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 128 147e7f-147eb2 HeapSetInformation call 1417f3 131 1480ec 128->131 132 147eb8-147ed5 LoadStringW 128->132 134 1480f1-1480f7 call 148f8e 131->134 132->131 133 147edb-147eef LoadStringW 132->133 133->131 135 147ef5-147f0e LoadStringA 133->135 138 1480fc-1480fd 134->138 135->131 137 147f14-147f29 LoadStringW 135->137 137->131 140 147f2f-147f44 LoadStringW 137->140 139 1480fe-148108 138->139 141 148110-148117 139->141 142 14810a-14810b call 148f35 139->142 140->131 143 147f4a-147f62 LoadStringW 140->143 146 14811f-148126 141->146 147 148119-14811a call 148f35 141->147 142->141 143->131 144 147f68-147f6c 143->144 148 147fde-147fe1 144->148 149 147f6e-147f7f CryptUIDlgCertMgr 144->149 151 14812e-148135 146->151 152 148128-148129 call 148f35 146->152 147->146 153 147f92-147fa1 148->153 154 147fe3-147fea call 143822 148->154 155 147f84-147f8d 149->155 157 148137-148138 CryptMsgClose 151->157 158 14813e-148142 151->158 152->151 160 147fa3-147fa7 153->160 161 147fca-147fd9 call 1434b4 153->161 168 147fec-147ff1 call 141864 154->168 169 148009-148034 call 144b58 154->169 155->134 157->158 162 148144-148149 CertCloseStore 158->162 163 14814f-14815d call 1486c7 158->163 160->161 165 147fa9-147fb0 160->165 177 147ff6-147ffd 161->177 178 147fdb 161->178 162->163 170 147fb2-147fb7 165->170 171 147fb9-147fc6 call 142675 165->171 168->139 185 148036-14803b 169->185 186 14803d-14804a 169->186 170->148 171->168 184 147fc8 171->184 177->168 180 147fff-148004 call 141a02 177->180 178->148 180->139 184->148 188 14805f-14806c call 148f8e 185->188 189 14804c-14804f 186->189 190 14806e-148071 186->190 188->131 189->190 191 148051-148058 189->191 193 1480a5-1480ac 190->193 194 148073-148075 190->194 191->190 195 14805a 191->195 196 1480ae-1480b8 call 147934 193->196 197 1480ba-1480c1 193->197 199 148087-148091 call 146d37 194->199 200 148077-148085 call 14644e 194->200 195->188 196->131 196->197 202 1480c3-1480c6 call 146f07 197->202 203 1480cf-1480d6 197->203 199->131 213 148093-1480a4 call 148f8e 199->213 200->131 200->199 211 1480cb-1480cd 202->211 203->155 208 1480dc-1480e6 call 1473e5 203->208 208->131 208->155 211->131 211->203 213->193
                                    C-Code - Quality: 50%
                                    			E00147E7F(void* __ebx, void* __edx, void* __edi, void* __esi, char _a4, signed short** _a8) {
				signed int _v8;
				short _v28;
				short _v48;
				char _v52;
				signed int _v56;
				signed short** _v60;
				int _v80;
				signed int _t41;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				signed short* _t63;
				void* _t71;
				intOrPtr _t72;
				void* _t74;
				void* _t84;
				int _t85;
				int _t86;
				signed int _t87;
				signed char _t92;
				void* _t97;
				signed short** _t99;
				void* _t100;
				void* _t103;
				signed int _t105;

				_t97 = __edx;
				_t41 =  *0x14a078; // 0xa17bec03
				_v8 = _t41 ^ _t105;
				_v56 = _v56 | 0xffffffff;
				_t99 = _a8;
				_v52 = 0;
				__imp__HeapSetInformation(0, 1, 0, 0, __edi, __esi, __ebx);
				if(E001417F3() == 0) {
					L41:
					_push(0x1773);
					goto L42;
				} else {
					_t85 = 0xa;
					if(LoadStringW( *0x14a7f8, 0x17a2,  &_v48, _t85) == 0 || LoadStringW( *0x14a7f8, 0x17a3,  &_v28, _t85) == 0 || LoadStringA( *0x14a7f8, 0x1b58, "<NULL>", _t85) == 0 || LoadStringW( *0x14a7f8, 0x1b59, ?str?, _t85) == 0 || LoadStringW( *0x14a7f8, 0x1b5a, ?str?, _t85) == 0) {
						goto L41;
					} else {
						_t86 = 0x14;
						if(LoadStringW( *0x14a7f8, 0x1b5b, L"<UNKNOWN OID>", _t86) == 0) {
							goto L41;
						} else {
							if(_a4 != 1) {
								while(1) {
									_t20 =  &_a4;
									 *_t20 = _a4 - 1;
									if( *_t20 == 0) {
										break;
									}
									_t99 =  &(_t99[1]);
									_t63 =  *_t99;
									_t87 =  *_t63 & 0x0000ffff;
									_v60 = _t99;
									if(_t87 == _v48 || _t87 == _v28) {
										if(E001434B4( &_a4,  &_v60) == 0) {
											if( *0x14a830 != 1) {
												goto L20;
											} else {
												E00141A02();
											}
										} else {
											_t99 = _v60;
											continue;
										}
									} else {
										if( *0x14a83c != 0) {
											if(E00142675(0x14a84c, _t63) == 0) {
												L20:
												E00141864();
											} else {
												continue;
											}
										} else {
											 *0x14a83c = _t63;
											continue;
										}
									}
									goto L43;
								}
								if(E00143822() != 0) {
									_t71 = E00144B58( &_v52, _t87, _t97,  *0x14a83c,  *0x14a834,  *0x14a070,  *0x14a854,  *0x14a85c, 1,  &_v52); // executed
									if(_t71 != 0) {
										_t72 =  *0x14a820; // 0x0
										_t92 =  *0x14a7fc; // 0x2
										if(_t72 == 0 || (_t92 & 0x00000004) == 0 ||  *0x14a840 == 0) {
											if((_t92 & 0x00000001) == 0) {
												L35:
												if(( *0x14a7fc & 0x00000004) == 0 || E00147934(_t97, _v52) != 0) {
													if(( *0x14a7fc & 0x00000002) == 0) {
														L39:
														if(( *0x14a7fc & 0x00000008) == 0 || E001473E5(_t86, _t97, _v52) != 0) {
															goto L9;
														} else {
															goto L41;
														}
													} else {
														_t74 = E00146F07(_t86, _t97, _v52); // executed
														if(_t74 == 0) {
															goto L41;
														} else {
															goto L39;
														}
													}
												} else {
													goto L41;
												}
											} else {
												if(_t72 == 0 || E0014644E(_t97, _t72,  *0x14a800) != 0) {
													if(E00146D37(_t97, _v52) == 0) {
														goto L41;
													} else {
														_push(0x1c0b);
														_push( *0x14a7f8);
														E00148F8E();
														goto L35;
													}
												} else {
													goto L41;
												}
											}
										} else {
											_push(0x1c2b);
											goto L29;
										}
									} else {
										_push(0x17b0);
										L29:
										_push( *0x14a7f8);
										E00148F8E();
										goto L41;
									}
									goto L42;
								} else {
									goto L20;
								}
							} else {
								asm("stosd");
								asm("stosd");
								asm("stosd");
								asm("stosd");
								asm("stosd");
								_push( &_v80);
								_v80 = _t86;
								L0014931A();
								L9:
								_v56 = _v56 & 0x00000000;
								_push(0x1772);
								L42:
								_push( *0x14a7f8); // executed
								E00148F8E(); // executed
							}
						}
					}
				}
				L43:
				_t46 =  *0x14a854; // 0x0
				_pop(_t100);
				_pop(_t103);
				_pop(_t84);
				if(_t46 != 0) {
					E00148F35(_t46, _t46);
				}
				_t47 =  *0x14a864; // 0x0
				if(_t47 != 0) {
					E00148F35(_t47, _t47);
				}
				_t48 =  *0x14a814; // 0x0
				if(_t48 != 0) {
					E00148F35(_t48, _t48);
				}
				_t49 =  *0x14a820; // 0x0
				if(_t49 != 0) {
					__imp__CryptMsgClose(_t49);
				}
				if(_v52 != 0) {
					__imp__CertCloseStore(_v52, 0);
				}
				return E001486C7(_v56, _t84, _v8 ^ _t105, _t97, _t100, _t103);
			}





























                                    0x00147e7f
                                    0x00147e87
                                    0x00147e8e
                                    0x00147e91
                                    0x00147e98
                                    0x00147ea2
                                    0x00147ea5
                                    0x00147eb2
                                    0x001480ec
                                    0x001480ec
                                    0x00000000
                                    0x00147eb8
                                    0x00147ec0
                                    0x00147ed5
                                    0x00000000
                                    0x00147f4a
                                    0x00147f4c
                                    0x00147f62
                                    0x00000000
                                    0x00147f68
                                    0x00147f6c
                                    0x00147fde
                                    0x00147fde
                                    0x00147fde
                                    0x00147fe1
                                    0x00000000
                                    0x00000000
                                    0x00147f92
                                    0x00147f95
                                    0x00147f97
                                    0x00147f9a
                                    0x00147fa1
                                    0x00147fd9
                                    0x00147ffd
                                    0x00000000
                                    0x00147fff
                                    0x00147fff
                                    0x00147fff
                                    0x00147fdb
                                    0x00147fdb
                                    0x00000000
                                    0x00147fdb
                                    0x00147fa9
                                    0x00147fb0
                                    0x00147fc6
                                    0x00147fec
                                    0x00147fec
                                    0x00147fc8
                                    0x00000000
                                    0x00147fc8
                                    0x00147fb2
                                    0x00147fb2
                                    0x00000000
                                    0x00147fb2
                                    0x00147fb0
                                    0x00000000
                                    0x00147fa1
                                    0x00147fea
                                    0x0014802d
                                    0x00148034
                                    0x0014803d
                                    0x00148042
                                    0x0014804a
                                    0x00148071
                                    0x001480a5
                                    0x001480ac
                                    0x001480c1
                                    0x001480cf
                                    0x001480d6
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x001480c3
                                    0x001480c6
                                    0x001480cd
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x001480cd
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00148073
                                    0x00148075
                                    0x00148091
                                    0x00000000
                                    0x00148093
                                    0x00148093
                                    0x00148098
                                    0x0014809e
                                    0x00000000
                                    0x001480a4
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00148075
                                    0x0014805a
                                    0x0014805a
                                    0x00000000
                                    0x0014805a
                                    0x00148036
                                    0x00148036
                                    0x0014805f
                                    0x0014805f
                                    0x00148065
                                    0x00000000
                                    0x0014806b
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00147f6e
                                    0x00147f73
                                    0x00147f74
                                    0x00147f75
                                    0x00147f76
                                    0x00147f77
                                    0x00147f7b
                                    0x00147f7c
                                    0x00147f7f
                                    0x00147f84
                                    0x00147f84
                                    0x00147f88
                                    0x001480f1
                                    0x001480f1
                                    0x001480f7
                                    0x001480fd
                                    0x00147f6c
                                    0x00147f62
                                    0x00147ed5
                                    0x001480fe
                                    0x001480fe
                                    0x00148103
                                    0x00148104
                                    0x00148105
                                    0x00148108
                                    0x0014810b
                                    0x0014810b
                                    0x00148110
                                    0x00148117
                                    0x0014811a
                                    0x0014811a
                                    0x0014811f
                                    0x00148126
                                    0x00148129
                                    0x00148129
                                    0x0014812e
                                    0x00148135
                                    0x00148138
                                    0x00148138
                                    0x00148142
                                    0x00148149
                                    0x00148149
                                    0x0014815d

                                    APIs
                                    • HeapSetInformation.KERNEL32(00000000,00000001,00000000,00000000), ref: 00147EA5
                                      • Part of subcall function 001417F3: GetModuleHandleA.KERNEL32(00000000,00147EB0), ref: 001417F5
                                    • LoadStringW.USER32(000017A2,?,0000000A), ref: 00147ED1
                                    • LoadStringW.USER32(000017A3,?,0000000A), ref: 00147EEB
                                    • LoadStringA.USER32 ref: 00147F06
                                    • LoadStringW.USER32(00001B59,SHA1,0000000A), ref: 00147F25
                                    • LoadStringW.USER32(00001B5A,MD5,0000000A), ref: 00147F40
                                    • LoadStringW.USER32(00001B5B,<UNKNOWN OID>,00000014), ref: 00147F5E
                                    • CryptUIDlgCertMgr.CRYPTUI(?), ref: 00147F7F
                                    • CryptMsgClose.CRYPT32(00000000), ref: 00148138
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00148149
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString$CertCloseCrypt$HandleHeapInformationModuleStore
                                    • String ID: <NULL>$<UNKNOWN OID>$MD5$SHA1
                                    • API String ID: 215360622-1563267417
                                    • Opcode ID: 4506e9fba9d04c4d8bc00b5502a7263c6019107339d3d635408ba3181d952364
                                    • Instruction ID: ab3f01eb77cbf21aa02ff9f1375ece747753594328402ad0b6d30ee41bd584b7
                                    • Opcode Fuzzy Hash: 4506e9fba9d04c4d8bc00b5502a7263c6019107339d3d635408ba3181d952364
                                    • Instruction Fuzzy Hash: B271B274654206EAEB206B60ED41FAE3BBDEF05752F554025F910A20F1DF72DCC9CA22
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00148A1F, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 393 148a1f-148a2c SetUnhandledExceptionFilter
                                    C-Code - Quality: 100%
                                    			E00148A1F() {

				SetUnhandledExceptionFilter(E001489D7); // executed
				return 0;
			}



                                    0x00148a24
                                    0x00148a2c

                                    APIs
                                    • SetUnhandledExceptionFilter.KERNELBASE(Function_000089D7), ref: 00148A24
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterUnhandled
                                    • String ID:
                                    • API String ID: 3192549508-0
                                    • Opcode ID: ba3c5a1e6f90eb03d56051e2119082b9546ff84a90983c49576622ed86b9e198
                                    • Instruction ID: 6c073b3283b05732f8195c17aef5dafdbbf07104321ae896d36fa455d3cb553a
                                    • Opcode Fuzzy Hash: ba3c5a1e6f90eb03d56051e2119082b9546ff84a90983c49576622ed86b9e198
                                    • Instruction Fuzzy Hash: 8A900264251640668B001BB1DD0969A25D05B9971674144527602D5474DF5040C15516
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00146F07, Relevance: 33.4, APIs: 22, Instructions: 395encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 146f07-146f3e 1 146f44-146f4b 0->1 2 1473c6-1473d8 call 148f8e 0->2 1->2 4 146f51-146f67 CertOpenStore 1->4 11 1473da-1473dd 2->11 5 146f75-146f80 4->5 6 146f69-146f70 4->6 9 146f86-146f8c 5->9 10 147010-147017 5->10 8 1473b1-1473c0 call 148f8e 6->8 33 1473c1-1473c4 8->33 12 146fa7-146fae 9->12 13 146f8e-146f99 call 141dc3 9->13 15 14701d-147023 10->15 16 14713f-147146 10->16 19 146fb4-146fd9 CertFindCertificateInStore 12->19 20 147048-14704f 12->20 13->10 46 146f9b-146fa2 13->46 21 1470e3-1470ea 15->21 22 147029-147036 call 141dc3 15->22 23 147240-147246 16->23 24 14714c-147152 16->24 36 146fe7-146ff6 CertAddCertificateContextToStore 19->36 37 146fdb-146fe2 19->37 28 147070-147079 20->28 29 147051-147059 20->29 31 147177-147187 call 142100 21->31 32 1470f0-14710a call 141cd9 21->32 22->16 52 14703c-147043 22->52 34 1472c3-1472c9 23->34 35 147248-147252 call 141a5b 23->35 26 1471dd-1471e4 24->26 27 147158-147165 call 141dc3 24->27 44 1471e6-14720b CertFindCTLInStore 26->44 45 147260-147270 call 1421ed 26->45 27->23 66 14716b-147172 27->66 40 14705a-147062 call 141fb6 28->40 29->40 68 147195-147199 31->68 69 147189-147190 31->69 78 14710c-147113 32->78 79 147118-147127 CertAddCRLContextToStore 32->79 33->11 42 1472e0-1472e3 call 144da0 34->42 43 1472cb-1472d5 call 141c45 34->43 35->34 80 147254-14725b 35->80 50 147004-14700d CertFreeCertificateContext 36->50 51 146ff8-146fff 36->51 49 1472f3-1472f6 37->49 82 147064-14706b 40->82 83 14707b-147080 40->83 71 1472e8-1472ea 42->71 43->42 86 1472d7-1472de 43->86 58 14720d-147214 44->58 59 147219-147228 CertAddCRLContextToStore 44->59 96 147272-147279 45->96 97 14727e-147282 45->97 62 1473a1-1473af CertCloseStore 46->62 60 14731d-147328 49->60 61 1472f8-147301 CertFreeCertificateContext 49->61 50->10 51->49 52->60 72 147312-147314 58->72 74 147236-14723d CertFreeCRLContext 59->74 75 14722a-147231 59->75 76 14734d-147352 60->76 77 14732a-147330 60->77 73 147304-147306 61->73 62->8 62->33 66->60 84 1471bc 68->84 85 14719b-1471a1 68->85 69->60 71->60 87 1472ec 71->87 72->60 89 147316-147317 CertFreeCRLContext 72->89 73->60 88 147308-14730f CertFreeCRLContext 73->88 74->23 75->72 94 147354-14735a 76->94 95 147377-14737c 76->95 90 147332-147347 CertFreeCertificateContext 77->90 91 147349-14734c free 77->91 78->73 92 147135-14713c CertFreeCRLContext 79->92 93 147129-147130 79->93 80->60 82->60 102 147096-147099 83->102 103 147082-147088 83->103 84->16 104 1471be-1471d0 call 146b9f 84->104 101 1471a3-1471ae CertAddCRLContextToStore 85->101 86->60 87->49 88->72 89->60 90->90 90->91 91->76 92->16 93->73 105 147373-147376 free 94->105 106 14735c-147371 CertFreeCRLContext 94->106 95->62 98 14737e-147384 95->98 96->60 99 147284-14728a 97->99 100 1472a2 97->100 107 147386-14739b CertFreeCRLContext 98->107 108 14739d-1473a0 free 98->108 109 14728c-147297 CertAddCRLContextToStore 99->109 100->23 110 1472a4-1472b6 call 146c6b 100->110 101->16 111 1471b0-1471b7 101->111 113 1470c0 102->113 114 14709b-1470a1 102->114 103->10 112 14708a-147091 103->112 104->111 123 1471d2-1471db 104->123 105->95 106->105 106->106 107->107 107->108 108->62 109->23 116 147299-1472a0 109->116 110->116 125 1472b8-1472c1 110->125 111->60 112->60 113->10 120 1470c6-1470d6 call 1466c9 113->120 118 1470a3-1470ae CertAddCertificateContextToStore 114->118 116->60 118->10 122 1470b4-1470bb 118->122 120->122 127 1470d8-1470e1 120->127 122->60 123->101 125->109 127->118
                                    APIs
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 00146F5C
                                    • CertCloseStore.CRYPT32(?,00000000), ref: 001473A5
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertStore$CloseOpen
                                    • String ID:
                                    • API String ID: 2191479384-0
                                    • Opcode ID: 9134cf053bd6b1f3fc3e11e90ab096e1730fcf0cd360334b465635567ac3be6e
                                    • Instruction ID: e9faeb4a7193cb504baa8479163019a3e70ad0daa63535212bcd77e35e7cb7dc
                                    • Opcode Fuzzy Hash: 9134cf053bd6b1f3fc3e11e90ab096e1730fcf0cd360334b465635567ac3be6e
                                    • Instruction Fuzzy Hash: 64E148B4D08209EBDB219F95ED84EEEBBB9FF46700F204456F901A31B0D7755A80EB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00144B58, Relevance: 18.2, APIs: 12, Instructions: 190encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 217 144b58-144b70 218 144b76-144b79 217->218 219 144d92 217->219 218->219 221 144b7f-144b83 218->221 220 144d94-144d98 219->220 222 144b85-144b8f 221->222 223 144b9f-144ba2 221->223 224 144b92 CertOpenStore 222->224 225 144c04-144c0d call 1425ea 223->225 226 144ba4-144ba8 223->226 228 144b98-144b9a 224->228 234 144c33-144c3d call 1424d4 225->234 235 144c0f-144c15 225->235 229 144bf6-144c02 226->229 230 144baa-144bc8 CertOpenStore 226->230 232 144d84-144d86 228->232 229->224 230->219 233 144bce-144bd5 230->233 232->219 236 144d88-144d90 232->236 233->232 237 144bdb-144bf4 CertCloseStore CertOpenStore 233->237 242 144c63-144c64 call 14255f 234->242 243 144c3f-144c45 234->243 238 144c27-144c2e 235->238 239 144c17-144c21 235->239 236->220 237->228 238->232 239->232 239->238 247 144c69-144c6d 242->247 244 144c57-144c5e 243->244 245 144c47-144c51 243->245 244->232 245->232 245->244 248 144c93-144caa CertOpenStore 247->248 249 144c6f-144c75 247->249 248->236 252 144cb0-144cbc call 143c7e 248->252 250 144c87-144c8e 249->250 251 144c77-144c81 249->251 250->232 251->232 251->250 252->236 255 144cc2-144cd4 call 142445 252->255 258 144d77-144d7a 255->258 259 144cda-144cf7 CertOpenStore 255->259 258->232 260 144d7c-144d7f call 148f35 258->260 259->258 261 144cf9-144d11 CertAddEncodedCTLToStore 259->261 260->232 261->258 263 144d13-144d2b CertAddEncodedCRLToStore 261->263 263->258 264 144d2d-144d45 CertAddEncodedCertificateToStore 263->264 264->258 265 144d47-144d63 CertCloseStore CertOpenStore 264->265 265->258 266 144d65-144d75 CertOpenStore 265->266 266->258
                                    APIs
                                    • CertOpenStore.CRYPT32(0000000A,00000000,?,?), ref: 00144B92
                                    • CertOpenStore.CRYPT32(0000000A,00000000,?,?), ref: 00144BC2
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00144BDD
                                    • CertOpenStore.CRYPT32(0000000A,00000000,?,?), ref: 00144BF2
                                    • CertOpenStore.CRYPT32(00000008,00000000,00000000,?), ref: 00144CA4
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 00144CF1
                                    • CertAddEncodedCTLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 00144D09
                                    • CertAddEncodedCRLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 00144D23
                                    • CertAddEncodedCertificateToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 00144D3D
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00144D49
                                    • CertOpenStore.CRYPT32(00000005,00000000,00000000,?), ref: 00144D5D
                                    • CertOpenStore.CRYPT32(00000006,00000000,00000000,?), ref: 00144D73
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertStore$Open$Encoded$Close$Certificate
                                    • String ID:
                                    • API String ID: 2200726460-0
                                    • Opcode ID: 416c04acd18417e58c9e98d879c8e79cdfa329055f858cad54983af643aa22a1
                                    • Instruction ID: 7436231e7ed1341312dae265cc0c6f32754446f5ff0623706bd4386993fc8194
                                    • Opcode Fuzzy Hash: 416c04acd18417e58c9e98d879c8e79cdfa329055f858cad54983af643aa22a1
                                    • Instruction Fuzzy Hash: 6651C139840254FBDB22AFA5CC44FAEBAB8FB9A744F564615F618A2030D33149C1DB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00141DC3, Relevance: 13.6, APIs: 9, Instructions: 91encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 267 141dc3-141de2 268 141de4-141deb 267->268 269 141e0a-141e0e 267->269 270 141dff-141e08 CertEnumCertificatesInStore 268->270 271 141e10-141e17 269->271 272 141e3b-141e3f 269->272 270->269 273 141ded-141dfc CertAddCertificateContextToStore 270->273 274 141e2f-141e39 CertEnumCTLsInStore 271->274 275 141e75 272->275 276 141e41-141e4c 272->276 278 141e7c-141e7e 273->278 279 141dfe 273->279 274->272 280 141e19-141e2a CertAddCRLContextToStore 274->280 275->278 277 141e68-141e73 CertGetCRLFromStore 276->277 277->275 281 141e4e-141e5f CertAddCRLContextToStore 277->281 282 141e87-141e8a 278->282 283 141e80-141e81 CertFreeCertificateContext 278->283 279->270 280->278 284 141e2c 280->284 281->278 285 141e61-141e65 281->285 286 141e95-141e9b 282->286 287 141e8c-141e8f CertFreeCRLContext 282->287 283->282 284->274 285->277 288 141ea6-141eaa 286->288 289 141e9d-141ea0 CertFreeCRLContext 286->289 287->286 289->288
                                    APIs
                                    • CertAddCertificateContextToStore.CRYPT32(?,00000000,00000003,00000000), ref: 00141DF4
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00141E02
                                    • CertAddCRLContextToStore.CRYPT32(?,?,00000003,00000000), ref: 00141E22
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 00141E32
                                    • CertAddCRLContextToStore.CRYPT32(?,?,00000003,00000000), ref: 00141E57
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 00141E6C
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 00141E81
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00141E8F
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00141EA0
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextStore$Free$CertificateEnum$CertificatesFrom
                                    • String ID:
                                    • API String ID: 121226512-0
                                    • Opcode ID: 815c722236bd3a740c2a4eebd193ff7f8dab176633d2520351d5438aad10fb5b
                                    • Instruction ID: 5291d91069ab4eafc7305bb6ff8f98d23af492d2ce91764f8b2a58c335f1b91f
                                    • Opcode Fuzzy Hash: 815c722236bd3a740c2a4eebd193ff7f8dab176633d2520351d5438aad10fb5b
                                    • Instruction Fuzzy Hash: EA31087990026DFBDB229FA1DC48AEEBFB9EF05790F144065F915A2070C7B18AD1DB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00149087, Relevance: 9.1, APIs: 6, Instructions: 96fileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 290 149087-1490a2 291 149181 290->291 292 1490a8-1490ad 290->292 294 149186-14918a 291->294 292->291 293 1490b3-1490b6 292->293 293->291 295 1490bc-1490c1 293->295 295->291 296 1490c7-1490eb call 149349 295->296 299 149106-149117 GetFileSize 296->299 300 1490ed-1490f5 GetLastError 296->300 299->300 301 149119-14911c 299->301 302 1490f7-1490fc 300->302 303 149101-149104 300->303 305 149127-14913a CreateFileMappingA 301->305 306 14911e-149125 301->306 302->303 304 149158-14915b 303->304 307 14915d-149162 304->307 309 14916e-149171 304->309 305->300 308 14913c-14914c MapViewOfFile 305->308 306->307 307->309 311 149164-14916b CloseHandle 307->311 308->300 310 14914e-149156 308->310 312 149173-149176 FindCloseChangeNotification 309->312 313 14917c-14917f 309->313 310->304 311->309 312->313 313->294
                                    C-Code - Quality: 85%
                                    			E00149087(long _a4, void* _a8, void** _a12, void** _a16) {
				long _v8;
				long _v12;
				long _v16;
				void* _t22;
				long _t24;
				signed int _t25;
				void* _t28;
				void* _t31;
				void* _t32;
				void** _t33;
				void** _t38;

				_t22 = _a8;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				if(_t22 == 0) {
					L20:
					return 0x80070057;
				}
				_t33 = _a12;
				if(_t33 == 0 || _a4 == 0) {
					goto L20;
				} else {
					_t38 = _a16;
					if(_t38 == 0) {
						goto L20;
					}
					_push(0);
					_push(0x80);
					_push(3);
					_push(0);
					_push(1);
					_push(0x80000000);
					_push(_a4);
					 *_t33 = 0;
					 *_t22 = 0;
					 *_t38 =  *_t38 | 0xffffffff; // executed
					E00149349(); // executed
					 *_t38 = _t22;
					if(_t22 != 0xffffffff) {
						_t24 = GetFileSize(_t22,  &_v16);
						_a4 = _t24;
						if(_t24 == 0xffffffff) {
							goto L5;
						}
						if(_v16 == 0) {
							_t31 = CreateFileMappingA( *_t38, 0, 2, 0, 0, 0); // executed
							_v12 = _t31;
							if(_t31 == 0) {
								goto L5;
							}
							_t32 = MapViewOfFile(_t31, 4, 0, 0, _a4); // executed
							if(_t32 == 0) {
								goto L5;
							}
							 *_a8 = _a4;
							 *_t33 = _t32;
							L14:
							if(_v8 == 0) {
								L17:
								if(_v12 != 0) {
									FindCloseChangeNotification(_v12); // executed
								}
								return _v8;
							}
							L15:
							_t28 =  *_t38;
							if(_t28 != 0xffffffff) {
								CloseHandle(_t28);
								 *_t38 =  *_t38 | 0xffffffff;
							}
							goto L17;
						}
						_v8 = 0x80004005;
						goto L15;
					}
					L5:
					_t25 = GetLastError();
					if(_t25 > 0) {
						_t25 = _t25 & 0x0000ffff | 0x80070000;
					}
					_v8 = _t25;
					goto L14;
				}
			}














                                    0x0014908f
                                    0x00149097
                                    0x0014909a
                                    0x0014909d
                                    0x001490a2
                                    0x00149181
                                    0x00000000
                                    0x00149181
                                    0x001490a8
                                    0x001490ad
                                    0x00000000
                                    0x001490bc
                                    0x001490bc
                                    0x001490c1
                                    0x00000000
                                    0x00000000
                                    0x001490c7
                                    0x001490c8
                                    0x001490cd
                                    0x001490cf
                                    0x001490d0
                                    0x001490d2
                                    0x001490d7
                                    0x001490da
                                    0x001490dc
                                    0x001490de
                                    0x001490e1
                                    0x001490e6
                                    0x001490eb
                                    0x0014910b
                                    0x00149111
                                    0x00149117
                                    0x00000000
                                    0x00000000
                                    0x0014911c
                                    0x0014912f
                                    0x00149135
                                    0x0014913a
                                    0x00000000
                                    0x00000000
                                    0x00149144
                                    0x0014914c
                                    0x00000000
                                    0x00000000
                                    0x00149154
                                    0x00149156
                                    0x00149158
                                    0x0014915b
                                    0x0014916e
                                    0x00149171
                                    0x00149176
                                    0x00149176
                                    0x00000000
                                    0x0014917c
                                    0x0014915d
                                    0x0014915d
                                    0x00149162
                                    0x00149165
                                    0x0014916b
                                    0x0014916b
                                    0x00000000
                                    0x00149162
                                    0x0014911e
                                    0x00000000
                                    0x0014911e
                                    0x001490ed
                                    0x001490ed
                                    0x001490f5
                                    0x001490fc
                                    0x001490fc
                                    0x00149101
                                    0x00000000
                                    0x00149101

                                    APIs
                                    • GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 001490ED
                                    • GetFileSize.KERNEL32(00000000,?,000000FF,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,?,?,000000FF), ref: 0014910B
                                    • CreateFileMappingA.KERNEL32 ref: 0014912F
                                    • MapViewOfFile.KERNELBASE(00000000,00000004,00000000,00000000,000000FF,?,00000000,?,?,000000FF), ref: 00149144
                                    • CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 00149165
                                    • FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 00149176
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: File$Close$ChangeCreateErrorFindHandleLastMappingNotificationSizeView
                                    • String ID:
                                    • API String ID: 2370202277-0
                                    • Opcode ID: 9ae7faf3ba9ca69cc1fab44c1bcd9bee5b8f0b33b41a1f112a4368d0430e5124
                                    • Instruction ID: 0a0be6d7f240c4bf72ba6e46e2e815df992498690e8e45b285da9a773a06b7c9
                                    • Opcode Fuzzy Hash: 9ae7faf3ba9ca69cc1fab44c1bcd9bee5b8f0b33b41a1f112a4368d0430e5124
                                    • Instruction Fuzzy Hash: 09314D75900205FBCB219F69CC8DD9FBBB9EB81B70F248659F565EA2B0D3318980DB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0014255F, Relevance: 7.6, APIs: 5, Instructions: 56encryptionfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 327 14255f-142579 call 149087 329 14257e-142580 327->329 330 142586-14259a CertOpenStore 329->330 331 142582-142584 329->331 333 1425c0-1425c3 330->333 334 14259c-1425b4 CertAddEncodedCertificateToStore 330->334 332 1425e1-1425e2 331->332 335 1425c5-1425c8 UnmapViewOfFile 333->335 336 1425ce-1425d2 333->336 334->333 337 1425b6-1425be CertCloseStore 334->337 335->336 338 1425d4-1425d7 CloseHandle 336->338 339 1425dd-1425e0 336->339 337->333 338->339 339->332
                                    C-Code - Quality: 37%
                                    			E0014255F(void* __ecx, void* _a4) {
				signed int _v8;
				char _v12;
				void* _t16;
				void* _t22;
				void* _t23;
				void* _t25;

				_v8 = _v8 | 0xffffffff;
				_t16 = E00149087(_a4,  &_v12,  &_a4,  &_v8); // executed
				if(_t16 == 0) {
					__imp__CertOpenStore(2, 0, 0, 0, 0, _t22, _t25);
					_t23 = _t16;
					if(_t23 != 0) {
						__imp__CertAddEncodedCertificateToStore(_t23,  *0x14a06c, _a4, _v12, 4, 0);
						if(_t16 == 0) {
							__imp__CertCloseStore(_t23, 0);
							_t23 = 0;
						}
					}
					if(_a4 != 0) {
						UnmapViewOfFile(_a4);
					}
					if(_v8 != 0xffffffff) {
						CloseHandle(_v8);
					}
					return _t23;
				}
				return 0;
			}









                                    0x00142566
                                    0x00142579
                                    0x00142580
                                    0x00142590
                                    0x00142596
                                    0x0014259a
                                    0x001425ac
                                    0x001425b4
                                    0x001425b8
                                    0x001425be
                                    0x001425be
                                    0x001425b4
                                    0x001425c3
                                    0x001425c8
                                    0x001425c8
                                    0x001425d2
                                    0x001425d7
                                    0x001425d7
                                    0x00000000
                                    0x001425e0
                                    0x00000000

                                    APIs
                                      • Part of subcall function 00149087: GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 001490ED
                                      • Part of subcall function 00149087: CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 00149165
                                      • Part of subcall function 00149087: FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 00149176
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000,00000000), ref: 00142590
                                    • CertAddEncodedCertificateToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 001425AC
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 001425B8
                                    • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,000000FF), ref: 001425C8
                                    • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,000000FF), ref: 001425D7
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Close$CertStore$Handle$CertificateChangeEncodedErrorFileFindLastNotificationOpenUnmapView
                                    • String ID:
                                    • API String ID: 780097858-0
                                    • Opcode ID: 6b80305a610a14666efa3fb44c8c9e2aed72abcaa2c98614d999d31c4014e9f6
                                    • Instruction ID: 82ff6f4cf277f8ba0dd6cafff117a3d132d52fd85b656e4f273c737709cf31be
                                    • Opcode Fuzzy Hash: 6b80305a610a14666efa3fb44c8c9e2aed72abcaa2c98614d999d31c4014e9f6
                                    • Instruction Fuzzy Hash: 0D01003A101118FBDB215B62DC09DDF7E7DEF867A1B504225FA19D60B0E7308AD2DAB0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001424D4, Relevance: 7.6, APIs: 5, Instructions: 56encryptionfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 314 1424d4-1424f5 call 149087 317 1424f7-1424f9 314->317 318 1424fb-14250f CertOpenStore 314->318 319 142556-142557 317->319 320 142535-142538 318->320 321 142511-142529 CertAddEncodedCRLToStore 318->321 323 142543-142547 320->323 324 14253a-14253d UnmapViewOfFile 320->324 321->320 322 14252b-142533 CertCloseStore 321->322 322->320 325 142552-142555 323->325 326 142549-14254c CloseHandle 323->326 324->323 325->319 326->325
                                    C-Code - Quality: 37%
                                    			E001424D4(void* __ecx, void* _a4) {
				signed int _v8;
				char _v12;
				void* _t16;
				void* _t22;
				void* _t23;
				void* _t25;

				_v8 = _v8 | 0xffffffff;
				_t16 = E00149087(_a4,  &_v12,  &_a4,  &_v8); // executed
				if(_t16 == 0) {
					__imp__CertOpenStore(2, 0, 0, 0, 0, _t22, _t25);
					_t23 = _t16;
					if(_t23 != 0) {
						__imp__CertAddEncodedCRLToStore(_t23,  *0x14a064, _a4, _v12, 4, 0); // executed
						if(_t16 == 0) {
							__imp__CertCloseStore(_t23, 0);
							_t23 = 0;
						}
					}
					if(_a4 != 0) {
						UnmapViewOfFile(_a4);
					}
					if(_v8 != 0xffffffff) {
						CloseHandle(_v8);
					}
					return _t23;
				}
				return 0;
			}









                                    0x001424db
                                    0x001424ee
                                    0x001424f5
                                    0x00142505
                                    0x0014250b
                                    0x0014250f
                                    0x00142521
                                    0x00142529
                                    0x0014252d
                                    0x00142533
                                    0x00142533
                                    0x00142529
                                    0x00142538
                                    0x0014253d
                                    0x0014253d
                                    0x00142547
                                    0x0014254c
                                    0x0014254c
                                    0x00000000
                                    0x00142555
                                    0x00000000

                                    APIs
                                      • Part of subcall function 00149087: GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 001490ED
                                      • Part of subcall function 00149087: CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 00149165
                                      • Part of subcall function 00149087: FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 00149176
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000,00000000), ref: 00142505
                                    • CertAddEncodedCRLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 00142521
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 0014252D
                                    • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,000000FF), ref: 0014253D
                                    • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,000000FF), ref: 0014254C
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Close$CertStore$Handle$ChangeEncodedErrorFileFindLastNotificationOpenUnmapView
                                    • String ID:
                                    • API String ID: 3658566462-0
                                    • Opcode ID: 094c863fe7586774c91399f9b73cfd6b209b38017e9c76db64937d285b09fba4
                                    • Instruction ID: 0d139fe579f624d711bece2b9a15038fafc07968e74962cfecf3beba75730718
                                    • Opcode Fuzzy Hash: 094c863fe7586774c91399f9b73cfd6b209b38017e9c76db64937d285b09fba4
                                    • Instruction Fuzzy Hash: AD012D3A101118BBCB219F66DC0CDDFBE6DEF8A7E0B544125FA19D6070D7308AC2DAA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001425EA, Relevance: 7.6, APIs: 5, Instructions: 56encryptionfileCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 340 1425ea-14260b call 149087 343 142611-142625 CertOpenStore 340->343 344 14260d-14260f 340->344 346 142627-14263f CertAddEncodedCTLToStore 343->346 347 14264b-14264e 343->347 345 14266c-14266d 344->345 346->347 348 142641-142649 CertCloseStore 346->348 349 142650-142653 UnmapViewOfFile 347->349 350 142659-14265d 347->350 348->347 349->350 351 14265f-142662 CloseHandle 350->351 352 142668-14266b 350->352 351->352 352->345
                                    C-Code - Quality: 37%
                                    			E001425EA(void* __ecx, void* _a4) {
				signed int _v8;
				char _v12;
				void* _t16;
				void* _t22;
				void* _t23;
				void* _t25;

				_v8 = _v8 | 0xffffffff;
				_t16 = E00149087(_a4,  &_v12,  &_a4,  &_v8); // executed
				if(_t16 == 0) {
					__imp__CertOpenStore(2, 0, 0, 0, 0, _t22, _t25);
					_t23 = _t16;
					if(_t23 != 0) {
						__imp__CertAddEncodedCTLToStore(_t23,  *0x14a06c, _a4, _v12, 4, 0);
						if(_t16 == 0) {
							__imp__CertCloseStore(_t23, 0);
							_t23 = 0;
						}
					}
					if(_a4 != 0) {
						UnmapViewOfFile(_a4);
					}
					if(_v8 != 0xffffffff) {
						CloseHandle(_v8);
					}
					return _t23;
				}
				return 0;
			}









                                    0x001425f1
                                    0x00142604
                                    0x0014260b
                                    0x0014261b
                                    0x00142621
                                    0x00142625
                                    0x00142637
                                    0x0014263f
                                    0x00142643
                                    0x00142649
                                    0x00142649
                                    0x0014263f
                                    0x0014264e
                                    0x00142653
                                    0x00142653
                                    0x0014265d
                                    0x00142662
                                    0x00142662
                                    0x00000000
                                    0x0014266b
                                    0x00000000

                                    APIs
                                      • Part of subcall function 00149087: GetLastError.KERNEL32(?,00000000,?,?,000000FF), ref: 001490ED
                                      • Part of subcall function 00149087: CloseHandle.KERNEL32(00000000,?,00000000,?,?,000000FF), ref: 00149165
                                      • Part of subcall function 00149087: FindCloseChangeNotification.KERNELBASE(000000FF,?,00000000,?,?,000000FF), ref: 00149176
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000,00000000), ref: 0014261B
                                    • CertAddEncodedCTLToStore.CRYPT32(00000000,?,?,00000004,00000000), ref: 00142637
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00142643
                                    • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,000000FF), ref: 00142653
                                    • CloseHandle.KERNEL32(000000FF,?,?,?,?,?,000000FF), ref: 00142662
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Close$CertStore$Handle$ChangeEncodedErrorFileFindLastNotificationOpenUnmapView
                                    • String ID:
                                    • API String ID: 3658566462-0
                                    • Opcode ID: 6b2340674e272797a0faf91e32befd89d0a96d8a621f63149c37cbd17643aaea
                                    • Instruction ID: a20799cbaef2ebf4dc88f5af15715c3ff04a2ed3bf16e2e9714593bb0b84da23
                                    • Opcode Fuzzy Hash: 6b2340674e272797a0faf91e32befd89d0a96d8a621f63149c37cbd17643aaea
                                    • Instruction Fuzzy Hash: FD012D3A501118BBCB219B62DD08DDF7E6DEF867A1F514125FA1992070D7308AD1DAA4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00148F8E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 353 148f8e-148fba LoadStringW vwprintf
                                    C-Code - Quality: 100%
                                    			E00148F8E(struct HINSTANCE__* _a4, int _a8, void _a12) {
				int _t6;

				LoadStringW(_a4, _a8, 0x14acd8,  *0x14a390);
				_t6 = vwprintf(0x14acd8,  &_a12); // executed
				return _t6;
			}




                                    0x00148fa6
                                    0x00148fb1
                                    0x00148fba

                                    APIs
                                    • LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                    • vwprintf.MSVCRT ref: 00148FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadStringvwprintf
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 1051060134-2974366063
                                    • Opcode ID: e18f61abfa8dba87ec8cd52a5c69b11d0b1a59f0220a3aae3848d70fd23fdf7a
                                    • Instruction ID: 2c65b5a6a4da8f193c12e7f5220c59742842bfeaab0daf910f18791bb9724697
                                    • Opcode Fuzzy Hash: e18f61abfa8dba87ec8cd52a5c69b11d0b1a59f0220a3aae3848d70fd23fdf7a
                                    • Instruction Fuzzy Hash: A7D05E360482187B9B111F51EC09CDB3F5DFF432707054021F91C426309B32995197D5
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00144DA0, Relevance: 4.6, APIs: 3, Instructions: 113encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 354 144da0-144db9 355 144dd4-144dda 354->355 356 144dbb-144dcf call 148f8e 354->356 358 144de0-144de6 355->358 359 144e7b-144e81 355->359 364 144ef4-144ef8 356->364 361 144dec-144df3 358->361 362 144e9a-144ead 358->362 359->362 363 144e83-144e98 359->363 365 144df5-144dfc 361->365 366 144dfe-144e21 call 144b58 361->366 367 144eb3-144ebd CertOpenStore 362->367 363->367 365->366 368 144e37-144e48 365->368 366->368 380 144e23-144e2e call 141dc3 366->380 370 144ed3-144ed7 call 141dc3 367->370 371 144ebf-144ed1 call 148f8e 367->371 373 144e4c-144e5d CertSaveStore 368->373 374 144e4a 368->374 378 144edc 370->378 381 144ef1 371->381 379 144e63-144e65 373->379 374->373 378->379 382 144e67 379->382 383 144ede 379->383 380->368 388 144e30-144e35 380->388 381->364 387 144e6c-144e79 call 148f8e 382->387 386 144ee5-144ee7 383->386 386->381 389 144ee9-144eeb CertCloseStore 386->389 387->386 388->387 389->381
                                    APIs
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00144EEB
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertCloseLoadStoreStringvwprintf
                                    • String ID:
                                    • API String ID: 3929983701-0
                                    • Opcode ID: e2718655c4c4b09ef53a715129d8766d242da961ee0a8b17663e80a7ed928c3d
                                    • Instruction ID: 126311450a5c8d360befcf2a7dc3c94e287e9eb78ff84fbdda0dfe53beeed740
                                    • Opcode Fuzzy Hash: e2718655c4c4b09ef53a715129d8766d242da961ee0a8b17663e80a7ed928c3d
                                    • Instruction Fuzzy Hash: 2C310379584201FBEB364B51ED05E5B3AF9FB92B52F620129F204628B0E73A08C1DB52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00148436, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 392 148436-148468 __wgetmainargs
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: __wgetmainargs
                                    • String ID:
                                    • API String ID: 1709950718-0
                                    • Opcode ID: 4fc7fcf0071a4ddc69dc41c3459d48b26aa285c38e69938463f5fa9b13a7f532
                                    • Instruction ID: 3d902ac617023295166c54e9447bd7f1e0d3de3f375e097d3fd13f7e27eb9931
                                    • Opcode Fuzzy Hash: 4fc7fcf0071a4ddc69dc41c3459d48b26aa285c38e69938463f5fa9b13a7f532
                                    • Instruction Fuzzy Hash: 3AD0C9B86E2341BFCB029B54EC028113B64AF42B0C3C39019B50852B71D37010D0CF13
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Non-executed Functions

                                    Function 001457BD, Relevance: 59.9, APIs: 2, Strings: 32, Instructions: 441COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 429 1457bd-1457cc 430 1457d2-1457e0 429->430 431 145ccc-145ccd 429->431 432 1457e3-1457ea 430->432 433 1457f3-145861 printf call 148f8e printf call 143272 call 148f8e call 148fc0 432->433 434 1457ec 432->434 443 145873-145882 call 1432a1 433->443 444 145863-14586e call 1428a5 433->444 434->433 448 145cb7-145cc3 443->448 449 145888-145894 443->449 444->443 448->432 452 145cc9-145ccb 448->452 450 145896-1458a4 call 144881 449->450 451 1458a9-1458ba 449->451 450->448 454 1458bc-1458ca call 1454fa 451->454 455 1458cf-1458dd 451->455 452->431 454->448 458 1458f2-145900 455->458 459 1458df-1458ed call 14530c 455->459 462 145902-145915 call 143228 458->462 463 14591a-145928 458->463 459->448 462->448 464 14593d-14594b 463->464 465 14592a-145938 call 1446f7 463->465 470 14595d-14596b 464->470 471 14594d-14595b 464->471 465->448 474 14597d-14598b 470->474 475 14596d-14597b 470->475 473 1459db-1459e0 call 1455e2 471->473 473->448 477 14599d-1459ab 474->477 478 14598d-14599b 474->478 475->473 480 1459bd-1459cb 477->480 481 1459ad-1459bb 477->481 478->473 482 1459e5-1459f3 480->482 483 1459cd-1459d6 480->483 481->473 484 1459f5-145a03 call 142f08 482->484 485 145a08-145a16 482->485 483->473 484->448 487 145a18-145a26 call 1445c9 485->487 488 145a2b-145a39 485->488 487->448 491 145a4e-145a5c 488->491 492 145a3b-145a49 call 144571 488->492 495 145a71-145a7f 491->495 496 145a5e-145a6c call 142d86 491->496 492->448 498 145a81-145a94 call 142c72 495->498 499 145a99-145aa7 495->499 496->448 498->448 503 145abc-145aca 499->503 504 145aa9-145ab7 call 14516d 499->504 507 145acc-145ada call 142b61 503->507 508 145adf-145aed 503->508 504->448 507->448 511 145b02-145b10 508->511 512 145aef-145afd call 142bfa 508->512 514 145b25-145b33 511->514 515 145b12-145b20 call 142a90 511->515 512->448 519 145b35-145b43 call 142a6e 514->519 520 145b48-145b56 514->520 515->448 519->448 523 145b58-145b66 call 1444a1 520->523 524 145b6b-145b79 520->524 523->448 527 145b8e-145b9c 524->527 528 145b7b-145b89 call 142ff4 524->528 530 145bb6-145bc4 527->530 531 145b9e-145bb1 call 143155 527->531 528->448 535 145bc6-145bd4 530->535 536 145bd9-145be7 530->536 531->448 538 145c9a-145c9f call 1430d1 535->538 539 145bfc-145c0a 536->539 540 145be9-145bf7 536->540 538->448 542 145c1c-145c2a 539->542 543 145c0c-145c1a 539->543 540->538 545 145c3c-145c4a 542->545 546 145c2c-145c3a 542->546 543->538 547 145c5c-145c6a 545->547 548 145c4c-145c5a 545->548 546->538 549 145c7c-145c8a 547->549 550 145c6c-145c7a 547->550 548->538 551 145ca1-145ca5 549->551 552 145c8c-145c95 549->552 550->538 551->448 553 145ca7-145cb2 call 1428a5 551->553 552->538 553->448
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf
                                    • String ID: $1.2.840.113549.1.9.15$1.3.6.1.4.1.311.10.2$1.3.6.1.4.1.311.2.1.10$1.3.6.1.4.1.311.2.1.26$1.3.6.1.4.1.311.2.1.27$2.16.840.1.113730.1.1$2.16.840.1.113730.1.12$2.16.840.1.113730.1.13$2.16.840.1.113730.1.2$2.16.840.1.113730.1.3$2.16.840.1.113730.1.4$2.16.840.1.113730.1.7$2.16.840.1.113730.1.8$2.5.29.1$2.5.29.10$2.5.29.14$2.5.29.15$2.5.29.17$2.5.29.18$2.5.29.19$2.5.29.2$2.5.29.21$2.5.29.31$2.5.29.32$2.5.29.35$2.5.29.37$2.5.29.4$2.5.29.7$2.5.29.8$2.5.4.3$<NULL>
                                    • API String ID: 3524737521-359703846
                                    • Opcode ID: 24e452521329b153958200bd3747ea4e7b5c4f5f8bb2d7b99cff084d42bbe28d
                                    • Instruction ID: 5aec91113c458a7e880b2904dee5991dee69d4bb1317878413a500da39584d63
                                    • Opcode Fuzzy Hash: 24e452521329b153958200bd3747ea4e7b5c4f5f8bb2d7b99cff084d42bbe28d
                                    • Instruction Fuzzy Hash: 0EE1BF37A44208BBEF159E91DD81DA53B67FB54320F2DC161FA082E1B7D7728CA1AB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00145CD6, Relevance: 35.5, APIs: 15, Strings: 5, Instructions: 493encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 37%
                                    			E00145CD6(void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				char _v28;
				char* _v32;
				void* _v36;
				long* _v40;
				char _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t123;
				void* _t159;
				char* _t171;
				int _t174;
				void* _t179;
				intOrPtr _t188;
				intOrPtr* _t256;
				char* _t257;
				intOrPtr* _t258;
				void* _t261;
				void* _t263;
				void* _t304;
				void* _t305;
				intOrPtr* _t306;
				signed int _t308;
				char* _t309;
				signed int _t311;
				void* _t312;
				void* _t314;
				void* _t315;
				void* _t316;
				void* _t317;

				_t304 = __edx;
				_t123 =  *0x14a078; // 0xa17bec03
				_v8 = _t123 ^ _t311;
				_v40 = _v40 & 0x00000000;
				_t310 = _a4;
				_t256 = 0x14;
				_push(0x1b5c);
				_push( *0x14a7f8);
				_v36 = _t256;
				E00148F8E();
				_pop(_t261);
				E00144254(_t261, _t305,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x34)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x30)), _a8);
				_push(0x1b5d);
				_push( *0x14a7f8);
				E00148F8E();
				_pop(_t263);
				E00144254(_t263, _t305,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x1c)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x18)), _a8);
				E00148F8E();
				E001483AA( *((intOrPtr*)(_t310 + 0xc)) + 4);
				printf("\n");
				_t306 = __imp__CertGetCertificateContextProperty;
				 *_t306(_t310, 3,  &_v28,  &_v36,  *0x14a7f8, 0x1b5e);
				E0014297C("SHA1",  &_v28, _v36);
				_v36 = _t256;
				 *_t306(_t310, 4,  &_v28,  &_v36);
				E0014297C("MD5",  &_v28, _v36);
				CryptAcquireContextA( &_v40, 0, 0, 1, 0);
				if(_v40 != 0) {
					_v36 = _t256;
					__imp__CryptHashPublicKeyInfo(0x8003, 0,  *0x14a064,  *((intOrPtr*)(_t310 + 0xc)) + 0x38,  &_v28,  &_v36);
					E00148F8E( *0x14a7f8, 0x1b5f, _v40);
					E0014297C("MD5",  &_v28, _v36);
					CryptReleaseContext(_v40, 0);
				}
				_v32 = _v32 & 0x00000000;
				 *_t306(_t310, 2, 0,  &_v32);
				if(_v32 == 0) {
					L17:
					E00148F8E( *0x14a7f8, 0x1b66, E00143E22(_t304, _t306,  *((intOrPtr*)(_t310 + 0xc)) + 0x20));
					_t159 = E00148F8E( *0x14a7f8, 0x1b67, E00143E22(_t304, _t306,  *((intOrPtr*)(_t310 + 0xc)) + 0x28));
					_t314 = _t312 + 0x18;
					_t308 = _a8 & 0x00010000;
					if(_t308 != 0) {
						E00143FFA(_t159, _t310, _a8);
					}
					if(_t308 == 0) {
						L54:
						return E001486C7(1, _t256, _v8 ^ _t311, _t304, _t308, _t310);
					} else {
						E00148F8E( *0x14a7f8, 0x1b68,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)))));
						_t309 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0xc));
						_t315 = _t314 + 0xc;
						if(_t309 == 0) {
							_t309 = "<NULL>";
						}
						_push(0x1b69);
						_push( *0x14a7f8);
						_push(E00143272(E00148F8E(), _t309, 4));
						_push(_t309);
						_t257 = "%s (%S)\n";
						printf(_t257);
						_t316 = _t315 + 0xc;
						_t308 = L"    ";
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x10)) != 0) {
							_push(0x1b6a);
							_push( *0x14a7f8);
							E00148F8E();
							E001428A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x14)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x10)));
						}
						_t171 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x38));
						_v32 = _t171;
						if(_t171 == 0) {
							_v32 = "<NULL>";
						}
						_push(0x1b6b);
						_push( *0x14a7f8);
						_push(E00143272(E00148F8E(), _v32, 3));
						_push(_v32);
						_t174 = printf(_t257);
						_t317 = _t316 + 0xc;
						_v32 = E001481A9(_t174, _v32, 3);
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x3c)) != 0) {
							_push(0x1b6c);
							_push( *0x14a7f8);
							E00148F8E();
							E001428A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x40)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x3c)));
							if(_v32 == 0x2200) {
								_t259 = E001482C8( &_v44, 0x27,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x40)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x3c)),  &_v44);
								if(_t219 != 0) {
									E00148F8E( *0x14a7f8, 0x1b6d,  *_t259);
									E00148F8E( *0x14a7f8, 0x1b6e,  *_t259 << 3);
									_t317 = _t317 + 0x18;
									E001428A5(_t308, _t259[1],  *_t259);
									_push(0x1b6f);
									E00148F8E();
									E001428A5(_t308, _t259[3], _t259[2]);
									E00148F8E( *0x14a7f8, 0x1b70,  *0x14a7f8);
									E00148F35(E001428A5(_t308, _t259[5], _t259[4]), _t259);
								}
							}
						}
						E00148F8E();
						_t179 =  *((intOrPtr*)(_t310 + 0xc)) + 0x38;
						__imp__CertGetPublicKeyLength( *0x14a064, _t179,  *0x14a7f8, 0x1b71);
						if(_t179 != 0) {
							E00148F8E( *0x14a7f8, 0x1b72, _t179);
							_t317 = _t317 + 0xc;
						}
						_t181 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x4c));
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x4c)) != 0) {
							E00148F8E( *0x14a7f8, 0x1b73, _t181);
							_t317 = _t317 + 0xc;
						}
						printf("\n");
						_t183 =  *((intOrPtr*)(_t310 + 0xc));
						if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x44)) == 0) {
							_push(0x1b76);
							_push( *0x14a7f8);
							E00148F8E();
							goto L44;
						} else {
							E001428A5(_t308,  *((intOrPtr*)(_t183 + 0x48)),  *((intOrPtr*)(_t183 + 0x44)));
							if(_v32 == 0x2400 || _v32 == 0xa400) {
								_push(0x1b74);
								_push( *0x14a7f8);
								E00148F8E();
								_t258 = E001482C8( &_v32, 0x13,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x44)),  &_v32);
								if(_t258 == 0) {
									goto L44;
								}
								_push(_v32);
								_push(_t258);
								goto L40;
							} else {
								if(_v32 != 0x2200) {
									L44:
									_push(_a8);
									E001440DE( *((intOrPtr*)(_t310 + 4)),  *((intOrPtr*)(_t310 + 8)));
									_t256 = 0;
									if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x50)) != 0) {
										_push(0x1b77);
										_push( *0x14a7f8);
										E00148F8E();
										_t199 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x58));
										if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x58)) != 0) {
											E00148F8E( *0x14a7f8, 0x1b73, _t199);
											_t317 = _t317 + 0xc;
										}
										printf("\n");
										E001428A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x54)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x50)));
									}
									if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x5c)) != _t256) {
										_push(0x1b78);
										_push( *0x14a7f8);
										E00148F8E();
										_t192 =  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x64));
										if( *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x64)) != _t256) {
											E00148F8E( *0x14a7f8, 0x1b73, _t192);
										}
										printf("\n");
										E001428A5(_t308,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x60)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x5c)));
									}
									_t188 =  *((intOrPtr*)(_t310 + 0xc));
									if( *((intOrPtr*)(_t188 + 0x68)) != _t256) {
										_t310 = _t188;
										E001457BD( *((intOrPtr*)(_t188 + 0x68)),  *((intOrPtr*)(_t188 + 0x6c)), _a8);
									}
									goto L54;
								}
								_push(0x1b75);
								_push( *0x14a7f8);
								E00148F8E();
								_t258 = E001482C8( &_v44, 0x26,  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x48)),  *((intOrPtr*)( *((intOrPtr*)(_t310 + 0xc)) + 0x44)),  &_v44);
								if(_t258 == 0) {
									goto L44;
								}
								_push( *_t258);
								_push( *((intOrPtr*)(_t258 + 4)));
								L40:
								_push(_t308);
								E00148F35(E001428A5(), _t258);
								goto L44;
							}
						}
					}
				}
				_t256 = E00149241(_v32, 0, 0);
				if(_t256 == 0) {
					goto L17;
				}
				_push( &_v32);
				_push(_t256);
				_push(2);
				_push(_t310);
				if( *_t306() == 0) {
					L16:
					E00148F35(_t235, _t256);
					goto L17;
				}
				E00148F8E( *0x14a7f8, 0x1b60,  *((intOrPtr*)(_t256 + 8)));
				_t238 =  *((intOrPtr*)(_t256 + 4));
				_t312 = _t312 + 0xc;
				if( *((intOrPtr*)(_t256 + 4)) != 0) {
					E00148F8E( *0x14a7f8, 0x1b61, _t238);
					_t312 = _t312 + 0xc;
				}
				_t239 =  *((intOrPtr*)(_t256 + 0xc));
				if( *((intOrPtr*)(_t256 + 0xc)) != 0) {
					E00148F8E( *0x14a7f8, 0x1b62, _t239);
					_t312 = _t312 + 0xc;
				}
				_t240 =  *_t256;
				if( *_t256 != 0) {
					E00148F8E( *0x14a7f8, 0x1b63, _t240);
					_t312 = _t312 + 0xc;
				}
				_t241 =  *((intOrPtr*)(_t256 + 0x10));
				if( *((intOrPtr*)(_t256 + 0x10)) != 0) {
					E00148F8E( *0x14a7f8, 0x1bc2, _t241);
					_t312 = _t312 + 0xc;
				}
				_t242 =  *((intOrPtr*)(_t256 + 0x18));
				if( *((intOrPtr*)(_t256 + 0x18)) != 0) {
					E00148F8E( *0x14a7f8, 0x1b65, _t242);
					_t312 = _t312 + 0xc;
				}
				_t235 = printf("\n");
				goto L16;
			}


































                                    0x00145cd6
                                    0x00145cde
                                    0x00145ce5
                                    0x00145ce8
                                    0x00145cee
                                    0x00145cf4
                                    0x00145cf5
                                    0x00145cfa
                                    0x00145d00
                                    0x00145d03
                                    0x00145d0c
                                    0x00145d16
                                    0x00145d1b
                                    0x00145d20
                                    0x00145d26
                                    0x00145d2f
                                    0x00145d39
                                    0x00145d49
                                    0x00145d57
                                    0x00145d61
                                    0x00145d67
                                    0x00145d79
                                    0x00145d87
                                    0x00145d97
                                    0x00145d9a
                                    0x00145da8
                                    0x00145db8
                                    0x00145dc2
                                    0x00145dd9
                                    0x00145de6
                                    0x00145df7
                                    0x00145e0a
                                    0x00145e14
                                    0x00145e14
                                    0x00145e1a
                                    0x00145e27
                                    0x00145e2e
                                    0x00145f08
                                    0x00145f20
                                    0x00145f40
                                    0x00145f48
                                    0x00145f4b
                                    0x00145f51
                                    0x00145f57
                                    0x00145f57
                                    0x00145f5e
                                    0x001462ee
                                    0x001462ff
                                    0x00145f64
                                    0x00145f74
                                    0x00145f7c
                                    0x00145f7f
                                    0x00145f84
                                    0x00145f86
                                    0x00145f86
                                    0x00145f8b
                                    0x00145f90
                                    0x00145fa5
                                    0x00145fa6
                                    0x00145fa7
                                    0x00145fad
                                    0x00145fb6
                                    0x00145fbd
                                    0x00145fc2
                                    0x00145fc4
                                    0x00145fc9
                                    0x00145fcf
                                    0x00145fe0
                                    0x00145fe0
                                    0x00145fe8
                                    0x00145feb
                                    0x00145ff0
                                    0x00145ff2
                                    0x00145ff2
                                    0x00145ff9
                                    0x00145ffe
                                    0x00146015
                                    0x00146016
                                    0x0014601a
                                    0x00146020
                                    0x0014602d
                                    0x00146037
                                    0x0014603d
                                    0x00146042
                                    0x00146048
                                    0x00146059
                                    0x00146065
                                    0x0014607f
                                    0x00146083
                                    0x00146099
                                    0x001460a9
                                    0x001460ae
                                    0x001460b7
                                    0x001460bc
                                    0x001460c7
                                    0x001460d5
                                    0x001460e5
                                    0x001460f9
                                    0x001460f9
                                    0x00146083
                                    0x00146065
                                    0x00146109
                                    0x00146113
                                    0x0014611d
                                    0x00146125
                                    0x00146133
                                    0x00146138
                                    0x00146138
                                    0x0014613e
                                    0x00146143
                                    0x00146151
                                    0x00146156
                                    0x00146156
                                    0x0014615e
                                    0x00146164
                                    0x0014616c
                                    0x0014620e
                                    0x00146213
                                    0x00146219
                                    0x00000000
                                    0x00146172
                                    0x00146179
                                    0x00146185
                                    0x001461dc
                                    0x001461e1
                                    0x001461e7
                                    0x00146202
                                    0x00146206
                                    0x00000000
                                    0x00000000
                                    0x00146208
                                    0x0014620b
                                    0x00000000
                                    0x00146190
                                    0x00146197
                                    0x00146220
                                    0x00146220
                                    0x00146229
                                    0x00146231
                                    0x00146236
                                    0x00146238
                                    0x0014623d
                                    0x00146243
                                    0x0014624b
                                    0x00146252
                                    0x00146260
                                    0x00146265
                                    0x00146265
                                    0x0014626d
                                    0x0014627e
                                    0x0014627e
                                    0x00146289
                                    0x0014628b
                                    0x00146290
                                    0x00146296
                                    0x0014629e
                                    0x001462a5
                                    0x001462b3
                                    0x001462b8
                                    0x001462c0
                                    0x001462d1
                                    0x001462d1
                                    0x001462d6
                                    0x001462dc
                                    0x001462e1
                                    0x001462e9
                                    0x001462e9
                                    0x00000000
                                    0x001462dc
                                    0x0014619d
                                    0x001461a2
                                    0x001461a8
                                    0x001461c3
                                    0x001461c7
                                    0x00000000
                                    0x00000000
                                    0x001461c9
                                    0x001461cb
                                    0x001461ce
                                    0x001461ce
                                    0x001461d5
                                    0x00000000
                                    0x001461d5
                                    0x00146185
                                    0x0014616c
                                    0x00145f5e
                                    0x00145e3e
                                    0x00145e42
                                    0x00000000
                                    0x00000000
                                    0x00145e4b
                                    0x00145e4c
                                    0x00145e4d
                                    0x00145e4f
                                    0x00145e54
                                    0x00145f02
                                    0x00145f03
                                    0x00000000
                                    0x00145f03
                                    0x00145e68
                                    0x00145e6d
                                    0x00145e70
                                    0x00145e75
                                    0x00145e83
                                    0x00145e88
                                    0x00145e88
                                    0x00145e8b
                                    0x00145e90
                                    0x00145e9e
                                    0x00145ea3
                                    0x00145ea3
                                    0x00145ea6
                                    0x00145eaa
                                    0x00145eb8
                                    0x00145ebd
                                    0x00145ebd
                                    0x00145ec0
                                    0x00145ec5
                                    0x00145ed3
                                    0x00145ed8
                                    0x00145ed8
                                    0x00145edb
                                    0x00145ee0
                                    0x00145eee
                                    0x00145ef3
                                    0x00145ef3
                                    0x00145efb
                                    0x00000000

                                    APIs
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                      • Part of subcall function 00144254: printf.MSVCRT ref: 001442F5
                                      • Part of subcall function 00144254: printf.MSVCRT ref: 00144324
                                      • Part of subcall function 00144254: CertRDNValueToStrA.CRYPT32(?,?,00000000,00000000), ref: 00144338
                                      • Part of subcall function 00144254: CertRDNValueToStrA.CRYPT32(?,?,00000000,?), ref: 0014435E
                                      • Part of subcall function 00144254: printf.MSVCRT ref: 00144378
                                      • Part of subcall function 00144254: CertRDNValueToStrW.CRYPT32(?,?,00000000,00000000), ref: 00144396
                                    • printf.MSVCRT ref: 00145D61
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000003,?,?), ref: 00145D79
                                      • Part of subcall function 0014297C: printf.MSVCRT ref: 001429B0
                                      • Part of subcall function 0014297C: printf.MSVCRT ref: 001429F0
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000004,?,?), ref: 00145D9A
                                      • Part of subcall function 0014297C: printf.MSVCRT ref: 001429E3
                                    • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,00000000), ref: 00145DB8
                                    • CryptHashPublicKeyInfo.CRYPT32(00000000,00008003,00000000,?,?,?), ref: 00145DE6
                                      • Part of subcall function 0014297C: printf.MSVCRT ref: 001429D2
                                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00145E14
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000002,00000000,00000000), ref: 00145E27
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000002,00000000,00000000), ref: 00145E50
                                    • printf.MSVCRT ref: 00145EFB
                                    • printf.MSVCRT ref: 00145FAD
                                    • CertGetPublicKeyLength.CRYPT32(?,00000003), ref: 0014611D
                                    • printf.MSVCRT ref: 0014615E
                                    • printf.MSVCRT ref: 0014626D
                                    • printf.MSVCRT ref: 001462C0
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 001482FF
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0014832B
                                    • printf.MSVCRT ref: 0014601A
                                      • Part of subcall function 001428A5: wprintf.MSVCRT ref: 001428E2
                                      • Part of subcall function 001428A5: wprintf.MSVCRT ref: 00142907
                                      • Part of subcall function 001428A5: wprintf.MSVCRT ref: 0014291E
                                      • Part of subcall function 001428A5: wprintf.MSVCRT ref: 00142929
                                      • Part of subcall function 001428A5: wprintf.MSVCRT ref: 00142949
                                      • Part of subcall function 001428A5: wprintf.MSVCRT ref: 00142963
                                      • Part of subcall function 00148F35: free.MSVCRT(00000000,?,001492E1,00141A8A,?,00000000,?,?,00141A8A), ref: 00148F43
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$Cert$Contextwprintf$Crypt$CertificateProperty$Value$DecodeObjectPublic$AcquireHashInfoLengthLoadReleaseStringfreevwprintf
                                    • String ID: $%s (%S)$<NULL>$MD5$SHA1
                                    • API String ID: 110794591-2100278587
                                    • Opcode ID: 080531f1aada487de61f89d0a0d3ddee68776eff6bf68c905488b1c1a659e012
                                    • Instruction ID: 0ad411eefbcd31dd8b9b49d4864abb181f136237ac5d7c06d02b7d591139e7ae
                                    • Opcode Fuzzy Hash: 080531f1aada487de61f89d0a0d3ddee68776eff6bf68c905488b1c1a659e012
                                    • Instruction Fuzzy Hash: 78F1C435A40201FFEB21AFA0DC42EAE77BAFF15710F054024F610AA1B2EB76D995DB11
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00141A5B, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190encryptionstringCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 17%
                                    			E00141A5B(void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				char* _v8;
				char* _v12;
				char* _v16;
				char* _v20;
				char _v24;
				char* _v28;
				char* _v32;
				intOrPtr _v36;
				char _v40;
				char* _t71;
				char* _t80;
				char _t82;
				char* _t84;
				intOrPtr* _t86;
				signed int _t88;
				char* _t89;
				char* _t90;
				char* _t94;
				intOrPtr* _t96;
				signed int* _t97;
				signed int _t98;
				intOrPtr* _t99;

				_v32 = 0;
				_v28 = 0;
				_v24 = 0;
				_v16 = 0;
				_v12 = 0;
				_v20 = 0;
				_v8 = 0;
				if(E00149279( *0x14a824,  &_v16) == 0) {
					_t84 = ",";
					if(strtok(_v16, _t84) == 0) {
						L5:
						_push(2);
						_t58 = 0;
						asm("repe cmpsb");
						if(0 != 0) {
							asm("sbb eax, eax");
							asm("sbb eax, 0xffffffff");
						}
						if(_t58 != 0) {
							L27:
							if(_v16 != 0) {
								_t58 = E00148F35(_t58, _v16);
							}
							_t94 = _v20;
							if(_t94 != 0) {
								_t61 =  *((intOrPtr*)(_t94 + 4));
								if( *((intOrPtr*)(_t94 + 4)) != 0) {
									_t61 = E00148F35(_t61, _t61);
								}
								_t58 = E00148F35(_t61, _t94);
							}
							if(_v28 != 0) {
								E00148F35(_t58, _v28);
							}
							if(_v8 != 0) {
								__imp__CertFreeCertificateContext(_v8);
							}
							return _v32;
						} else {
							L20:
							_t86 = __imp__CertEnumCertificatesInStore;
							_t58 =  *_t86(_a4, 0);
							_v8 = _t58;
							if(_t58 == 0) {
								L26:
								_v32 = 1;
								goto L27;
							}
							_t96 = __imp__CertSetCertificateContextProperty;
							while(1) {
								_push(0);
								_push(0);
								_push(9);
								_push(_v8);
								if( *_t96() == 0) {
									goto L27;
								}
								if(_v12 == 0) {
									L25:
									_t58 =  *_t86(_a4, _v8);
									_v8 = _t58;
									if(_t58 != 0) {
										continue;
									}
									goto L26;
								}
								_v40 = _v24;
								_v36 = _v28;
								_push( &_v40);
								_push(0);
								_push(9);
								_push(_v8);
								if( *_t96() == 0) {
									goto L27;
								}
								goto L25;
							}
							goto L27;
						}
					} else {
						goto L3;
					}
					do {
						L3:
						_v12 =  &(_v12[1]);
					} while (strtok(0, _t84) != 0);
					if(_v12 != 0) {
						_t97 = E00149241(8, 0, 0);
						_v20 = _t97;
						if(_t97 == 0) {
							goto L27;
						}
						_t58 = 0;
						asm("stosd");
						asm("stosd");
						_t88 = _v12;
						if(_t88 <= 0x1fffffff) {
							 *_t97 = _t88;
							_t58 = E00149241(_t88 << 2, 0, 0);
							_t97[1] = 0;
							if(0 == 0) {
								goto L27;
							}
							_t80 = _v16;
							_t98 = 0;
							if(_t88 <= 0) {
								L17:
								_t99 = __imp__CryptEncodeObject;
								_push( &_v24);
								_push(0);
								_push(_v20);
								_t89 = "2.5.29.37";
								_push(_t89);
								_push(1);
								if( *_t99() == 0) {
									goto L27;
								}
								_t58 = E00149241(_v24, 0, 0);
								_v28 = _t58;
								if(_t58 == 0) {
									goto L27;
								}
								_push( &_v24);
								_push(_t58);
								_push(_v20);
								_push(_t89);
								_push(1);
								if( *_t99() == 0) {
									goto L27;
								}
								goto L20;
							} else {
								goto L14;
							}
							do {
								L14:
								 *(_v20[1] + _t98 * 4) = _t80;
								_t71 = _t80;
								_t90 =  &(_t71[1]);
								do {
									_t82 =  *_t71;
									_t71 =  &(_t71[1]);
								} while (_t82 != 0);
								_t98 = _t98 + 1;
								_t80 =  &(_t80[_t71 - _t90 + 1]);
							} while (_t98 < _v12);
							goto L17;
						}
						SetLastError(0x80070057);
						goto L27;
					}
					goto L5;
				}
				return 0;
			}

























                                    0x00141a70
                                    0x00141a73
                                    0x00141a76
                                    0x00141a79
                                    0x00141a7c
                                    0x00141a7f
                                    0x00141a82
                                    0x00141a8c
                                    0x00141a9d
                                    0x00141aac
                                    0x00141ac0
                                    0x00141ac3
                                    0x00141ac6
                                    0x00141ac8
                                    0x00141aca
                                    0x00141acc
                                    0x00141ace
                                    0x00141ace
                                    0x00141ad3
                                    0x00141bf4
                                    0x00141bf7
                                    0x00141bfc
                                    0x00141bfc
                                    0x00141c01
                                    0x00141c06
                                    0x00141c08
                                    0x00141c0d
                                    0x00141c10
                                    0x00141c10
                                    0x00141c16
                                    0x00141c16
                                    0x00141c20
                                    0x00141c25
                                    0x00141c25
                                    0x00141c2d
                                    0x00141c32
                                    0x00141c32
                                    0x00000000
                                    0x00141ad9
                                    0x00141b97
                                    0x00141b97
                                    0x00141ba1
                                    0x00141ba3
                                    0x00141ba8
                                    0x00141bed
                                    0x00141bed
                                    0x00000000
                                    0x00141bed
                                    0x00141baa
                                    0x00141bb0
                                    0x00141bb0
                                    0x00141bb1
                                    0x00141bb2
                                    0x00141bb4
                                    0x00141bbb
                                    0x00000000
                                    0x00000000
                                    0x00141bc0
                                    0x00141bde
                                    0x00141be4
                                    0x00141be6
                                    0x00141beb
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00141beb
                                    0x00141bc5
                                    0x00141bcb
                                    0x00141bd1
                                    0x00141bd2
                                    0x00141bd3
                                    0x00141bd5
                                    0x00141bdc
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00141bdc
                                    0x00000000
                                    0x00141bb0
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00141aae
                                    0x00141aae
                                    0x00141aae
                                    0x00141ab7
                                    0x00141abe
                                    0x00141ae7
                                    0x00141ae9
                                    0x00141aee
                                    0x00000000
                                    0x00000000
                                    0x00141af4
                                    0x00141af8
                                    0x00141af9
                                    0x00141afa
                                    0x00141b03
                                    0x00141b1d
                                    0x00141b1f
                                    0x00141b24
                                    0x00141b29
                                    0x00000000
                                    0x00000000
                                    0x00141b2f
                                    0x00141b32
                                    0x00141b36
                                    0x00141b59
                                    0x00141b59
                                    0x00141b62
                                    0x00141b63
                                    0x00141b64
                                    0x00141b67
                                    0x00141b6c
                                    0x00141b6d
                                    0x00141b73
                                    0x00000000
                                    0x00000000
                                    0x00141b7a
                                    0x00141b7f
                                    0x00141b84
                                    0x00000000
                                    0x00000000
                                    0x00141b89
                                    0x00141b8a
                                    0x00141b8b
                                    0x00141b8e
                                    0x00141b8f
                                    0x00141b95
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00141b38
                                    0x00141b38
                                    0x00141b3e
                                    0x00141b41
                                    0x00141b43
                                    0x00141b46
                                    0x00141b46
                                    0x00141b48
                                    0x00141b49
                                    0x00141b4f
                                    0x00141b50
                                    0x00141b54
                                    0x00000000
                                    0x00141b38
                                    0x00141b0a
                                    0x00000000
                                    0x00141b0a
                                    0x00000000
                                    0x00141abe
                                    0x00000000

                                    APIs
                                    • strtok.MSVCRT ref: 00141AA6
                                    • strtok.MSVCRT ref: 00141AB3
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00141BA1
                                    • CertSetCertificateContextProperty.CRYPT32(?,00000009,00000000,00000000), ref: 00141BB7
                                    • CertSetCertificateContextProperty.CRYPT32(?,00000009,00000000,?), ref: 00141BD8
                                    • CertEnumCertificatesInStore.CRYPT32(?,?), ref: 00141BE4
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00141C32
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$CertificateContext$CertificatesEnumPropertyStorestrtok$Free
                                    • String ID: 2.5.29.37
                                    • API String ID: 2615395459-3842544949
                                    • Opcode ID: 228750bf83edaaee0448178afef16a45fa7c696420254b31ae688ae73f647b90
                                    • Instruction ID: 416b587d875399aea18ce022ab026ba8e96ce0926d91d9dd9bd883cf7e1061f4
                                    • Opcode Fuzzy Hash: 228750bf83edaaee0448178afef16a45fa7c696420254b31ae688ae73f647b90
                                    • Instruction Fuzzy Hash: 9A515B72D0011ABFDF20DFA5CD80DAEBBB9EB48350F24446AE515F3160E7319E819BA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0014644E, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 205encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 32%
                                    			E0014644E(void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				void* _v16;
				char _v20;
				char* _v24;
				void* __ebx;
				void* __esi;
				char* _t50;
				char* _t58;
				void* _t82;
				int _t84;
				void* _t96;
				void* _t97;
				void* _t110;
				char* _t111;
				char* _t112;
				char* _t113;
				void* _t116;
				intOrPtr* _t117;
				intOrPtr* _t118;
				void* _t119;
				void* _t120;
				void* _t121;

				_t110 = __edx;
				_t111 = 0;
				_v24 = 0;
				_v16 = 0;
				_v8 = 0;
				if(_a4 != 0) {
					_t50 =  &_v16;
					_v12 = 4;
					__imp__CryptMsgGetParam(_a4, 5, 0, _t50,  &_v12);
					__eflags = _t50;
					if(_t50 != 0) {
						__eflags = _v16;
						if(_v16 != 0) {
							_v8 = 0;
							__eflags = _v16;
							if(_v16 <= 0) {
								L24:
								_v24 = 1;
								L25:
								return _v24;
							}
							_t96 = printf;
							while(1) {
								E00148F8E( *0x14a7f8, 0x1b8b, _v8 + 1);
								_t120 = _t119 + 0xc;
								_t116 = E001481D0(_t97, _a4, 6, _v8,  &_v12);
								__eflags = _t116 - _t111;
								if(_t116 != _t111) {
									_t112 =  *((intOrPtr*)(_t116 + 0x14));
									__eflags = _t112;
									if(_t112 == 0) {
										_t112 = "<NULL>";
									}
									_push(0x1c15);
									_push( *0x14a7f8);
									_push(E00143272(E00148F8E(), _t112, 1));
									_push(_t112);
									printf("%s (%S)\n");
									_t121 = _t120 + 0xc;
									__eflags =  *((intOrPtr*)(_t116 + 0x18));
									if( *((intOrPtr*)(_t116 + 0x18)) != 0) {
										_push(0x1c16);
										_push( *0x14a7f8);
										E00148F8E();
										E001428A5(L"    ",  *((intOrPtr*)(_t116 + 0x1c)),  *((intOrPtr*)(_t116 + 0x18)));
									}
									_t113 =  *((intOrPtr*)(_t116 + 0x20));
									__eflags = _t113;
									if(_t113 == 0) {
										_t113 = "<NULL>";
									}
									_push(0x1c17);
									_push( *0x14a7f8);
									_t82 = E00148F8E();
									_pop(_t97);
									_push(E00143272(_t82, _t113, 4));
									_push(_t113);
									_t84 = printf("%s (%S)\n");
									_t120 = _t121 + 0xc;
									__eflags =  *((intOrPtr*)(_t116 + 0x24));
									if( *((intOrPtr*)(_t116 + 0x24)) != 0) {
										_push(0x1c18);
										_push( *0x14a7f8);
										E00148F8E();
										_pop(_t97);
										_t84 = E001428A5(L"    ",  *((intOrPtr*)(_t116 + 0x28)),  *((intOrPtr*)(_t116 + 0x24)));
									}
									E00148F35(_t84, _t116);
									_t111 = 0;
									__eflags = 0;
								}
								_t58 =  &_v20;
								__imp__CryptMsgGetAndVerifySigner(_a4, _t111, _t111, 4, _t58,  &_v8);
								__eflags = _t58;
								if(__eflags == 0) {
									break;
								}
								E00148F8E( *0x14a7f8, 0x1c19, _v8 + 1);
								_t119 = _t120 + 0xc;
								E00145CD6(_t110, __eflags, _v20, _a8);
								__imp__CertFreeCertificateContext(_v20);
								_t117 = E001481D0(_t97, _a4, 9, _v8,  &_v12);
								__eflags = _t117 - _t111;
								if(_t117 != _t111) {
									_t75 = _v8 + 1;
									__eflags = _v8 + 1;
									E00148F8E( *0x14a7f8, 0x1b8c, _t75);
									_t119 = _t119 + 0xc;
									E00148F35(E0014560E(_t96, _t110, _t117,  *_t117,  *((intOrPtr*)(_t117 + 4)), _a8), _t117);
								}
								_t118 = E001481D0(_t97, _a4, 0xa, _v8,  &_v12);
								__eflags = _t118 - _t111;
								if(_t118 != _t111) {
									_t70 = _v8 + 1;
									__eflags = _v8 + 1;
									E00148F8E( *0x14a7f8, 0x1b8d, _t70);
									_t119 = _t119 + 0xc;
									E00148F35(E0014560E(_t96, _t110, _t118,  *_t118,  *((intOrPtr*)(_t118 + 4)), _a8), _t118);
								}
								_v8 = _v8 + 1;
								__eflags = _v8 - _v16;
								if(_v8 < _v16) {
									continue;
								} else {
									goto L24;
								}
							}
							_push(0x17d3);
							_push( *0x14a7f8);
							E00148F8E();
							goto L25;
						}
						_push(0x1b8a);
						_push( *0x14a7f8);
						E00148F8E();
						return 1;
					}
					_push(0x17d2);
					_push( *0x14a7f8);
					E00148F8E();
				}
				return 0;
			}


























                                    0x0014644e
                                    0x00146457
                                    0x00146459
                                    0x0014645c
                                    0x0014645f
                                    0x00146465
                                    0x00146472
                                    0x0014647c
                                    0x00146483
                                    0x00146489
                                    0x0014648b
                                    0x001464a1
                                    0x001464a4
                                    0x001464c2
                                    0x001464c5
                                    0x001464c8
                                    0x0014669f
                                    0x0014669f
                                    0x001466a6
                                    0x00000000
                                    0x001466aa
                                    0x001464ce
                                    0x001464d4
                                    0x001464e4
                                    0x001464e9
                                    0x001464fd
                                    0x001464ff
                                    0x00146501
                                    0x00146507
                                    0x0014650a
                                    0x0014650c
                                    0x0014650e
                                    0x0014650e
                                    0x00146513
                                    0x00146518
                                    0x0014652d
                                    0x0014652e
                                    0x00146534
                                    0x00146536
                                    0x00146539
                                    0x0014653d
                                    0x0014653f
                                    0x00146544
                                    0x0014654a
                                    0x0014655c
                                    0x0014655c
                                    0x00146561
                                    0x00146564
                                    0x00146566
                                    0x00146568
                                    0x00146568
                                    0x0014656d
                                    0x00146572
                                    0x00146578
                                    0x0014657e
                                    0x00146587
                                    0x00146588
                                    0x0014658e
                                    0x00146590
                                    0x00146593
                                    0x00146597
                                    0x00146599
                                    0x0014659e
                                    0x001465a4
                                    0x001465aa
                                    0x001465b6
                                    0x001465b6
                                    0x001465bc
                                    0x001465c1
                                    0x001465c1
                                    0x001465c1
                                    0x001465c7
                                    0x001465d2
                                    0x001465d8
                                    0x001465da
                                    0x00000000
                                    0x00000000
                                    0x001465f0
                                    0x001465f5
                                    0x001465fe
                                    0x00146606
                                    0x0014661d
                                    0x0014661f
                                    0x00146621
                                    0x00146626
                                    0x00146626
                                    0x00146633
                                    0x00146638
                                    0x00146649
                                    0x00146649
                                    0x0014665f
                                    0x00146661
                                    0x00146663
                                    0x00146668
                                    0x00146668
                                    0x00146675
                                    0x0014667a
                                    0x0014668b
                                    0x0014668b
                                    0x00146690
                                    0x00146696
                                    0x00146699
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00146699
                                    0x001466b0
                                    0x001466b5
                                    0x001466bb
                                    0x00000000
                                    0x001466c1
                                    0x001464a6
                                    0x001464ab
                                    0x001464b1
                                    0x00000000
                                    0x001464ba
                                    0x0014648d
                                    0x00146492
                                    0x00146498
                                    0x0014649e
                                    0x00000000

                                    APIs
                                    • CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 00146483
                                    • printf.MSVCRT ref: 00146534
                                    • printf.MSVCRT ref: 0014658E
                                    • CryptMsgGetAndVerifySigner.CRYPT32(00000004,00000000,00000000,00000004,?,?), ref: 001465D2
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cryptprintf$LoadParamSignerStringVerifyvwprintf
                                    • String ID: $%s (%S)$<NULL>
                                    • API String ID: 4044473539-2923719891
                                    • Opcode ID: 6d99c1c4d61219ac348c00e5ebe8e1c8d7787616b5cbbf7ff662e13128242d9d
                                    • Instruction ID: bfc6b3da791ee612326477e38589cca8877ea9acf8c9ab4bf381c62db87615a8
                                    • Opcode Fuzzy Hash: 6d99c1c4d61219ac348c00e5ebe8e1c8d7787616b5cbbf7ff662e13128242d9d
                                    • Instruction Fuzzy Hash: 6361EF36940204FFEF22AF50DD02DAE7BBAFF51750F110015F914A60B1EB729E919B52
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00143C7E, Relevance: 13.6, APIs: 9, Instructions: 144encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptSIPRetrieveSubjectGuid.CRYPT32(?,00000000,?), ref: 00143CAE
                                    • CryptSIPLoad.CRYPT32(?,00000000,?), ref: 00143CD5
                                    • memset.MSVCRT ref: 00143CEE
                                      • Part of subcall function 00149241: malloc.MSVCRT ref: 0014924A
                                    • CertOpenStore.CRYPT32(00000005,00000000,00000000,?), ref: 00143D7E
                                    • CryptMsgOpenToDecode.CRYPT32(00000000,?,00000000,00000000,00000000), ref: 00143DB0
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00143DC1
                                    • CryptMsgUpdate.CRYPT32(00000000,?,?,00000001), ref: 00143DD5
                                    • CertCloseStore.CRYPT32(00000000,00000000), ref: 00143DE1
                                    • CryptMsgClose.CRYPT32 ref: 00143DF0
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Crypt$CertCloseStore$Open$DecodeGuidLoadRetrieveSubjectUpdatemallocmemset
                                    • String ID:
                                    • API String ID: 2179762507-0
                                    • Opcode ID: c9f9dc123f93652493c90217dda489fe94a51df1535e7ef08f5bc7e3c92495c9
                                    • Instruction ID: bbdac5424db1aedff2966a42560143a62ed2057c5f3500ebc6df32fafeb93ddc
                                    • Opcode Fuzzy Hash: c9f9dc123f93652493c90217dda489fe94a51df1535e7ef08f5bc7e3c92495c9
                                    • Instruction Fuzzy Hash: B0512AB5D01229ABDB219FA1DD45EEFBFBCEF49710F500025F619E2160DB309A85CBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001432A1, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptGetOIDFunctionAddress.CRYPT32(?,00000000,?,?), ref: 001432EF
                                    • wprintf.MSVCRT ref: 0014334F
                                    • CryptFreeOIDFunctionAddress.CRYPT32(?,00000000), ref: 0014336E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: AddressCryptFunction$Freewprintf
                                    • String ID: %s
                                    • API String ID: 1836932162-620797490
                                    • Opcode ID: 0c08b0568863e279bab5bd3bfb5a00f956d097b52c0907548ac785f9375892cb
                                    • Instruction ID: b186ca0e44cb1d83b184d97acf2b4212c2a543439a4d15a456156baccc291a2e
                                    • Opcode Fuzzy Hash: 0c08b0568863e279bab5bd3bfb5a00f956d097b52c0907548ac785f9375892cb
                                    • Instruction Fuzzy Hash: A221F736901228BFDB229F95DC48DEF7FB9FF45754B148169F52492020DB318A90EBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00142FF4, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptDecodeObject.CRYPT32(2.5.29.21,?,?,00000000,?,?), ref: 0014301C
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    • printf.MSVCRT ref: 00143097
                                    • printf.MSVCRT ref: 001430A0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CryptDecodeLoadObjectStringvwprintf
                                    • String ID: 2.5.29.21
                                    • API String ID: 1886321042-359661889
                                    • Opcode ID: 315501276b9851074d0df7a190a1d3f126070785c033249f2f928f9ece31287c
                                    • Instruction ID: 417ed68fd40197608b8a8cd45021f535f43915140dfbc7f6eca3b804f8be3fad
                                    • Opcode Fuzzy Hash: 315501276b9851074d0df7a190a1d3f126070785c033249f2f928f9ece31287c
                                    • Instruction Fuzzy Hash: AF019239288304FAE7249B50EC02FDD3769FB01B64F61816BB7226B4F0E7B197819651
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001417F3, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • GetModuleHandleA.KERNEL32(00000000,00147EB0), ref: 001417F5
                                    • CryptInitOIDFunctionSet.CRYPT32(CryptDllFormatObject,00000000), ref: 0014180E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptFunctionHandleInitModule
                                    • String ID: CryptDllFormatObject
                                    • API String ID: 188214945-3973519293
                                    • Opcode ID: 7ee7c4a9c492608f6d62334882b905e831c9b66a3e40d6e391bdf4b05a4360d6
                                    • Instruction ID: 4a27ee9ba9b923859b1ac616f836980b29827cecd13efe78a3d9c60983f28361
                                    • Opcode Fuzzy Hash: 7ee7c4a9c492608f6d62334882b905e831c9b66a3e40d6e391bdf4b05a4360d6
                                    • Instruction Fuzzy Hash: 20F0823D6C8312BBF7111F617C05F863B99FB16B16F420035F605D69B0E77584C09A55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00142390, Relevance: 6.1, APIs: 4, Instructions: 74encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptStringToBinaryW.CRYPT32(?,?,00000007,00000000,?,00000000,00000000), ref: 001423BC
                                    • GetLastError.KERNEL32 ref: 001423C2
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: BinaryCryptErrorLastString
                                    • String ID:
                                    • API String ID: 1279426848-0
                                    • Opcode ID: 434903ad20395faf28fb9aa2379b8e05c68e45390ef220245c21f061e1eef0b8
                                    • Instruction ID: 917f6999724b86669f64e7ac1d13912889210f32e16066ff10ad8811aaf01d59
                                    • Opcode Fuzzy Hash: 434903ad20395faf28fb9aa2379b8e05c68e45390ef220245c21f061e1eef0b8
                                    • Instruction Fuzzy Hash: 36218C72640129FBCB218F95DC40EAF3FA8EF5A794FA14421F805D6160C374DE809AA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001422DB, Relevance: 6.1, APIs: 4, Instructions: 74encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E001422DB(void* __ecx, char* _a4, int _a8, BYTE** _a12, intOrPtr* _a16) {
				int _v8;
				signed int _t24;
				BYTE* _t29;

				 *_a12 = 0;
				 *_a16 = 0;
				_v8 = 0;
				if(CryptStringToBinaryA(_a4, _a8, 7, 0,  &_v8, 0, 0) != 0) {
					if(_v8 != 0) {
						_t29 = E00149241(_v8, 0, 0);
						if(_t29 != 0) {
							if(CryptStringToBinaryA(_a4, _a8, 7, _t29,  &_v8, 0, 0) != 0) {
								 *_a12 = _t29;
								 *_a16 = _v8;
								_t24 = 0;
							} else {
								E00148F35(_t21, _t29);
								_t24 = GetLastError();
								if(_t24 > 0) {
									_t24 = _t24 & 0x0000ffff | 0x80070000;
								}
							}
						} else {
							_t24 = 0x8007000e;
						}
					} else {
						_t24 = 0;
					}
				} else {
					_t24 = GetLastError();
					if(_t24 > 0) {
						_t24 = _t24 & 0x0000ffff | 0x80070000;
					}
				}
				return _t24;
			}






                                    0x001422ef
                                    0x001422f5
                                    0x00142301
                                    0x0014230b
                                    0x00142326
                                    0x00142337
                                    0x0014233b
                                    0x00142357
                                    0x0014237b
                                    0x00142380
                                    0x00142382
                                    0x00142359
                                    0x0014235a
                                    0x0014235f
                                    0x00142367
                                    0x0014236e
                                    0x0014236e
                                    0x00142367
                                    0x0014233d
                                    0x0014233d
                                    0x0014233d
                                    0x00142328
                                    0x00142328
                                    0x00142328
                                    0x0014230d
                                    0x0014230d
                                    0x00142315
                                    0x0014231c
                                    0x0014231c
                                    0x00142315
                                    0x00142388

                                    APIs
                                    • CryptStringToBinaryA.CRYPT32(?,?,00000007,00000000,?,00000000,00000000), ref: 00142307
                                    • GetLastError.KERNEL32 ref: 0014230D
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: BinaryCryptErrorLastString
                                    • String ID:
                                    • API String ID: 1279426848-0
                                    • Opcode ID: 629405ff8bfdbee5b69c93174d65d4edde00db9df3c76e2e8b2fbeeb24383e4d
                                    • Instruction ID: 70597a008f28d715ef3c5e7705534f5f10d4a38684b053ee94505735be93715d
                                    • Opcode Fuzzy Hash: 629405ff8bfdbee5b69c93174d65d4edde00db9df3c76e2e8b2fbeeb24383e4d
                                    • Instruction Fuzzy Hash: 7521897260011AFBCB218F65CC44DAE7FBCFF4A794B614421F905DA120C3B8DE80DAA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001486C7, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 92%
                                    			E001486C7(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr* _t26;
				void* _t29;

				_t29 = __ecx -  *0x14a078; // 0xa17bec03
				if(_t29 != 0) {
					 *0x14aab8 = __eax;
					 *0x14aab4 = __ecx;
					 *0x14aab0 = __edx;
					 *0x14aaac = __ebx;
					 *0x14aaa8 = __esi;
					 *0x14aaa4 = __edi;
					 *0x14aad0 = ss;
					 *0x14aac4 = cs;
					 *0x14aaa0 = ds;
					 *0x14aa9c = es;
					 *0x14aa98 = fs;
					 *0x14aa94 = gs;
					asm("pushfd");
					_pop( *0x14aac8);
					 *0x14aabc =  *_t26;
					 *0x14aac0 = _v0;
					 *0x14aacc =  &_a4;
					 *0x14aa08 = 0x10001;
					_t11 =  *0x14aac0; // 0x0
					 *0x14a9c4 = _t11;
					 *0x14a9b8 = 0xc0000409;
					 *0x14a9bc = 1;
					_t12 =  *0x14a078; // 0xa17bec03
					_v812 = _t12;
					_t13 =  *0x14a07c; // 0x5e8413fc
					_v808 = _t13;
					SetUnhandledExceptionFilter(0);
					UnhandledExceptionFilter(0x141670);
					return TerminateProcess(GetCurrentProcess(), 0xc0000409);
				} else {
					return __eax;
				}
			}












                                    0x001486c7
                                    0x001486cd
                                    0x00148d42
                                    0x00148d47
                                    0x00148d4d
                                    0x00148d53
                                    0x00148d59
                                    0x00148d5f
                                    0x00148d65
                                    0x00148d6c
                                    0x00148d73
                                    0x00148d7a
                                    0x00148d81
                                    0x00148d88
                                    0x00148d8f
                                    0x00148d90
                                    0x00148d99
                                    0x00148da1
                                    0x00148da9
                                    0x00148db4
                                    0x00148dbe
                                    0x00148dc3
                                    0x00148dc8
                                    0x00148dd2
                                    0x00148ddc
                                    0x00148de1
                                    0x00148de7
                                    0x00148dec
                                    0x00148df4
                                    0x00148dff
                                    0x00148e18
                                    0x001486cf
                                    0x001486cf
                                    0x001486cf

                                    APIs
                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00148DF4
                                    • UnhandledExceptionFilter.KERNEL32(00141670), ref: 00148DFF
                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00148E0A
                                    • TerminateProcess.KERNEL32(00000000), ref: 00148E11
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                    • String ID:
                                    • API String ID: 3231755760-0
                                    • Opcode ID: 15c9c42c37c8020dc7c821dc90dede9edbc487b477ead294762dc459b2cdba66
                                    • Instruction ID: cac73b8464943852470cc0780613f0b136c55d2319631c33ebcc08e7cbbf6c89
                                    • Opcode Fuzzy Hash: 15c9c42c37c8020dc7c821dc90dede9edbc487b477ead294762dc459b2cdba66
                                    • Instruction Fuzzy Hash: C4219ABD985204DFE341CF69FA85A447BA4BF1A308BA2441AE60983F70E77459C5CF17
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00142B61, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptDecodeObject.CRYPT32(1.3.6.1.4.1.311.2.1.27,?,?,00000000,?,?), ref: 00142B8B
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    • printf.MSVCRT ref: 00142BEA
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeLoadObjectStringprintfvwprintf
                                    • String ID: 1.3.6.1.4.1.311.2.1.27
                                    • API String ID: 1959750101-3254324927
                                    • Opcode ID: d1ef9124ec51a309ac16941383bc2168a2a538db55cc83b1c8a1dc84f6df70d3
                                    • Instruction ID: dfb6cf4a3b08a9a757699da355b03cde3ff621cc17511a43bc3347ef0faafc26
                                    • Opcode Fuzzy Hash: d1ef9124ec51a309ac16941383bc2168a2a538db55cc83b1c8a1dc84f6df70d3
                                    • Instruction Fuzzy Hash: CC016D3A684205FAEF245F50EC06F9C7BB9FB01715F614016FA10A58F0EFB656C49A82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00142BFA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CryptDecodeObject.CRYPT32(1.3.6.1.4.1.311.2.1.26,?,?,00000000,?,?), ref: 00142C22
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    • printf.MSVCRT ref: 00142C62
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeLoadObjectStringprintfvwprintf
                                    • String ID: 1.3.6.1.4.1.311.2.1.26
                                    • API String ID: 1959750101-3070115369
                                    • Opcode ID: 7503ed66dad22371d1faf24ad71b4ad1241ebb1c364aee8976382eabaeedf386
                                    • Instruction ID: f95d47187fb8b01756e3623987ebd5c57a2c461d2af6f65afb86834174aa4850
                                    • Opcode Fuzzy Hash: 7503ed66dad22371d1faf24ad71b4ad1241ebb1c364aee8976382eabaeedf386
                                    • Instruction Fuzzy Hash: 71F0B43A140204FBDB155F50ED46F8D3BB9FB00721F608016F615A54F0DBB296C4DA55
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001473E5, Relevance: 43.9, APIs: 29, Instructions: 436encryptionCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 555 1473e5-147428 556 147915-147927 call 148f8e 555->556 557 14742e-147435 555->557 563 147929-14792c 556->563 557->556 559 14743b-147451 CertOpenStore 557->559 561 147453-14745a 559->561 562 14745f-14746a 559->562 564 147900-14790f call 148f8e 561->564 565 1474d6-1474dd 562->565 566 14746c-147473 562->566 581 147910-147913 564->581 567 1475e1-1475e8 565->567 568 1474e3-1474ea 565->568 569 14751e-147525 566->569 570 147479-1474a0 CertFindCertificateInStore 566->570 579 1475ee-1475f5 567->579 580 1476c8-1476d1 567->580 573 147630-147642 call 142100 568->573 574 1474f0-14750c call 141cd9 568->574 575 147527-14753a call 141fb6 569->575 576 147548-14755b call 141fb6 569->576 577 1474a2-1474a9 570->577 578 1474ae-1474bc CertAddCertificateContextToStore 570->578 607 147644-14764b 573->607 608 147650-147655 573->608 609 147512-147519 574->609 610 1475bb-1475c9 CertAddCRLContextToStore 574->610 613 14753c-147543 575->613 614 147569-14756e 575->614 576->614 616 14755d-147564 576->616 588 147818-14781b 577->588 589 1474be-1474c5 578->589 590 1474ca-1474d3 CertFreeCertificateContext 578->590 591 147710-147722 call 1421ed 579->591 592 1475fb-147622 CertFindCTLInStore 579->592 583 1476d7-1476f3 CertSaveStore 580->583 584 147782-147789 580->584 581->563 594 147815 583->594 595 1476f9-14770b call 148f8e 583->595 597 1477bb-1477bd 584->597 598 14778b-14779a CertEnumCertificatesInStore 584->598 599 147842-147845 588->599 600 14781d-147826 CertFreeCertificateContext 588->600 589->588 590->565 632 147724-14772b 591->632 633 147730-147735 591->633 604 147624-14762b 592->604 605 1476a2-1476b0 CertAddCRLContextToStore 592->605 594->588 624 14786c-147877 595->624 615 1477bf-1477c6 597->615 611 1477b3-1477b9 598->611 612 14779c-1477ae call 148f8e 598->612 622 147847-14784a CertFreeCertificateContext 599->622 623 147850-147853 599->623 620 147829-14782b 600->620 606 147837-147839 604->606 617 1476b2-1476b9 605->617 618 1476be-1476c5 CertFreeCRLContext 605->618 606->599 634 14783b-14783c CertFreeCRLContext 606->634 607->624 608->607 625 147657-14765a 608->625 609->620 635 1475d7-1475de CertFreeCRLContext 610->635 636 1475cb-1475d2 610->636 611->615 612->599 613->624 614->613 629 147570-147573 614->629 627 1477e4-1477eb 615->627 628 1477c8-1477dc CertGetCRLFromStore 615->628 616->624 617->606 618->580 620->599 631 14782d-147834 CertFreeCRLContext 620->631 622->623 637 147855-147858 CertFreeCRLContext 623->637 638 14785e-147861 623->638 640 14789c-1478a1 624->640 641 147879-14787f 624->641 642 147680 625->642 643 14765c-147661 625->643 646 147804-147806 627->646 647 1477ed-1477fc CertEnumCTLsInStore 627->647 628->612 645 1477de-1477e1 628->645 648 147575-14757a 629->648 649 147599 629->649 631->606 632->624 633->632 650 147737-14773a 633->650 634->599 635->567 636->620 637->638 638->624 639 147863-147866 CertFreeCRLContext 638->639 639->624 653 1478c6-1478cb 640->653 654 1478a3-1478a9 640->654 651 147881-147896 CertFreeCertificateContext 641->651 652 147898-14789b free 641->652 642->567 656 147686-147696 call 146b9f 642->656 655 147663-14766e CertAddCRLContextToStore 643->655 645->627 658 14780c call 149192 646->658 647->612 657 1477fe-147801 647->657 659 14757c-147587 CertAddCertificateContextToStore 648->659 649->565 660 14759f-1475af call 1466c9 649->660 661 147760 650->661 662 14773c-147741 650->662 651->651 651->652 652->640 667 1478f0-1478fe CertCloseStore 653->667 668 1478cd-1478d3 653->668 664 1478c2-1478c5 free 654->664 665 1478ab-1478c0 CertFreeCRLContext 654->665 655->567 666 147674-14767b 655->666 656->666 681 147698-1476a0 656->681 657->646 670 147811-147813 658->670 659->565 671 14758d-147594 659->671 660->671 682 1475b1-1475b9 660->682 661->580 663 147766-147776 call 146c6b 661->663 673 147743-14774e CertAddCRLContextToStore 662->673 679 147754-14775b 663->679 683 147778-147780 663->683 664->653 665->664 665->665 666->624 667->564 667->581 675 1478d5-1478ea CertFreeCRLContext 668->675 676 1478ec-1478ef free 668->676 670->594 670->612 671->624 673->580 673->679 675->675 675->676 676->667 679->624 681->655 682->659 683->673
                                    APIs
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 00147446
                                    • CertFindCertificateInStore.CRYPT32(?,00000000,00010000,?,00000000), ref: 00147495
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00147820
                                    • CertFreeCRLContext.CRYPT32(?), ref: 0014782E
                                    • CertFreeCRLContext.CRYPT32(?), ref: 0014783C
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 0014784A
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00147858
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00147866
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00147887
                                    • free.MSVCRT(?,00000000), ref: 00147899
                                    • CertFreeCRLContext.CRYPT32(?), ref: 001478B1
                                    • free.MSVCRT(?,00000000), ref: 001478C3
                                    • CertFreeCRLContext.CRYPT32(?), ref: 001478DB
                                    • free.MSVCRT(?,00000000), ref: 001478ED
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextFree$Certificate$free$Store$FindLoadOpenStringvwprintf
                                    • String ID:
                                    • API String ID: 22078982-0
                                    • Opcode ID: 1c7dcd1aed8f0cdcad62b4ed40a97ab09a7a55b98075cafcf2d55415f3a4e235
                                    • Instruction ID: e1f359d2c768401bf20776714bbe34db0ce84e3b7ec5dde6078ef5cefd1bfbae
                                    • Opcode Fuzzy Hash: 1c7dcd1aed8f0cdcad62b4ed40a97ab09a7a55b98075cafcf2d55415f3a4e235
                                    • Instruction Fuzzy Hash: 41F15774D08209EFDB219F95ED889AEBBBAFF45341F25451AF401A72B0D7319E80DB60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00147934, Relevance: 37.9, APIs: 25, Instructions: 411encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertOpenStore.CRYPT32(00000002,00000000,00000000,00000000), ref: 001479AA
                                    • CertFindCertificateInStore.CRYPT32(?,00000000,00010000,?,00000000), ref: 00147A3F
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 00147D8A
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00147D98
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00147DA6
                                      • Part of subcall function 00141EB2: CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00141EFC
                                      • Part of subcall function 00141EB2: CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 00141F30
                                      • Part of subcall function 00141EB2: CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 00141F6D
                                      • Part of subcall function 00141EB2: CertFreeCertificateContext.CRYPT32(?), ref: 00141F85
                                      • Part of subcall function 00141EB2: CertFreeCRLContext.CRYPT32(?), ref: 00141F93
                                      • Part of subcall function 00141EB2: CertFreeCRLContext.CRYPT32(00000004), ref: 00141FA4
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00147DC7
                                    • free.MSVCRT(?), ref: 00147DD9
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00147DF1
                                    • free.MSVCRT(?), ref: 00147E03
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00147E1B
                                    • free.MSVCRT(?), ref: 00147E2D
                                    • CertCloseStore.CRYPT32(?,00000000), ref: 00147E3F
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextFree$Store$Certificate$free$Enum$CertificatesCloseFindFromOpen
                                    • String ID:
                                    • API String ID: 3594960610-0
                                    • Opcode ID: 901abc815070146d514d760ec064aa9e69b50c9b2c010d8d544801fed9c9eee3
                                    • Instruction ID: ac38e6317d451cd194f5dc00d0d703c5ee246e3cb3da4e7c94b2f13e28779e19
                                    • Opcode Fuzzy Hash: 901abc815070146d514d760ec064aa9e69b50c9b2c010d8d544801fed9c9eee3
                                    • Instruction Fuzzy Hash: 8FF16474D08209EBCB22DFD4DD849AEBBB9FF45311F25416AE901A31B0E3355E80DB50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00144254, Relevance: 31.7, APIs: 10, Strings: 8, Instructions: 201encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 43%
                                    			E00144254(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr* _v24;
				intOrPtr* _t58;
				intOrPtr* _t68;
				intOrPtr _t79;
				intOrPtr _t81;
				intOrPtr _t83;
				void* _t86;
				intOrPtr _t88;
				int _t92;
				intOrPtr _t94;
				char* _t95;
				unsigned int _t97;
				intOrPtr* _t98;
				intOrPtr* _t99;
				intOrPtr* _t101;
				intOrPtr _t103;
				void* _t112;
				intOrPtr* _t113;
				void* _t114;

				_t94 = 0;
				_t58 = E001482C8(__ecx, 7, _a4, _a8, 0);
				_v24 = _t58;
				if(_t58 != 0) {
					_t101 =  *((intOrPtr*)(_t58 + 4));
					_a4 = 0;
					_v12 = _t101;
					if( *_t58 <= 0) {
						L30:
						_t112 = 1;
						E00148F35(_t58, _t58);
						goto L31;
					} else {
						do {
							_t113 =  *((intOrPtr*)(_t101 + 4));
							_a8 = _t94;
							if( *_t101 <= _t94) {
								goto L28;
							}
							_v16 = _a12 & 0x00010000;
							do {
								_t95 =  *_t113;
								if(_t95 == 0) {
									_t95 = "<NULL>";
								}
								if(_v16 != 0) {
									L25:
									_push(E00143272(0, _t95, 0));
									_push(_t95);
									_push(_a8);
									_push(_a4);
									printf("  [%d,%d] %s (%S) ");
									E00148F8E( *0x14a7f8, 0x1baa,  *((intOrPtr*)(_t113 + 4)));
									_t114 = _t114 + 0x20;
									E001428A5(L"    ",  *((intOrPtr*)(_t113 + 0xc)),  *(_t113 + 8));
								} else {
									_t103 =  *((intOrPtr*)(_t113 + 4));
									if(_t103 == 1 || _t103 == 2) {
										goto L25;
									} else {
										if(_t103 != 0xb) {
											_push( *((intOrPtr*)(_t113 + 0xc)));
											_push(0);
											_push(_t95);
											if(_t103 != 0xc) {
												E00143272(0);
												_push(_a8);
												_push(_a4);
												_push("  [%d,%d] %s (%S) %s\n");
											} else {
												E00143272(0);
												_push(_a8);
												_push(_a4);
												_push("  [%d,%d] %s (%S) %S\n");
											}
											printf();
											_t114 = _t114 + 0x18;
											goto L26;
										}
										_push(E00143272(0, _t95, 0));
										_push(_t95);
										_push(_a8);
										_push(_a4);
										printf("  [%d,%d] %s (%S)");
										_t114 = _t114 + 0x14;
										_t97 =  *(_t113 + 8) >> 2;
										_v8 =  *((intOrPtr*)(_t113 + 0xc));
										while(_t97 > 0) {
											_push( *_v8);
											printf(" 0x%08X");
											_t97 = _t97 - 1;
											_v8 = _v8 + 4;
										}
										printf("\n");
										_t98 = __imp__CertRDNValueToStrA;
										_t79 =  *_t98( *((intOrPtr*)(_t113 + 4)), _t113 + 8, 0, 0);
										_v20 = _t79;
										if(_t79 > 1) {
											_t88 = E00149241(_t79, 0, 0);
											_v8 = _t88;
											if(_t88 != 0) {
												 *_t98(_t113 + 8, _t88, _v20);
												E00148F8E( *0x14a7f8, 0x1bab,  *((intOrPtr*)(_t113 + 4)));
												_push(_v8);
												_t92 = printf("%s\n");
												_t114 = _t114 + 0x10;
												E00148F35(_t92, _v8);
											}
										}
										_t99 = __imp__CertRDNValueToStrW;
										_t81 =  *_t99( *((intOrPtr*)(_t113 + 4)), _t113 + 8, 0, 0);
										_v20 = _t81;
										if(_t81 > 1) {
											_t83 = E00149241(_t81 + _t81, 0, 0);
											_v8 = _t83;
											if(_t83 != 0) {
												 *_t99( *((intOrPtr*)(_t113 + 4)), _t113 + 8, _t83, _v20);
												_t86 = E00148F8E( *0x14a7f8, 0x1bac, _v8);
												_t114 = _t114 + 0xc;
												E00148F35(_t86, _v8);
											}
										}
										goto L26;
									}
								}
								L26:
								_a8 = _a8 + 1;
								_t68 = _v12;
								_t113 = _t113 + 0x10;
							} while (_a8 <  *_t68);
							_t101 = _t68;
							_t58 = _v24;
							_t94 = 0;
							L28:
							_a4 = _a4 + 1;
							_t101 = _t101 + 8;
							_v12 = _t101;
						} while (_a4 <  *_t58);
						goto L30;
					}
				} else {
					_t112 = 0;
					L31:
					return _t112;
				}
			}


























                                    0x0014425e
                                    0x00144269
                                    0x0014426e
                                    0x00144273
                                    0x0014427c
                                    0x0014427f
                                    0x00144282
                                    0x00144287
                                    0x0014448b
                                    0x0014448e
                                    0x0014448f
                                    0x00000000
                                    0x0014428d
                                    0x00144294
                                    0x00144294
                                    0x00144297
                                    0x0014429c
                                    0x00000000
                                    0x00000000
                                    0x001442aa
                                    0x001442ad
                                    0x001442ad
                                    0x001442b3
                                    0x001442b5
                                    0x001442b5
                                    0x001442bd
                                    0x0014441f
                                    0x00144426
                                    0x00144427
                                    0x00144428
                                    0x0014442b
                                    0x00144433
                                    0x00144443
                                    0x00144448
                                    0x00144456
                                    0x001442c3
                                    0x001442c3
                                    0x001442c9
                                    0x00000000
                                    0x001442d8
                                    0x001442db
                                    0x001443e8
                                    0x001443eb
                                    0x001443ec
                                    0x001443f0
                                    0x00144406
                                    0x0014440d
                                    0x00144410
                                    0x00144413
                                    0x001443f2
                                    0x001443f2
                                    0x001443f9
                                    0x001443fc
                                    0x001443ff
                                    0x001443ff
                                    0x00144418
                                    0x0014441a
                                    0x00000000
                                    0x0014441a
                                    0x001442e8
                                    0x001442e9
                                    0x001442ea
                                    0x001442ed
                                    0x001442f5
                                    0x001442fd
                                    0x00144300
                                    0x00144303
                                    0x0014431b
                                    0x0014430b
                                    0x00144312
                                    0x00144315
                                    0x00144316
                                    0x0014431a
                                    0x00144324
                                    0x00144326
                                    0x00144338
                                    0x0014433a
                                    0x00144340
                                    0x00144347
                                    0x0014434c
                                    0x00144351
                                    0x0014435e
                                    0x0014436b
                                    0x00144370
                                    0x00144378
                                    0x0014437a
                                    0x00144380
                                    0x00144380
                                    0x00144351
                                    0x00144385
                                    0x00144396
                                    0x00144398
                                    0x0014439e
                                    0x001443ab
                                    0x001443b0
                                    0x001443b5
                                    0x001443c6
                                    0x001443d6
                                    0x001443db
                                    0x001443e1
                                    0x001443e1
                                    0x001443b5
                                    0x00000000
                                    0x0014439e
                                    0x001442c9
                                    0x0014445b
                                    0x0014445b
                                    0x0014445e
                                    0x00144464
                                    0x00144467
                                    0x0014446f
                                    0x00144471
                                    0x00144474
                                    0x00144476
                                    0x00144476
                                    0x0014447c
                                    0x0014447f
                                    0x00144482
                                    0x00000000
                                    0x0014448a
                                    0x00144275
                                    0x00144275
                                    0x00144494
                                    0x00144499
                                    0x00144499

                                    APIs
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 001482FF
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0014832B
                                    • printf.MSVCRT ref: 001442F5
                                    • printf.MSVCRT ref: 00144324
                                    • CertRDNValueToStrA.CRYPT32(?,?,00000000,00000000), ref: 00144338
                                    • CertRDNValueToStrA.CRYPT32(?,?,00000000,?), ref: 0014435E
                                    • printf.MSVCRT ref: 00144378
                                    • CertRDNValueToStrW.CRYPT32(?,?,00000000,00000000), ref: 00144396
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertValueprintf$CryptDecodeObject
                                    • String ID: $ [%d,%d] %s (%S)$ [%d,%d] %s (%S) $ [%d,%d] %s (%S) %S$ [%d,%d] %s (%S) %s$ 0x%08X$%s$<NULL>
                                    • API String ID: 4228225058-790891399
                                    • Opcode ID: ec6f29d31546ea9acc647b088271e7ae836a021a861b62312d6b0e7f31d17ae9
                                    • Instruction ID: 3e3834070cd09de377f1117a42040c354a663e642bf91ea4b8ce3d57f56b7c98
                                    • Opcode Fuzzy Hash: ec6f29d31546ea9acc647b088271e7ae836a021a861b62312d6b0e7f31d17ae9
                                    • Instruction Fuzzy Hash: 60617C75A00209FFDB11AFA0CC81FAE7BBAFF08750F148429FA15A6171D7719E909B61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00146795, Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 184encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    • printf.MSVCRT ref: 001467FC
                                    • printf.MSVCRT ref: 0014685D
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,?,00000014), ref: 001468D4
                                    • CertGetCRLContextProperty.CRYPT32(?,00000004,?,00000014), ref: 001468F9
                                    • printf.MSVCRT ref: 0014694C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CertContextProperty$LoadStringvwprintf
                                    • String ID: $ [%d] %s$%s $<NULL>$MD5$SHA1
                                    • API String ID: 1489666178-2308969636
                                    • Opcode ID: 85169098e5ae6255a770a81335472d88cb0c64550d5f2b8ace2d53bbd2ad4927
                                    • Instruction ID: dce568ed723b2ecf37ab36e62a6faa9abd445f52988ac8114a258cfd2846c258
                                    • Opcode Fuzzy Hash: 85169098e5ae6255a770a81335472d88cb0c64550d5f2b8ace2d53bbd2ad4927
                                    • Instruction Fuzzy Hash: 5B51CB32944205FFDB20AFA0DC02E9E77BAFF19729F050019F501660B1EB76A9D5CB12
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00141EB2, Relevance: 18.1, APIs: 12, Instructions: 93encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertDuplicateCertificateContext.CRYPT32(?), ref: 00141EE3
                                    • CertDeleteCRLFromStore.CRYPT32(00000000), ref: 00141EEA
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00141EFC
                                    • CertDuplicateCRLContext.CRYPT32(?), ref: 00141F17
                                    • CertDeleteCRLFromStore.CRYPT32(00000000), ref: 00141F22
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 00141F30
                                    • CertDuplicateCRLContext.CRYPT32(00000004), ref: 00141F4F
                                    • CertDeleteCRLFromStore.CRYPT32(00000000), ref: 00141F5A
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 00141F6D
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00141F85
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00141F93
                                    • CertFreeCRLContext.CRYPT32(00000004), ref: 00141FA4
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextStore$From$DeleteDuplicateFree$CertificateEnum$Certificates
                                    • String ID:
                                    • API String ID: 3778652152-0
                                    • Opcode ID: 21820cfd6b18594f196e4244fdb0975c6badafcd8c28fb2474edc63ce28656b8
                                    • Instruction ID: 6f0f18395bb9ce3bb7a7c5d12bd304dd8217e7c5c5c1aca05d72799025f394be
                                    • Opcode Fuzzy Hash: 21820cfd6b18594f196e4244fdb0975c6badafcd8c28fb2474edc63ce28656b8
                                    • Instruction Fuzzy Hash: 42312779D00249BBCB129FA5DC48AAEBBB9BB85341F248466F511E3030D7758AC9DF60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001428A5, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 85COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 93%
                                    			E001428A5(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t15;
				int _t18;
				signed char _t20;
				intOrPtr _t30;
				void* _t42;
				void* _t43;
				void* _t44;
				intOrPtr _t46;

				if(_a12 == 0) {
					return E00148F8E( *0x14a7f8, 0x1b8e, _a4);
				}
				if(__eflags > 0) {
					do {
						_push(_a4);
						wprintf(L"%s");
						_t30 = 0x10;
						__eflags = _a12 - _t30;
						if(_a12 <= _t30) {
							_t30 = _a12;
						}
						_a12 = _a12 - _t30;
						_t42 = 0;
						__eflags = _t30;
						if(_t30 <= 0) {
							L8:
							_t43 = 0x10;
							__eflags = _t30 - _t43;
							if(_t30 >= _t43) {
								L11:
								wprintf(L"    \'");
								_t44 = 0;
								__eflags = _t30;
								if(_t30 <= 0) {
									goto L17;
								} else {
									goto L12;
								}
								do {
									L12:
									_t20 =  *((intOrPtr*)(_t44 + _a8));
									__eflags = _t20 - 0x20;
									if(_t20 < 0x20) {
										L15:
										wprintf(".");
										goto L16;
									}
									__eflags = _t20 - 0x7f;
									if(_t20 > 0x7f) {
										goto L15;
									}
									_push(_t20 & 0x000000ff);
									wprintf(L"%c");
									L16:
									_t44 = _t44 + 1;
									__eflags = _t44 - _t30;
								} while (_t44 < _t30);
								goto L17;
							}
							_t46 = _t43 - _t30;
							__eflags = _t46;
							do {
								wprintf(L"   ");
								_t46 = _t46 - 1;
								__eflags = _t46;
							} while (_t46 != 0);
							goto L11;
						} else {
							do {
								_push( *(_t42 + _a8) & 0x000000ff);
								wprintf(L" %02X");
								_t42 = _t42 + 1;
								__eflags = _t42 - _t30;
							} while (_t42 < _t30);
							goto L8;
						}
						L17:
						_a8 = _a8 + _t30;
						_t18 = wprintf(L"\'\n");
						__eflags = _a12;
					} while (_a12 > 0);
					return _t18;
				}
				return _t15;
			}











                                    0x001428ae
                                    0x00000000
                                    0x001428c3
                                    0x001428cb
                                    0x001428da
                                    0x001428da
                                    0x001428e2
                                    0x001428e8
                                    0x001428e9
                                    0x001428ec
                                    0x001428ee
                                    0x001428ee
                                    0x001428f1
                                    0x001428f4
                                    0x001428f6
                                    0x001428f8
                                    0x00142910
                                    0x00142912
                                    0x00142913
                                    0x00142915
                                    0x00142924
                                    0x00142929
                                    0x0014292b
                                    0x0014292e
                                    0x00142930
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00142932
                                    0x00142932
                                    0x00142935
                                    0x00142938
                                    0x0014293a
                                    0x0014294e
                                    0x00142953
                                    0x00000000
                                    0x00142953
                                    0x0014293c
                                    0x0014293e
                                    0x00000000
                                    0x00000000
                                    0x00142943
                                    0x00142949
                                    0x00142955
                                    0x00142955
                                    0x00142957
                                    0x00142957
                                    0x00000000
                                    0x00142932
                                    0x00142917
                                    0x00142917
                                    0x00142919
                                    0x0014291e
                                    0x00142920
                                    0x00142920
                                    0x00142921
                                    0x00000000
                                    0x001428fa
                                    0x001428fa
                                    0x00142901
                                    0x00142907
                                    0x00142909
                                    0x0014290c
                                    0x0014290c
                                    0x00000000
                                    0x001428fa
                                    0x0014295b
                                    0x0014295b
                                    0x00142963
                                    0x00142965
                                    0x00142969
                                    0x00000000
                                    0x00142972
                                    0x00142974

                                    APIs
                                    • wprintf.MSVCRT ref: 001428E2
                                    • wprintf.MSVCRT ref: 00142907
                                    • wprintf.MSVCRT ref: 0014291E
                                    • wprintf.MSVCRT ref: 00142929
                                    • wprintf.MSVCRT ref: 00142949
                                    • wprintf.MSVCRT ref: 00142963
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: wprintf$LoadStringvwprintf
                                    • String ID: $ '$ %02X
                                    • API String ID: 2851814717-3839679036
                                    • Opcode ID: b258d46c031cf1fa177fe490a7dd8bedd7775b7f4894106bff516852f64474e8
                                    • Instruction ID: 31681bea6c690eac04c2eb0598633e19124babb5b42d3b39459db7465d4135ac
                                    • Opcode Fuzzy Hash: b258d46c031cf1fa177fe490a7dd8bedd7775b7f4894106bff516852f64474e8
                                    • Instruction Fuzzy Hash: 3A210237B4432ABAE7241FA5EC81ABD7755FB81735F90003BFA50464B0CBB149D18AA4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001469E9, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 138encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 20%
                                    			E001469E9(void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				signed int _v8;
				char _v28;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t42;
				char _t83;
				void* _t86;
				void* _t95;
				void* _t96;
				char* _t97;
				intOrPtr _t98;
				signed int _t99;

				_t95 = __edx;
				_t42 =  *0x14a078; // 0xa17bec03
				_v8 = _t42 ^ _t99;
				_t98 = _a4;
				_t83 = 0x14;
				_push(0x1b5d);
				_push( *0x14a7f8);
				_v32 = _t83;
				E00148F8E();
				_pop(_t86);
				E00144254(_t86, _t96,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x14)),  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x10)), _a8);
				E00148F8E( *0x14a7f8, 0x1b7d, E00143E22(_t95, _t96,  *((intOrPtr*)(_t98 + 0xc)) + 0x18));
				E00148F8E( *0x14a7f8, 0x1b7e, E00143E22(_t95, _t96,  *((intOrPtr*)(_t98 + 0xc)) + 0x20));
				_t97 = __imp__CertGetCRLContextProperty;
				 *_t97(_t98, 3,  &_v28,  &_v32);
				E0014297C("SHA1",  &_v28, _v32);
				_v32 = _t83;
				 *_t97(_t98, 4,  &_v28,  &_v32);
				E0014297C("MD5",  &_v28, _v32);
				if((_a8 & 0x00010000) != 0) {
					E00148F8E( *0x14a7f8, 0x1b68,  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)))));
					_t97 =  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 4));
					if(_t97 == 0) {
						_t97 = "<NULL>";
					}
					_push(0x1b69);
					_push( *0x14a7f8);
					E00148F8E();
					_push(_t97);
					printf("%s \n");
					if( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 8)) != 0) {
						_push(0x1b6a);
						_push( *0x14a7f8);
						E00148F8E();
						E001428A5(L"    ",  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0xc)),  *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 8)));
					}
					_t78 =  *((intOrPtr*)(_t98 + 0xc));
					if( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x30)) != 0) {
						E001457BD( *((intOrPtr*)(_t78 + 0x30)),  *((intOrPtr*)(_t78 + 0x34)), _a8);
					}
				}
				if( *((intOrPtr*)( *((intOrPtr*)(_t98 + 0xc)) + 0x28)) != 0) {
					_push(0x1b83);
					_push( *0x14a7f8);
					E00148F8E();
					E00146391(_t95,  *((intOrPtr*)(_t98 + 0x28)),  *((intOrPtr*)(_t98 + 0x2c)), _a8);
				} else {
					_push(0x1b82);
					_push( *0x14a7f8);
					E00148F8E();
				}
				return E001486C7(1, 0, _v8 ^ _t99, _t95, _t97, _t98);
			}

















                                    0x001469e9
                                    0x001469f1
                                    0x001469f8
                                    0x001469fd
                                    0x00146a03
                                    0x00146a04
                                    0x00146a09
                                    0x00146a0f
                                    0x00146a12
                                    0x00146a1b
                                    0x00146a25
                                    0x00146a42
                                    0x00146a62
                                    0x00146a67
                                    0x00146a7b
                                    0x00146a89
                                    0x00146a99
                                    0x00146a9c
                                    0x00146aaa
                                    0x00146ab8
                                    0x00146ace
                                    0x00146ad6
                                    0x00146ade
                                    0x00146ae0
                                    0x00146ae0
                                    0x00146ae5
                                    0x00146aea
                                    0x00146af0
                                    0x00146af5
                                    0x00146afb
                                    0x00146b0a
                                    0x00146b0c
                                    0x00146b11
                                    0x00146b17
                                    0x00146b2c
                                    0x00146b2c
                                    0x00146b31
                                    0x00146b37
                                    0x00146b42
                                    0x00146b42
                                    0x00146b37
                                    0x00146b4d
                                    0x00146b63
                                    0x00146b68
                                    0x00146b6e
                                    0x00146b81
                                    0x00146b4f
                                    0x00146b4f
                                    0x00146b54
                                    0x00146b5a
                                    0x00146b60
                                    0x00146b97

                                    APIs
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                      • Part of subcall function 00143E22: LoadStringW.USER32(00001C0C,0014A870,00000064), ref: 00143E62
                                      • Part of subcall function 00143E22: LoadStringW.USER32(00001B9D,?,00000032), ref: 00143E8A
                                      • Part of subcall function 00143E22: LoadStringW.USER32(00001B9E,?,00000032), ref: 00143EA5
                                      • Part of subcall function 00143E22: FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00143EB7
                                      • Part of subcall function 00143E22: FileTimeToSystemTime.KERNEL32(?,?), ref: 00143ECB
                                      • Part of subcall function 00143E22: _wasctime.MSVCRT ref: 00143F4D
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,?,?), ref: 00146A7B
                                      • Part of subcall function 0014297C: printf.MSVCRT ref: 001429B0
                                      • Part of subcall function 0014297C: printf.MSVCRT ref: 001429F0
                                    • CertGetCRLContextProperty.CRYPT32(?,00000004,?,?), ref: 00146A9C
                                      • Part of subcall function 0014297C: printf.MSVCRT ref: 001429E3
                                    • printf.MSVCRT ref: 00146AFB
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadStringTimeprintf$File$CertContextProperty$LocalSystem_wasctimevwprintf
                                    • String ID: $%s $<NULL>$MD5$SHA1
                                    • API String ID: 1904437375-3298317204
                                    • Opcode ID: fae5b1b251324aeb5dddf3d52484f214f0d07e3363322393cf29f4e62be7e80a
                                    • Instruction ID: 50e0c0ad8a80641f4725bdd28d776c146498b9c4ea71d2a1ac0f6855c8c8657b
                                    • Opcode Fuzzy Hash: fae5b1b251324aeb5dddf3d52484f214f0d07e3363322393cf29f4e62be7e80a
                                    • Instruction Fuzzy Hash: 9C41D436A40205FFDB21AF94DC42C9E77BAFF14320B468025F614AB172DB76E995CB41
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00146D37, Relevance: 13.7, APIs: 9, Instructions: 154encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCertificatesInStore.CRYPT32(?,?), ref: 00146DAD
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00146D65
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                      • Part of subcall function 00145CD6: printf.MSVCRT ref: 00145D61
                                      • Part of subcall function 00145CD6: CertGetCertificateContextProperty.CRYPT32(?,00000003,?,?), ref: 00145D79
                                      • Part of subcall function 00145CD6: CertGetCertificateContextProperty.CRYPT32(?,00000004,?,?), ref: 00145D9A
                                      • Part of subcall function 00145CD6: CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,00000000), ref: 00145DB8
                                      • Part of subcall function 00145CD6: CryptHashPublicKeyInfo.CRYPT32(00000000,00008003,00000000,?,?,?), ref: 00145DE6
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 00146DE1
                                    • CertEnumCTLsInStore.CRYPT32(?,?), ref: 00146E29
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 00146E62
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,?,?), ref: 00146EAF
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 00146ED6
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00146EE4
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00146EF5
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$ContextStore$Enum$CertificateFree$CertificatesCryptFromProperty$AcquireHashInfoLoadPublicStringprintfvwprintf
                                    • String ID:
                                    • API String ID: 2852249584-0
                                    • Opcode ID: 4bfeba0ba6077b71ae2a36cbca41ba626367523541e713e3eb55e922421a1740
                                    • Instruction ID: a22199b655c055d9163c077d56cf05f218f9c714f494f4bd999b345b963e717e
                                    • Opcode Fuzzy Hash: 4bfeba0ba6077b71ae2a36cbca41ba626367523541e713e3eb55e922421a1740
                                    • Instruction Fuzzy Hash: 5551B379D44219FEEF12ABA0DC4189E7FF6FF52709B25402AF100A6070DB720ED59B42
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00141FB6, Relevance: 13.6, APIs: 9, Instructions: 115encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • realloc.MSVCRT ref: 00142007
                                    • CertDuplicateCertificateContext.CRYPT32(?), ref: 0014201C
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 0014203A
                                    • realloc.MSVCRT ref: 00142055
                                    • CertDuplicateCertificateContext.CRYPT32(?), ref: 00142066
                                    • CertFindCertificateInStore.CRYPT32(?,00000000,00080007,?,00000000), ref: 0014208F
                                    • CertFreeCertificateContext.CRYPT32(?), ref: 001420B4
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 001420D5
                                    • free.MSVCRT(?), ref: 001420E3
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Certificate$Context$DuplicateFreeStorerealloc$CertificatesEnumFindfree
                                    • String ID:
                                    • API String ID: 3052196173-0
                                    • Opcode ID: a670e8623ac5347c920ff64112bc2ddaa786de8d4b4998ad76e4990776c29f5a
                                    • Instruction ID: c3d18cf5b8dba78483d11585d48013c07d690da38274956e4455e7bad1fe25fe
                                    • Opcode Fuzzy Hash: a670e8623ac5347c920ff64112bc2ddaa786de8d4b4998ad76e4990776c29f5a
                                    • Instruction Fuzzy Hash: 3041357550024AEFCB219F94D8848A9BBF1FB49351B61486DF99193230C7729DD0EF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0014560E, Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 140COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 21%
                                    			E0014560E(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8, signed int _a12) {
				char* _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* __edi;
				intOrPtr _t42;
				char* _t43;
				void* _t57;
				intOrPtr* _t65;
				intOrPtr _t67;
				void* _t72;
				void* _t74;
				void* _t77;
				char _t78;
				intOrPtr* _t83;
				void* _t90;
				void* _t93;

				_t77 = __edx;
				_t78 = 0;
				_v16 = 0;
				_v12 = 0;
				if(_a4 <= 0) {
					L26:
					return _t42;
				} else {
					goto L3;
					L6:
					_v20 = _t78;
					if(_t93 <= 0) {
						L23:
						_v12 = _v12 + 1;
						_t42 = _v12;
						_a8 = _t83 + 0xc;
						if(_t42 < _a4) {
							_t78 = 0;
							L3:
							_t83 = _a8;
							_t43 =  *_t83;
							_t67 =  *((intOrPtr*)(_t83 + 4));
							_t65 =  *((intOrPtr*)(_t83 + 8));
							_v24 = _t67;
							_v8 = _t43;
							if(_t43 == _t78) {
								_v8 = "<NULL>";
							}
							_t93 = _t67 - _t78;
							if(_t93 == 0) {
								goto L20;
							} else {
								goto L6;
							}
						}
						if(_v16 == 0) {
							goto L26;
						}
						return E00148F35(_t42, _v16);
					} else {
						goto L7;
					}
					do {
						L7:
						_push(_v8);
						_push(_v20);
						_push(_v12);
						printf("  [%d,%d] %s\n");
						_t49 =  *_t65;
						_t90 = _t90 + 0x10;
						if( *_t65 == 0) {
							_push(0x1b90);
							_push( *0x14a7f8);
							E00148F8E();
						} else {
							if((_a12 & 0x00010000) != 0) {
								E001428A5(L"    ",  *((intOrPtr*)(_t65 + 4)), _t49);
							}
							_push(0x15);
							asm("repe cmpsb");
							if(0 == 0) {
								_push(0x1b8f);
								_push( *0x14a7f8);
								E00148F8E();
								E001455AE( *((intOrPtr*)(_t65 + 4)),  *_t65, _a12);
							}
							_push(0x15);
							asm("repe cmpsb");
							if(0 == 0) {
								_push(0x1c13);
								_push( *0x14a7f8);
								E00148F8E();
								_pop(_t74);
								E00144F00(_t74, "1.2.840.113549.1.9.6",  *((intOrPtr*)(_t65 + 4)),  *_t65, _a12);
							}
							_t72 = 0x15;
							asm("repe cmpsb");
							if(0 == 0) {
								_t89 = E001482C8(_t72, 0x11,  *((intOrPtr*)(_t65 + 4)),  *_t65, 0);
								if(_t55 != 0) {
									_t57 = E00148F8E( *0x14a7f8, 0x1c14, E00143E22(_t77, "1.2.840.113549.1.9.5", _t89));
									_t90 = _t90 + 0xc;
									E00148F35(_t57, _t89);
								}
							}
						}
						_v20 = _v20 + 1;
						_t65 = _t65 + 8;
					} while (_v20 < _v24);
					_t83 = _a8;
					goto L23;
					L20:
					if(E00148241(_v8,  &_v16) != 0) {
						_v16 = _t78;
					} else {
						_push(_v16);
						E00148F8E( *0x14a7f8, 0x1b91, _v12);
						_t90 = _t90 + 0x10;
					}
					goto L23;
				}
			}





















                                    0x0014560e
                                    0x00145617
                                    0x00145619
                                    0x0014561c
                                    0x00145622
                                    0x001457b5
                                    0x001457b5
                                    0x00145628
                                    0x0014562a
                                    0x00145652
                                    0x00145652
                                    0x00145655
                                    0x0014578e
                                    0x0014578e
                                    0x00145791
                                    0x00145797
                                    0x0014579d
                                    0x0014562c
                                    0x0014562e
                                    0x0014562e
                                    0x00145631
                                    0x00145633
                                    0x00145636
                                    0x00145639
                                    0x0014563c
                                    0x00145641
                                    0x00145643
                                    0x00145643
                                    0x0014564a
                                    0x0014564c
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0014564c
                                    0x001457a9
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x0014565b
                                    0x0014565b
                                    0x0014565e
                                    0x0014565f
                                    0x00145662
                                    0x0014566a
                                    0x00145670
                                    0x00145672
                                    0x00145677
                                    0x00145737
                                    0x0014573c
                                    0x00145742
                                    0x0014567d
                                    0x00145684
                                    0x0014568f
                                    0x0014568f
                                    0x00145694
                                    0x0014569e
                                    0x001456a0
                                    0x001456a2
                                    0x001456a7
                                    0x001456ad
                                    0x001456bc
                                    0x001456bc
                                    0x001456c4
                                    0x001456ce
                                    0x001456d0
                                    0x001456d2
                                    0x001456d7
                                    0x001456dd
                                    0x001456e3
                                    0x001456ec
                                    0x001456ec
                                    0x001456fb
                                    0x001456fe
                                    0x00145700
                                    0x0014570f
                                    0x00145713
                                    0x00145727
                                    0x0014572c
                                    0x00145730
                                    0x00145730
                                    0x00145713
                                    0x00145700
                                    0x00145749
                                    0x0014574f
                                    0x00145752
                                    0x0014575b
                                    0x00000000
                                    0x00145760
                                    0x0014576e
                                    0x0014578b
                                    0x00145770
                                    0x00145770
                                    0x00145781
                                    0x00145786
                                    0x00145786
                                    0x00000000
                                    0x0014576e

                                    APIs
                                    • printf.MSVCRT ref: 0014566A
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadStringprintfvwprintf
                                    • String ID: $ [%d,%d] %s$1.2.840.113549.1.9.5$1.2.840.113549.1.9.6$1.3.6.1.4.1.311.10.2$<NULL>
                                    • API String ID: 3914510563-3034289211
                                    • Opcode ID: 0a597dd6bee1f41e341cfcb9528408380ce39d7671bde06dde7acc53397f1e1c
                                    • Instruction ID: af24168cf40cb0e931a387d3ced1b6bcfec7cb861849e292453d89d13be56f8d
                                    • Opcode Fuzzy Hash: 0a597dd6bee1f41e341cfcb9528408380ce39d7671bde06dde7acc53397f1e1c
                                    • Instruction Fuzzy Hash: 2E41FC36D40A08FFDF11AF80DD428AEBBBBFF44311F554065F9146A172DB319A90AB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00142C72, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 92COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 24%
                                    			E00142C72(intOrPtr _a4, signed int _a8, signed int _a12) {
				intOrPtr _v8;
				intOrPtr* _v12;
				void* __ecx;
				intOrPtr* _t29;
				intOrPtr _t39;
				void* _t42;
				void* _t52;
				intOrPtr* _t53;
				intOrPtr* _t56;
				intOrPtr _t58;
				intOrPtr* _t59;
				void* _t60;

				_push(_t42);
				_push(_t42);
				_t29 = E001482C8(_t42, 0x10, _a8, _a12, 0);
				_t56 = _t29;
				_v12 = _t56;
				if(_t56 != 0) {
					_t39 =  *_t56;
					_t53 =  *((intOrPtr*)(_t56 + 4));
					_v8 = _t39;
					_t30 = E00148F8E( *0x14a7f8, _a4, _t52);
					if(_t39 == 0) {
						_push(0x1bc1);
						_push( *0x14a7f8);
						_t30 = E00148F8E();
					}
					_a8 = _a8 & 0x00000000;
					if(_t39 > 0) {
						do {
							_push( *_t53);
							_t58 =  *((intOrPtr*)(_t53 + 4));
							_push(_a8);
							_a4 = _t58;
							printf("    [%d] %s");
							_t60 = _t60 + 0xc;
							if(_t58 != 0) {
								_push(0x1bda);
								_push( *0x14a7f8);
								E00148F8E();
							}
							_a12 = _a12 & 0x00000000;
							_t59 =  *((intOrPtr*)(_t53 + 8));
							if(_a4 > 0) {
								do {
									_push( *_t59);
									_push(_a12);
									printf("      [%d] %s");
									_t60 = _t60 + 0xc;
									if( *((intOrPtr*)(_t59 + 4)) == 0) {
										printf("\n");
									} else {
										_push(0x1bdb);
										_push( *0x14a7f8);
										E00148F8E();
										E001428A5(L"    ",  *((intOrPtr*)(_t59 + 8)),  *((intOrPtr*)(_t59 + 4)));
									}
									_a12 = _a12 + 1;
									_t59 = _t59 + 0xc;
								} while (_a12 < _a4);
							}
							_a8 = _a8 + 1;
							_t30 = _a8;
							_t53 = _t53 + 0xc;
						} while (_a8 < _v8);
						_t56 = _v12;
					}
					_t29 = E00148F35(_t30, _t56);
				}
				return _t29;
			}















                                    0x00142c77
                                    0x00142c78
                                    0x00142c84
                                    0x00142c89
                                    0x00142c8b
                                    0x00142c90
                                    0x00142c97
                                    0x00142c9d
                                    0x00142ca6
                                    0x00142ca9
                                    0x00142cb2
                                    0x00142cb4
                                    0x00142cb9
                                    0x00142cbf
                                    0x00142cc5
                                    0x00142cc6
                                    0x00142ccc
                                    0x00142cd8
                                    0x00142cd8
                                    0x00142cda
                                    0x00142cdd
                                    0x00142ce0
                                    0x00142ce8
                                    0x00142cea
                                    0x00142cef
                                    0x00142cf1
                                    0x00142cf6
                                    0x00142cfc
                                    0x00142d02
                                    0x00142d03
                                    0x00142d0b
                                    0x00142d0e
                                    0x00142d10
                                    0x00142d10
                                    0x00142d12
                                    0x00142d1a
                                    0x00142d1c
                                    0x00142d23
                                    0x00142d4e
                                    0x00142d25
                                    0x00142d25
                                    0x00142d2a
                                    0x00142d30
                                    0x00142d42
                                    0x00142d42
                                    0x00142d51
                                    0x00142d57
                                    0x00142d5a
                                    0x00142d10
                                    0x00142d5f
                                    0x00142d62
                                    0x00142d65
                                    0x00142d68
                                    0x00142d71
                                    0x00142d71
                                    0x00142d75
                                    0x00142d7b
                                    0x00142d7e

                                    APIs
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 001482FF
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0014832B
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    • printf.MSVCRT ref: 00142CE8
                                    • printf.MSVCRT ref: 00142D1A
                                    • printf.MSVCRT ref: 00142D4E
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CryptDecodeObject$LoadStringvwprintf
                                    • String ID: $ [%d] %s$ [%d] %s
                                    • API String ID: 1559741091-2298187835
                                    • Opcode ID: a107d28fd54fbbebe1ef0fe181cad89a488f37245dd5a5e2d8335148f4a07430
                                    • Instruction ID: c72307b6e6bc18881c41a54e8febaf8c82b0ea86e12af7d1391f0fad0ff870c0
                                    • Opcode Fuzzy Hash: a107d28fd54fbbebe1ef0fe181cad89a488f37245dd5a5e2d8335148f4a07430
                                    • Instruction Fuzzy Hash: 0B318B36900205FBDB209F81DC42A9D7BB1FF04721F258519FD14271B1DB75A9D09B91
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001421ED, Relevance: 10.6, APIs: 7, Instructions: 88encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCTLsInStore.CRYPT32(?,00000000), ref: 00142223
                                    • realloc.MSVCRT ref: 0014223E
                                    • CertDuplicateCRLContext.CRYPT32(?), ref: 0014224F
                                    • CertEnumCTLsInStore.CRYPT32(?,?), ref: 0014226A
                                    • CertFreeCRLContext.CRYPT32(00000000), ref: 0014228C
                                    • CertFreeCRLContext.CRYPT32(00000000), ref: 001422AE
                                    • free.MSVCRT(?), ref: 001422BC
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Context$EnumFreeStore$Duplicatefreerealloc
                                    • String ID:
                                    • API String ID: 2405492650-0
                                    • Opcode ID: 54aaa16778689417cfe013da86cf95c1b57cc578b5cf7fd9fff922f339a334be
                                    • Instruction ID: 7dc6beed12d38e54f9723a61333fa0bbb8d9cb360bcb389afe61dfec27f5f545
                                    • Opcode Fuzzy Hash: 54aaa16778689417cfe013da86cf95c1b57cc578b5cf7fd9fff922f339a334be
                                    • Instruction Fuzzy Hash: 1A314375600208EFDB228F69D844EADBBF1FB85351F60856AF85497270D7B19EC1DB10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00143155, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 72COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 71%
                                    			E00143155(void* __ebx, void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _t8;
				intOrPtr _t10;
				int _t11;
				char* _t22;
				void* _t32;
				intOrPtr* _t36;

				_t8 = E001482C8(__ecx, 0x1a, _a8, _a12, 0);
				_t36 = _t8;
				if(_t36 != 0) {
					E00148F8E( *0x14a7f8, _a4, _t32);
					_t10 =  *_t36;
					if(_t10 != 1) {
						if(_t10 == 0) {
							_push(0x1bc1);
							_push( *0x14a7f8);
							_t11 = E00148F8E();
							L8:
							L9:
							return E00148F35(_t11, _t36);
						}
						_t22 = "\n";
						printf(_t22);
						E001428A5(L"    ",  *(_t36 + 4),  *_t36);
						E00148F8E( *0x14a7f8, 0x1b73,  *((intOrPtr*)(_t36 + 8)));
						_t11 = printf(_t22);
						goto L9;
					}
					_push( *( *(_t36 + 4)) & 0x000000ff);
					printf(" %02X");
					_t19 =  *((intOrPtr*)(_t36 + 8));
					if( *((intOrPtr*)(_t36 + 8)) != 0) {
						E00148F8E( *0x14a7f8, 0x1b73, _t19);
					}
					_t11 = printf("\n");
					goto L8;
				}
				return _t8;
			}









                                    0x00143165
                                    0x0014316a
                                    0x0014316e
                                    0x0014317e
                                    0x00143183
                                    0x0014318a
                                    0x001431c8
                                    0x00143205
                                    0x0014320a
                                    0x00143210
                                    0x00143216
                                    0x00143217
                                    0x00000000
                                    0x0014321d
                                    0x001431d1
                                    0x001431d7
                                    0x001431e4
                                    0x001431f7
                                    0x001431fd
                                    0x00000000
                                    0x00143202
                                    0x00143198
                                    0x0014319e
                                    0x001431a0
                                    0x001431a7
                                    0x001431b5
                                    0x001431ba
                                    0x001431c2
                                    0x00000000
                                    0x001431c2
                                    0x00143220

                                    APIs
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 001482FF
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0014832B
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    • printf.MSVCRT ref: 0014319E
                                    • printf.MSVCRT ref: 001431C2
                                    • printf.MSVCRT ref: 001431D7
                                    • printf.MSVCRT ref: 001431FD
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$CryptDecodeObject$LoadStringvwprintf
                                    • String ID: $ %02X
                                    • API String ID: 1559741091-2119626176
                                    • Opcode ID: e9f5b9fa33983d5d0d63453d4727e126acedb2cdf8440a6ac9d648194c55912c
                                    • Instruction ID: 4f24c134be36d0f0b260f22e30f06b18f66def74bfeecf24582f6c3facb225c0
                                    • Opcode Fuzzy Hash: e9f5b9fa33983d5d0d63453d4727e126acedb2cdf8440a6ac9d648194c55912c
                                    • Instruction Fuzzy Hash: AF11E73A244215BBDB212F65EC02C6E3BEAFF45B60B160415F620564B1DF72E9D09B51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0014297C, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 53COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E0014297C(intOrPtr _a4, signed char* _a8, signed char* _a12) {
				signed char* _t13;
				signed char* _t21;

				E00148F8E( *0x14a7f8, 0x1b9c, _a4);
				_t13 = _a12;
				if(_t13 != 0) {
					if(__eflags > 0) {
						do {
							_t21 = 4;
							__eflags = _t13 - _t21;
							if(_t13 <= _t21) {
								_t21 = _t13;
							}
							_t13 = _t13 - _t21;
							while(1) {
								__eflags = _t21;
								if(_t21 <= 0) {
									goto L9;
								}
								_push( *_a8 & 0x000000ff);
								printf("%02X");
								_t21 = _t21 - 1;
								_t4 =  &_a8;
								 *_t4 =  &(_a8[1]);
								__eflags =  *_t4;
							}
							L9:
							printf(" ");
							__eflags = _t13;
						} while (_t13 > 0);
					}
				} else {
					_push("<NULL>");
					printf("%s");
				}
				return printf("\n");
			}





                                    0x00142991
                                    0x00142996
                                    0x001429a4
                                    0x001429b6
                                    0x001429b9
                                    0x001429bb
                                    0x001429bc
                                    0x001429be
                                    0x001429c0
                                    0x001429c0
                                    0x001429c2
                                    0x001429da
                                    0x001429da
                                    0x001429dc
                                    0x00000000
                                    0x00000000
                                    0x001429cc
                                    0x001429d2
                                    0x001429d5
                                    0x001429d6
                                    0x001429d6
                                    0x001429d6
                                    0x001429d9
                                    0x001429de
                                    0x001429e3
                                    0x001429e6
                                    0x001429e6
                                    0x001429ea
                                    0x001429a6
                                    0x001429a6
                                    0x001429b0
                                    0x001429b3
                                    0x001429f6

                                    APIs
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    • printf.MSVCRT ref: 001429B0
                                    • printf.MSVCRT ref: 001429E3
                                    • printf.MSVCRT ref: 001429F0
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf$LoadStringvwprintf
                                    • String ID: %02X$<NULL>
                                    • API String ID: 3594943052-3318528641
                                    • Opcode ID: 8afcae4f5c4c7d1254df4d82f8e00c7b7e3823c13e61fa2e56cf1a96f6b8174f
                                    • Instruction ID: d72a7d324c2613db747ee62050e82a88a65408abcb71c19ed29c5670ccc23c39
                                    • Opcode Fuzzy Hash: 8afcae4f5c4c7d1254df4d82f8e00c7b7e3823c13e61fa2e56cf1a96f6b8174f
                                    • Instruction Fuzzy Hash: 7D012636B40369BAD6206E81EC52D6A7B14FB90BF5F650027FA04064B1DBB258C08660
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 0014900B, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 53%
                                    			E0014900B(struct HINSTANCE__* _a4, int _a8, int _a12, int _a16, int _a20) {

				LoadStringW(_a4, _a8, "CertMgr Succeeded",  *0x14a390);
				LoadStringW(_a4, _a12, 0x14b4d8,  *0x14a390);
				LoadStringW(_a4, _a16, 0x14b0d8,  *0x14a390);
				LoadStringW(_a4, _a20, 0x14bcd8,  *0x14a390);
				_push(0x14bcd8);
				_push(0x14b0d8);
				_push(0x14b4d8);
				return wprintf("CertMgr Succeeded");
			}



                                    0x0014902a
                                    0x0014903d
                                    0x00149051
                                    0x00149065
                                    0x00149067
                                    0x00149068
                                    0x00149069
                                    0x0014907f

                                    APIs
                                    • LoadStringW.USER32(0000177F,0000177E,CertMgr Succeeded,?), ref: 0014902A
                                    • LoadStringW.USER32(0000177F,0000177D,0014B4D8), ref: 0014903D
                                    • LoadStringW.USER32(0000177F,00141936,0014B0D8), ref: 00149051
                                    • LoadStringW.USER32(0000177F,?,0014BCD8), ref: 00149065
                                    • wprintf.MSVCRT ref: 00149073
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString$wprintf
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 698749725-2974366063
                                    • Opcode ID: c645af7ca037d603a9070c780a5232c81979aa3114a49b2c57be905662c74249
                                    • Instruction ID: 214114094dc2e3c1cc5eaf4691797747122e31adc010f82332f8928285e849a6
                                    • Opcode Fuzzy Hash: c645af7ca037d603a9070c780a5232c81979aa3114a49b2c57be905662c74249
                                    • Instruction Fuzzy Hash: 48F01D3658011CBBDF121F81DC85C9B3F2EFF967A57454015FA1811531D73289B2EBA1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001426A9, Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 90%
                                    			E001426A9(signed short* _a4, signed int* _a8, intOrPtr* _a12) {
				intOrPtr* _t21;
				intOrPtr* _t22;
				signed int _t28;
				char _t42;
				signed int _t45;
				signed char _t56;
				signed int* _t59;
				void* _t60;
				void* _t61;
				signed int* _t65;
				void* _t66;
				intOrPtr _t72;
				long _t73;
				long _t75;
				signed int _t77;
				signed short* _t80;
				void* _t81;

				if(_a4 == 0) {
					L27:
					return 0x80070057;
				}
				_t59 = _a8;
				if(_t59 == 0) {
					goto L27;
				}
				_t21 = _a12;
				if(_t21 == 0) {
					goto L27;
				}
				 *_t59 = 0;
				 *_t21 = 0;
				_t22 = _a4;
				_t60 = _t22 + 2;
				do {
					_t72 =  *_t22;
					_t22 = _t22 + 2;
				} while (_t72 != 0);
				if(_t22 - _t60 >> 1 == 0x28) {
					_t77 = E00149241(0x14, 0, 0);
					 *_t59 = _t77;
					if(_t77 == 0) {
						goto L27;
					}
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_a8 = 0;
					_t80 = _a4;
					do {
						_t73 =  *_t80 & 0x0000ffff;
						_t28 = _t73 & 0x0000ffff;
						_t8 = _t28 - 0x30; // -48
						_t61 = _t8;
						if(_t61 > 9 || _t61 < 0) {
							if((towupper(_t73) & 0x0000ffff) - 0x41 < 0 || (towupper( *_t80 & 0x0000ffff) & 0x0000ffff) - 0x41 > 5) {
								goto L24;
							} else {
								_t42 = (towupper( *_t80 & 0x0000ffff) & 0x0000ffff) - 0x37;
								goto L15;
							}
						} else {
							_t42 = _t28 + 0xffffffd0;
							L15:
							_t65 = _a8;
							 *((char*)(_t65 +  *_t59)) = _t42;
							 *( *_t59 + _t65) =  *( *_t59 + _t65) << 4;
							_t75 = _t80[1] & 0x0000ffff;
							_t45 = _t75 & 0x0000ffff;
							_t66 = _t45 - 0x30;
							if(_t66 > 9 || _t66 < 0) {
								if((towupper(_t75) & 0x0000ffff) - 0x41 < 0 || (towupper(_t80[1] & 0x0000ffff) & 0x0000ffff) - 0x41 > 5) {
									L24:
									_t32 =  *_t59;
									_t81 = 0x80070057;
									if( *_t59 != 0) {
										E00148F35(_t32, _t32);
									}
									 *_t59 =  *_t59 & 0x00000000;
									L23:
									return _t81;
								} else {
									_t56 = (towupper(_t80[1] & 0x0000ffff) & 0x0000ffff) - 0x37;
									goto L21;
								}
							} else {
								_t56 = _t45 + 0xffffffd0;
								goto L21;
							}
						}
						L21:
						 *(_a8 +  *_t59) =  *(_a8 +  *_t59) | _t56;
						_a8 =  &(_a8[0]);
						_t80 =  &(_t80[2]);
					} while (_a8 < 0x14);
					_t81 = 0;
					 *_a12 = 0x14;
					goto L23;
				}
				return 0x80004005;
			}




















                                    0x001426b6
                                    0x001427fd
                                    0x00000000
                                    0x001427fd
                                    0x001426bc
                                    0x001426c1
                                    0x00000000
                                    0x00000000
                                    0x001426c7
                                    0x001426cc
                                    0x00000000
                                    0x00000000
                                    0x001426d2
                                    0x001426d4
                                    0x001426d6
                                    0x001426d9
                                    0x001426dc
                                    0x001426dc
                                    0x001426e0
                                    0x001426e1
                                    0x001426ed
                                    0x00142702
                                    0x00142704
                                    0x00142708
                                    0x00000000
                                    0x00000000
                                    0x00142710
                                    0x00142711
                                    0x00142712
                                    0x00142713
                                    0x00142714
                                    0x0014271b
                                    0x0014271e
                                    0x00142721
                                    0x00142721
                                    0x00142724
                                    0x00142727
                                    0x00142727
                                    0x0014272d
                                    0x00142742
                                    0x00000000
                                    0x0014275e
                                    0x00142768
                                    0x00000000
                                    0x00142768
                                    0x00142733
                                    0x00142733
                                    0x0014276b
                                    0x0014276d
                                    0x00142770
                                    0x00142777
                                    0x0014277a
                                    0x0014277e
                                    0x00142781
                                    0x00142787
                                    0x0014279c
                                    0x001427e7
                                    0x001427e7
                                    0x001427e9
                                    0x001427f0
                                    0x001427f3
                                    0x001427f3
                                    0x001427f8
                                    0x001427e3
                                    0x00000000
                                    0x001427b1
                                    0x001427bc
                                    0x00000000
                                    0x001427bc
                                    0x0014278d
                                    0x0014278d
                                    0x00000000
                                    0x0014278d
                                    0x00142787
                                    0x001427bf
                                    0x001427c6
                                    0x001427c8
                                    0x001427cb
                                    0x001427ce
                                    0x001427db
                                    0x001427dd
                                    0x00000000
                                    0x001427dd
                                    0x00000000

                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: towupper$malloc
                                    • String ID:
                                    • API String ID: 655879201-0
                                    • Opcode ID: 926e92ad59ee13d0a3ec5c71e950b574f559e265f75be6130068e98d97349894
                                    • Instruction ID: 4864d5aa9fece393205007e647ada527aabbbb13017ef97aab3e10b75cc9b3f4
                                    • Opcode Fuzzy Hash: 926e92ad59ee13d0a3ec5c71e950b574f559e265f75be6130068e98d97349894
                                    • Instruction Fuzzy Hash: CA4149751001B19BDB188F29CC8093A77E4FF71722B92805AF895CF2A4C738D8C1DB60
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00143E22, Relevance: 9.1, APIs: 6, Instructions: 136timeCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 52%
                                    			E00143E22(short* __edx, void* __edi, FILETIME* _a4) {
				signed int _v8;
				short _v108;
				short _v208;
				struct _SYSTEMTIME _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				signed int _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				struct _FILETIME _v268;
				void* __ebx;
				void* __esi;
				signed int _t38;
				WCHAR* _t43;
				WCHAR* _t65;
				WCHAR* _t69;
				signed int _t72;
				short _t80;
				short _t82;
				void* _t85;
				short* _t87;
				void* _t88;
				signed int _t91;

				_t88 = __edi;
				_t87 = __edx;
				_t38 =  *0x14a078; // 0xa17bec03
				_v8 = _t38 ^ _t91;
				_t90 = _a4;
				 *0x14a870 = 0;
				if(_t90->dwLowDateTime != 0 || _t90->dwHighDateTime != 0) {
					_push(_t88);
					if(LoadStringW( *0x14a7f8, 0x1b9d,  &_v208, 0x32) == 0 || LoadStringW( *0x14a7f8, 0x1b9e,  &_v108, 0x32) == 0) {
						_t43 = 0x14a870;
					} else {
						FileTimeToLocalFileTime(_t90,  &_v268);
						if(FileTimeToSystemTime( &_v268,  &_v224) == 0) {
							_push(_t90->dwLowDateTime);
							_t90 = 0x14a870;
							E0014341A(0x14a870, 0x64,  &_v208,  *0x0014A874);
						} else {
							_v260 = _v224.wSecond & 0x0000ffff;
							_v256 = _v224.wMinute & 0x0000ffff;
							_v252 = _v224.wHour & 0x0000ffff;
							_v248 = _v224.wDay & 0x0000ffff;
							_v244 = (_v224.wMonth & 0x0000ffff) - 1;
							_v240 = (_v224.wYear & 0x0000ffff) - 0x76c;
							_v236 = _v224.wDayOfWeek & 0x0000ffff;
							_v232 = 0;
							_v228 = 0;
							__imp___wasctime( &_v260);
							_t90 = 0x14a870;
							E00143386(0x14a870, 0x64,  &_v260);
							_t65 = 0x14a870;
							_t26 =  &(_t65[1]); // 0x14a872
							_t87 = _t26;
							do {
								_t80 =  *_t65;
								_t65 =  &(_t65[1]);
							} while (_t80 != 0);
							 *((short*)(0x14a86e + (_t65 - _t87 >> 1) * 2)) = 0;
							if(_v224.wMilliseconds != 0) {
								_t69 = 0x14a870;
								_t30 =  &(_t69[1]); // 0x14a872
								_t87 = _t30;
								do {
									_t82 =  *_t69;
									_t69 =  &(_t69[1]);
								} while (_t82 != 0);
								_push(_v224.wMilliseconds & 0x0000ffff);
								_push( &_v108);
								_t72 = _t69 - _t87 >> 1;
								_t85 = 0x64;
								_push(_t85 - _t72);
								_push( &(0x14a870[_t72]));
								E0014341A();
							}
						}
						_t43 = _t90;
					}
					_pop(_t88);
				} else {
					_t90 = 0x14a870;
					LoadStringW( *0x14a7f8, 0x1c0c, 0x14a870, 0x64);
					_t43 = 0x14a870;
				}
				return E001486C7(_t43, 0, _v8 ^ _t91, _t87, _t88, _t90);
			}






























                                    0x00143e22
                                    0x00143e22
                                    0x00143e2d
                                    0x00143e34
                                    0x00143e3b
                                    0x00143e40
                                    0x00143e48
                                    0x00143e6f
                                    0x00143e8e
                                    0x00143fdf
                                    0x00143eaf
                                    0x00143eb7
                                    0x00143ed3
                                    0x00143fbf
                                    0x00143fca
                                    0x00143fd3
                                    0x00143ed9
                                    0x00143ee0
                                    0x00143eed
                                    0x00143efa
                                    0x00143f07
                                    0x00143f15
                                    0x00143f27
                                    0x00143f34
                                    0x00143f41
                                    0x00143f47
                                    0x00143f4d
                                    0x00143f57
                                    0x00143f5d
                                    0x00143f62
                                    0x00143f64
                                    0x00143f64
                                    0x00143f67
                                    0x00143f67
                                    0x00143f6b
                                    0x00143f6c
                                    0x00143f77
                                    0x00143f86
                                    0x00143f88
                                    0x00143f8a
                                    0x00143f8a
                                    0x00143f8d
                                    0x00143f8d
                                    0x00143f91
                                    0x00143f92
                                    0x00143f9e
                                    0x00143fa2
                                    0x00143fa7
                                    0x00143fa9
                                    0x00143fac
                                    0x00143fb4
                                    0x00143fb5
                                    0x00143fba
                                    0x00143f86
                                    0x00143fdb
                                    0x00143fdb
                                    0x00143fe4
                                    0x00143e4f
                                    0x00143e51
                                    0x00143e62
                                    0x00143e68
                                    0x00143e68
                                    0x00143ff2

                                    APIs
                                    • LoadStringW.USER32(00001C0C,0014A870,00000064), ref: 00143E62
                                    • LoadStringW.USER32(00001B9D,?,00000032), ref: 00143E8A
                                    • LoadStringW.USER32(00001B9E,?,00000032), ref: 00143EA5
                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00143EB7
                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00143ECB
                                    • _wasctime.MSVCRT ref: 00143F4D
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Time$FileLoadString$LocalSystem_wasctime
                                    • String ID:
                                    • API String ID: 3399651677-0
                                    • Opcode ID: 1bf916f9a84b58947b35cd5eb8ff7d8bcbe5abe6f58cccb32ae5ec625d9ebf12
                                    • Instruction ID: 5de4727328e9592d4e38f4366f5ca010a8b184d7820083fb95113f8703b604d4
                                    • Opcode Fuzzy Hash: 1bf916f9a84b58947b35cd5eb8ff7d8bcbe5abe6f58cccb32ae5ec625d9ebf12
                                    • Instruction Fuzzy Hash: F15180759402299AEB249F64CC04FF9B7B8EF05700F4140AAF55AE61A0E7749EC5CB61
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00142100, Relevance: 9.1, APIs: 6, Instructions: 89encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • realloc.MSVCRT ref: 0014214C
                                    • CertDuplicateCRLContext.CRYPT32(?), ref: 0014215D
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 0014217C
                                    • CertFreeCRLContext.CRYPT32(?), ref: 001421A1
                                    • CertFreeCRLContext.CRYPT32(00000000), ref: 001421C2
                                    • free.MSVCRT(?), ref: 001421D0
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Context$Free$DuplicateFromStorefreerealloc
                                    • String ID:
                                    • API String ID: 420543247-0
                                    • Opcode ID: dbca81db36ef502832535657eac476ff691f8f9568c278695e10bad823359991
                                    • Instruction ID: 391ae9868b37bd97d1ea63683d770480de9b8334c00715b1ab17d12f6e430bc5
                                    • Opcode Fuzzy Hash: dbca81db36ef502832535657eac476ff691f8f9568c278695e10bad823359991
                                    • Instruction Fuzzy Hash: A131147A900249EFDB219F94C8848ADBBF5FF45754BA1846EFA51A7220C7319EC1DF10
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001440DE, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 121COMMON
                                    Download Yara Rule
                                    APIs
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 001482FF
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0014832B
                                    • printf.MSVCRT ref: 0014412D
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeObject$LoadStringprintfvwprintf
                                    • String ID: $%s (%S)$($<NULL>
                                    • API String ID: 3576710509-3389890325
                                    • Opcode ID: 64bd2a59c39da03b81844d99585d45325581a03e9d256f05c020e84d2aacb8bf
                                    • Instruction ID: 117ecc627cbbdb50ea56c6bd576805ddc448c46352fcf8ef0bc4b66a1007c435
                                    • Opcode Fuzzy Hash: 64bd2a59c39da03b81844d99585d45325581a03e9d256f05c020e84d2aacb8bf
                                    • Instruction Fuzzy Hash: 1F31C132544301BFEB212F50EC46EAE37BAEF25751F404129F200250B2EFB6A9C59B22
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00143FFA, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCertificateContextProperties.CRYPT32(?,00000000), ref: 00144008
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000000,00000000,?), ref: 0014404B
                                    • CertGetCertificateContextProperty.CRYPT32(?,00000000,00000000,?), ref: 0014406B
                                    • CertEnumCertificateContextProperties.CRYPT32(?,00000000), ref: 001440C0
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertCertificateContext$EnumPropertiesProperty$LoadStringvwprintf
                                    • String ID:
                                    • API String ID: 1334782540-399585960
                                    • Opcode ID: 22d7cbd596e4cf4f5da20baf9b504cb382461f5c4aa13d8d6605b577da11e92f
                                    • Instruction ID: 0a60cd1bd5f35689b983b2141dc66b16537723f8d82a705f9e0f7d7ca1f2d0fb
                                    • Opcode Fuzzy Hash: 22d7cbd596e4cf4f5da20baf9b504cb382461f5c4aa13d8d6605b577da11e92f
                                    • Instruction Fuzzy Hash: 5921A176900118FFDB207F90DC81DEF7A6EEF113A47010029F61463071EB724ED09661
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00142F08, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 82COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 39%
                                    			E00142F08(void* __ecx, void* __esi, intOrPtr* _a4, char _a8) {
				void* __ebx;
				intOrPtr* _t19;
				char* _t28;
				intOrPtr _t30;
				intOrPtr* _t38;
				intOrPtr* _t40;
				void* _t42;

				_t30 = 0;
				_t19 = E001482C8(__ecx, 0xb, _a4, _a8, 0);
				_t38 = _t19;
				if(_t38 != 0) {
					_push(0x1beb);
					_push( *0x14a7f8);
					_t20 = E00148F8E();
					if( *_t38 == 0) {
						L11:
						if( *((intOrPtr*)(_t38 + 8)) != 0) {
							_push(0x1bed);
							_push( *0x14a7f8);
							_a8 =  *((intOrPtr*)( *((intOrPtr*)(_t38 + 0xc))));
							E00148F8E();
							_t20 = E00142E33(_t30, _a8);
						}
						return E00148F35(_t20, _t38);
					}
					_t20 = E00148F8E( *0x14a7f8, 0x1bec, __esi);
					_t40 =  *((intOrPtr*)(_t38 + 4));
					_a8 = 0;
					if( *_t38 <= 0) {
						L10:
						goto L11;
					} else {
						goto L3;
					}
					do {
						L3:
						_t30 = 0;
						if( *_t40 == 0) {
							_push("<NULL>");
							_push(_a8);
							printf("     [%d,*] %s\n");
							_t42 = _t42 + 0xc;
						}
						_a4 =  *((intOrPtr*)(_t40 + 4));
						if( *_t40 > 0) {
							do {
								_t28 =  *_a4;
								if(_t28 == 0) {
									_t28 = "<NULL>";
								}
								_push(_t28);
								_push(_t30);
								_push(_a8);
								printf("     [%d,%d] %s\n");
								_a4 = _a4 + 4;
								_t42 = _t42 + 0x10;
								_t30 = _t30 + 1;
							} while (_t30 <  *_t40);
						}
						_a8 = _a8 + 1;
						_t20 = _a8;
						_t40 = _t40 + 8;
					} while (_a8 <  *_t38);
					goto L10;
				}
				return _t19;
			}










                                    0x00142f0f
                                    0x00142f1a
                                    0x00142f1f
                                    0x00142f23
                                    0x00142f29
                                    0x00142f2e
                                    0x00142f34
                                    0x00142f3d
                                    0x00142fbb
                                    0x00142fbf
                                    0x00142fc6
                                    0x00142fcb
                                    0x00142fd1
                                    0x00142fd4
                                    0x00142fde
                                    0x00142fde
                                    0x00000000
                                    0x00142fe4
                                    0x00142f4b
                                    0x00142f50
                                    0x00142f55
                                    0x00142f5a
                                    0x00142fba
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00000000
                                    0x00142f5c
                                    0x00142f5c
                                    0x00142f5c
                                    0x00142f60
                                    0x00142f62
                                    0x00142f67
                                    0x00142f6f
                                    0x00142f75
                                    0x00142f75
                                    0x00142f7e
                                    0x00142f81
                                    0x00142f83
                                    0x00142f86
                                    0x00142f8a
                                    0x00142f8c
                                    0x00142f8c
                                    0x00142f91
                                    0x00142f92
                                    0x00142f93
                                    0x00142f9b
                                    0x00142fa1
                                    0x00142fa5
                                    0x00142fa8
                                    0x00142fa9
                                    0x00142f83
                                    0x00142fad
                                    0x00142fb0
                                    0x00142fb3
                                    0x00142fb6
                                    0x00000000
                                    0x00142f5c
                                    0x00142fec

                                    APIs
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 001482FF
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0014832B
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    • printf.MSVCRT ref: 00142F6F
                                    • printf.MSVCRT ref: 00142F9B
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeObjectprintf$LoadStringvwprintf
                                    • String ID: [%d,%d] %s$ [%d,*] %s$<NULL>
                                    • API String ID: 3954790218-3661550745
                                    • Opcode ID: 06b6ac7abad6689e98150f2b929dc53bafa74392ac6a13e3ee75c6e4d941bce9
                                    • Instruction ID: a674c7f8145da7457c556cc711d616f1c83b3bafbbe48f68a2112d13b8fcecc0
                                    • Opcode Fuzzy Hash: 06b6ac7abad6689e98150f2b929dc53bafa74392ac6a13e3ee75c6e4d941bce9
                                    • Instruction Fuzzy Hash: 9321FF39208205FFDB116FA4DC81DADBBB5FF10761BA18029F9184A271D771ADD4CB51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00141CD9, Relevance: 7.6, APIs: 5, Instructions: 91encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,00000000,?), ref: 00141D0D
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,00000000,?), ref: 00141D2F
                                    • CertGetCRLContextProperty.CRYPT32(?,00000003,00000000,?), ref: 00141D50
                                    • CertGetCRLFromStore.CRYPT32(?,00000000,?,?), ref: 00141D79
                                    • CertFreeCRLContext.CRYPT32(?), ref: 00141DAB
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$Context$FromPropertyStore$Free
                                    • String ID:
                                    • API String ID: 1268920413-0
                                    • Opcode ID: dbaa607db718cb683eb79309d69281d689c68602b0e145c9dfd4c6656926eebb
                                    • Instruction ID: 75f60c2de457b63ab7020de47f21c6914160ad779e5c1ba2a5f90eb6e13cbda3
                                    • Opcode Fuzzy Hash: dbaa607db718cb683eb79309d69281d689c68602b0e145c9dfd4c6656926eebb
                                    • Instruction Fuzzy Hash: BD31B2B5D01229FBCB21DBA5CD489EEBBBAEF48760F144466A815A2120D7309E81DB90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00141C45, Relevance: 7.6, APIs: 5, Instructions: 61encryptionCOMMON
                                    Download Yara Rule
                                    APIs
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00141C82
                                    • CertSetCertificateContextProperty.CRYPT32(00000000,0000000B,00000000,00000000), ref: 00141C97
                                    • CertSetCertificateContextProperty.CRYPT32(00000000,0000000B,00000000,?), ref: 00141CA6
                                    • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 00141CB0
                                    • CertFreeCertificateContext.CRYPT32(00000000), ref: 00141CC4
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: Cert$CertificateContext$CertificatesEnumPropertyStore$Free
                                    • String ID:
                                    • API String ID: 1316045383-0
                                    • Opcode ID: 7c463a4ca33b2eece0c5841e0e424ef42c76d4e1b894503417202f1faa6cd6ff
                                    • Instruction ID: 934eeea5361d2dfb8fc13bbb6775b6d8d5aaaba6085e84a21eac28ace07e5488
                                    • Opcode Fuzzy Hash: 7c463a4ca33b2eece0c5841e0e424ef42c76d4e1b894503417202f1faa6cd6ff
                                    • Instruction Fuzzy Hash: 26110836540205BBD7228B58DC85FAE77B9EB85740F154025E504E72A0EB74DE819B50
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00148CA1, Relevance: 7.5, APIs: 5, Instructions: 49timethreadCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 100%
                                    			E00148CA1() {
				struct _FILETIME _v12;
				signed int _v16;
				union _LARGE_INTEGER _v20;
				signed int _t14;
				signed int _t16;
				signed int _t17;
				signed int _t18;
				signed int _t22;
				signed int _t23;
				signed int _t32;

				_t14 =  *0x14a078; // 0xa17bec03
				_v12.dwLowDateTime = _v12.dwLowDateTime & 0x00000000;
				_v12.dwHighDateTime = _v12.dwHighDateTime & 0x00000000;
				if(_t14 == 0xbb40e64e || (0xffff0000 & _t14) == 0) {
					GetSystemTimeAsFileTime( &_v12);
					_t16 = GetCurrentProcessId();
					_t17 = GetCurrentThreadId();
					_t18 = GetTickCount();
					QueryPerformanceCounter( &_v20);
					_t22 = _v16 ^ _v20.LowPart;
					_t32 = _v12.dwHighDateTime ^ _v12.dwLowDateTime ^ _t16 ^ _t17 ^ _t18 ^ _t22;
					if(_t32 == 0xbb40e64e || ( *0x14a078 & 0xffff0000) == 0) {
						_t32 = 0xbb40e64f;
					}
					 *0x14a078 = _t32;
					 *0x14a07c =  !_t32;
					return _t22;
				} else {
					_t23 =  !_t14;
					 *0x14a07c = _t23;
					return _t23;
				}
			}













                                    0x00148ca9
                                    0x00148cae
                                    0x00148cb2
                                    0x00148cc4
                                    0x00148cd8
                                    0x00148ce4
                                    0x00148cec
                                    0x00148cf4
                                    0x00148d00
                                    0x00148d09
                                    0x00148d0c
                                    0x00148d10
                                    0x00148d1a
                                    0x00148d1a
                                    0x00148d1f
                                    0x00148d27
                                    0x00000000
                                    0x00148cca
                                    0x00148cca
                                    0x00148ccc
                                    0x00000000
                                    0x00148ccc

                                    APIs
                                    • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00148CD8
                                    • GetCurrentProcessId.KERNEL32 ref: 00148CE4
                                    • GetCurrentThreadId.KERNEL32 ref: 00148CEC
                                    • GetTickCount.KERNEL32 ref: 00148CF4
                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00148D00
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                    • String ID:
                                    • API String ID: 1445889803-0
                                    • Opcode ID: 53eb7a223d1a70c2c747d351e877e8f1d51e1d0dfa78f3eb1296f24cc8462f23
                                    • Instruction ID: c011aa9772f880d4ec009bd882a5455c050100a9accc3b0e0223c259ea9b6454
                                    • Opcode Fuzzy Hash: 53eb7a223d1a70c2c747d351e877e8f1d51e1d0dfa78f3eb1296f24cc8462f23
                                    • Instruction Fuzzy Hash: 3801847AD00214ABCB209FF8E84869EBBF8EF49351F560511F901E7530EB305DC48B90
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001444A1, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 40%
                                    			E001444A1(intOrPtr _a4, signed int _a8) {
				intOrPtr* _v8;
				void* __ecx;
				intOrPtr* _t15;
				int _t16;
				intOrPtr _t21;
				void* _t24;
				intOrPtr* _t33;
				intOrPtr _t35;
				signed int _t36;
				signed int _t37;
				void* _t38;
				intOrPtr* _t39;
				void* _t41;

				_push(_t24);
				_t15 = E001482C8(_t24, 0x2a, _a4, _a8, 0);
				_t33 = _t15;
				_v8 = _t33;
				if(_t33 != 0) {
					_t21 =  *_t33;
					_t39 =  *((intOrPtr*)(_t33 + 4));
					_a4 = _t21;
					_t16 = E00148F8E( *0x14a7f8, 0x1bc0, _t38);
					if(_t21 == 0) {
						_push(0x1bc1);
						_push( *0x14a7f8);
						_t16 = E00148F8E();
					}
					_a8 = _a8 & 0x00000000;
					if(_t21 > 0) {
						do {
							_t35 =  *_t39;
							_push(E00143272(_t16, _t35, 0));
							_push(_t35);
							_t36 = _a8;
							_push(_t36);
							printf("    [%d] %s (%S)");
							_t41 = _t41 + 0x10;
							if( *((intOrPtr*)(_t39 + 4)) == 0) {
								_t16 = printf("\n");
							} else {
								_push(0x1b64);
								_push( *0x14a7f8);
								E00148F8E();
								_t16 = E001428A5(L"      ",  *((intOrPtr*)(_t39 + 8)),  *((intOrPtr*)(_t39 + 4)));
							}
							_t37 = _t36 + 1;
							_t39 = _t39 + 0xc;
							_a8 = _t37;
						} while (_t37 < _a4);
						_t33 = _v8;
					}
					_t15 = E00148F35(_t16, _t33);
				}
				return _t15;
			}
















                                    0x001444a6
                                    0x001444b2
                                    0x001444b7
                                    0x001444b9
                                    0x001444be
                                    0x001444c5
                                    0x001444c8
                                    0x001444d6
                                    0x001444d9
                                    0x001444e2
                                    0x001444e4
                                    0x001444e9
                                    0x001444ef
                                    0x001444f5
                                    0x001444f6
                                    0x001444fc
                                    0x00144504
                                    0x00144504
                                    0x0014450e
                                    0x0014450f
                                    0x00144510
                                    0x00144513
                                    0x00144519
                                    0x0014451b
                                    0x00144522
                                    0x0014454d
                                    0x00144524
                                    0x00144524
                                    0x00144529
                                    0x0014452f
                                    0x00144541
                                    0x00144541
                                    0x00144550
                                    0x00144551
                                    0x00144554
                                    0x00144557
                                    0x0014455c
                                    0x0014455c
                                    0x00144560
                                    0x00144566
                                    0x00144569

                                    APIs
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 001482FF
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0014832B
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    • printf.MSVCRT ref: 00144519
                                    • printf.MSVCRT ref: 0014454D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CryptDecodeObjectprintf$LoadStringvwprintf
                                    • String ID: $ [%d] %s (%S)
                                    • API String ID: 3954790218-4092857480
                                    • Opcode ID: 636d8be3ba7a0ed700a211afb33288d0d9ba9fc3a9d3cc844f0ce34c9d04c3a7
                                    • Instruction ID: 45c70b0e6f6d6e1dbf915b4556fba39b97ee78b775c31999b78e8db57dd846de
                                    • Opcode Fuzzy Hash: 636d8be3ba7a0ed700a211afb33288d0d9ba9fc3a9d3cc844f0ce34c9d04c3a7
                                    • Instruction Fuzzy Hash: 8311E43A640300FBEB106F54DC42FAD77B6FF85720F258019FA142B1B0DB75A9818B51
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00148FC0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 68%
                                    			E00148FC0(struct HINSTANCE__* _a4, int _a8, int _a12) {

				LoadStringW(_a4, _a8, 0x14acd8,  *0x14a390);
				LoadStringW(_a4, _a12, 0x14b4d8,  *0x14a390);
				_push(0x14b4d8);
				return wprintf(0x14acd8);
			}



                                    0x00148fe0
                                    0x00148ff4
                                    0x00148ff6
                                    0x00149003

                                    APIs
                                    • LoadStringW.USER32(00001BB1,0014585D,CertMgr Succeeded,-00001BAE), ref: 00148FE0
                                    • LoadStringW.USER32(00001BB1,?,0014B4D8), ref: 00148FF4
                                    • wprintf.MSVCRT ref: 00148FF8
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString$wprintf
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 698749725-2974366063
                                    • Opcode ID: 47d31c3f853cad9c4ae08c586036fca154ef83599364c8284f21659b63f22b3d
                                    • Instruction ID: 9ec1103987a3a93dc635b4954b71e10edb222189cb513835ebb98278a566e78a
                                    • Opcode Fuzzy Hash: 47d31c3f853cad9c4ae08c586036fca154ef83599364c8284f21659b63f22b3d
                                    • Instruction Fuzzy Hash: 57E04F3B144258BF9B121F52EC44C5B3F6EFBD67B4715402AFA18126319B329C61EBA0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00142A90, Relevance: 6.1, APIs: 4, Instructions: 77encryptionCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 43%
                                    			E00142A90(void* __ebx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				void* __ecx;
				intOrPtr* _t9;
				intOrPtr _t18;
				void* _t22;
				void* _t24;
				intOrPtr* _t33;
				intOrPtr _t34;
				intOrPtr* _t36;

				_push(_t24);
				_v8 = 0;
				_t9 = E001482C8(_t24, 6, _a4, _a8, 0);
				_t36 = _t9;
				if(_t36 == 0) {
					L9:
					return _t9;
				}
				E00148F8E( *0x14a7f8, 0x1bc4, __ebx);
				_t33 = __imp__CertRDNValueToStrW;
				_t4 = _t36 + 4; // 0x4
				_t22 =  *_t33( *_t36, _t4, 0, 0);
				if(_t22 > 1) {
					_t18 = E00149241(_t22 + _t22, 0, 0);
					_v8 = _t18;
					if(_t18 != 0) {
						_t7 = _t36 + 4; // 0x4
						 *_t33( *_t36, _t7, _t18, _t22);
					}
				}
				E00148F8E( *0x14a7f8, 0x1bc5,  *_t36);
				_t34 = _v8;
				if(_t34 == 0) {
					_push(0x1b58);
					_push( *0x14a7f8);
					E00148F8E();
				} else {
					_push(_t34);
					wprintf(L"%s");
				}
				_t9 = E00148F35(printf("\n"), _t36);
				if(_t34 != 0) {
					_t9 = E00148F35(_t9, _t34);
				}
				goto L9;
			}












                                    0x00142a95
                                    0x00142a9e
                                    0x00142aa6
                                    0x00142aab
                                    0x00142aaf
                                    0x00142b56
                                    0x00142b59
                                    0x00142b59
                                    0x00142ac1
                                    0x00142aca
                                    0x00142ad0
                                    0x00142ad8
                                    0x00142add
                                    0x00142ae7
                                    0x00142aec
                                    0x00142af1
                                    0x00142af5
                                    0x00142afb
                                    0x00142afb
                                    0x00142af1
                                    0x00142b0a
                                    0x00142b0f
                                    0x00142b18
                                    0x00142b28
                                    0x00142b2d
                                    0x00142b33
                                    0x00142b1a
                                    0x00142b1a
                                    0x00142b20
                                    0x00142b20
                                    0x00142b47
                                    0x00142b4e
                                    0x00142b51
                                    0x00142b51
                                    0x00000000

                                    APIs
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,?), ref: 001482FF
                                      • Part of subcall function 001482C8: CryptDecodeObject.CRYPT32(00010001,?,?,?,00000001,00000000,12345678), ref: 0014832B
                                      • Part of subcall function 00148F8E: LoadStringW.USER32(?,00141A8A,CertMgr Succeeded,00000000), ref: 00148FA6
                                      • Part of subcall function 00148F8E: vwprintf.MSVCRT ref: 00148FB1
                                    • CertRDNValueToStrW.CRYPT32(00000000,00000004,00000000,00000000), ref: 00142AD6
                                    • CertRDNValueToStrW.CRYPT32(00000000,00000004,00000000,00000000), ref: 00142AFB
                                    • wprintf.MSVCRT ref: 00142B20
                                    • printf.MSVCRT ref: 00142B3F
                                      • Part of subcall function 00149241: malloc.MSVCRT ref: 0014924A
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: CertCryptDecodeObjectValue$LoadStringmallocprintfvwprintfwprintf
                                    • String ID:
                                    • API String ID: 626385143-0
                                    • Opcode ID: 0789f01f4faa461c3d850a507a1cb41bd879241fef90b238a08fcbd2c8de38d7
                                    • Instruction ID: 5e384b3b5206f0785af23eb8a7a5767de05293d4771d29c06478b0e89283444d
                                    • Opcode Fuzzy Hash: 0789f01f4faa461c3d850a507a1cb41bd879241fef90b238a08fcbd2c8de38d7
                                    • Instruction Fuzzy Hash: B7118136540605BAE7316F61DC0AE9F7BBEEFD1B50B250019F910970B0EF72ADC19661
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00149192, Relevance: 6.1, APIs: 4, Instructions: 62fileCOMMON
                                    Download Yara Rule
                                    C-Code - Quality: 62%
                                    			E00149192(void* __eax, void* __ecx, intOrPtr _a4, void* _a8, long _a12) {
				long _v8;
				signed int _t12;
				signed int _t16;
				signed int _t18;
				void* _t22;
				signed int _t30;

				_v8 = 0;
				if(_a4 == 0 || _a8 == 0 || _a12 == 0) {
					_t12 = 0x80070057;
				} else {
					_push(0);
					_push(0);
					_push(2);
					_push(0);
					_push(0);
					_push(0x40000000);
					_push(_a4);
					E00149349();
					_t22 = __eax;
					if(__eax != 0xffffffff) {
						if(WriteFile(__eax, _a8, _a12,  &_v8, 0) != 0) {
							asm("sbb esi, esi");
							_t30 =  ~(_v8 - _a12) & 0x80004005;
						} else {
							_t16 = GetLastError();
							if(_t16 > 0) {
								_t16 = _t16 & 0x0000ffff | 0x80070000;
							}
							_t30 = _t16;
						}
						CloseHandle(_t22);
					} else {
						_t18 = GetLastError();
						if(_t18 > 0) {
							_t18 = _t18 & 0x0000ffff | 0x80070000;
						}
						_t30 = _t18;
					}
					_t12 = _t30;
				}
				return _t12;
			}









                                    0x0014919b
                                    0x001491a1
                                    0x00149232
                                    0x001491b5
                                    0x001491b6
                                    0x001491b7
                                    0x001491b8
                                    0x001491ba
                                    0x001491bb
                                    0x001491bc
                                    0x001491c1
                                    0x001491c4
                                    0x001491c9
                                    0x001491ce
                                    0x001491fc
                                    0x0014921e
                                    0x00149220
                                    0x001491fe
                                    0x001491fe
                                    0x00149206
                                    0x0014920d
                                    0x0014920d
                                    0x00149212
                                    0x00149212
                                    0x00149227
                                    0x001491d0
                                    0x001491d0
                                    0x001491d8
                                    0x001491df
                                    0x001491df
                                    0x001491e4
                                    0x001491e4
                                    0x0014922d
                                    0x0014922f
                                    0x00149239

                                    APIs
                                    • GetLastError.KERNEL32(?,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00000001,00000000,?,00147811,00000000,00000000), ref: 001491D0
                                    • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,40000000,00000000,00000000,00000002,00000000,00000000,00000000,00000001,00000000), ref: 001491F4
                                    • GetLastError.KERNEL32(?,00147811,00000000,00000000), ref: 001491FE
                                    • CloseHandle.KERNEL32(00000000,?,00147811,00000000,00000000), ref: 00149227
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: ErrorLast$CloseFileHandleWrite
                                    • String ID:
                                    • API String ID: 2639859636-0
                                    • Opcode ID: a94e639cc57c228204b5929be0e47f2c8795c833f7eb88f8d37921a1b624146c
                                    • Instruction ID: 765d14847d1962d061e874935c041f098ae8ed58974731cac6fe37906b670ccd
                                    • Opcode Fuzzy Hash: a94e639cc57c228204b5929be0e47f2c8795c833f7eb88f8d37921a1b624146c
                                    • Instruction Fuzzy Hash: 7611A032941025FBCB308F65DC09EAF7A28EF46FA0F254225F915E64A0D3748E40D7D0
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00144FD3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: printf
                                    • String ID: $%s
                                    • API String ID: 3524737521-1620431320
                                    • Opcode ID: dab1eddb6d0cc7186ccdb571bcbdf7c9c7a7aa4e4495eeaed63b960ff811c7ca
                                    • Instruction ID: 9e3b78a7f7867f1e2cbddb3affb15d02577a0603016007f9caf946a1758e3b7c
                                    • Opcode Fuzzy Hash: dab1eddb6d0cc7186ccdb571bcbdf7c9c7a7aa4e4495eeaed63b960ff811c7ca
                                    • Instruction Fuzzy Hash: 2E11B23A588700FFE7252F80EC12C697BB7FF15B11712401AF3561A4F1EB6215D2AB82
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001450E4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                    Download Yara Rule
                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: wprintf
                                    • String ID: $%s
                                    • API String ID: 3614878089-1620431320
                                    • Opcode ID: c2bb21fc1550cc30990e20b21052b8c68049edc52126f029512ea5ec957e219a
                                    • Instruction ID: ef06c980e3815e7c9b9c7117ed0ce70ae1d5b90e75cb9facc0633f727df51902
                                    • Opcode Fuzzy Hash: c2bb21fc1550cc30990e20b21052b8c68049edc52126f029512ea5ec957e219a
                                    • Instruction Fuzzy Hash: 7601F436240B04FBDB245B40ED02EAA77EBEB14F50B190019F202528F2EF72A980D7A1
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 001452CB, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 89%
                                    			E001452CB(intOrPtr* _a4, intOrPtr _a8) {
				void* __edi;
				intOrPtr* _t4;
				void* _t6;
				intOrPtr _t9;
				intOrPtr _t10;

				_t4 = _a4;
				_t10 =  *((intOrPtr*)(_t4 + 4));
				_t9 =  *_t4;
				_t6 = 0;
				if(_t9 > 0) {
					do {
						_push(_t6);
						wprintf(L"    [%d] ");
						_t4 = E00144FD3(_t9, _t10, _a8);
						_t6 = _t6 + 1;
						_t10 = _t10 + 0xc;
					} while (_t6 < _t9);
				}
				return _t4;
			}








                                    0x001452d0
                                    0x001452d5
                                    0x001452d9
                                    0x001452db
                                    0x001452df
                                    0x001452e1
                                    0x001452e1
                                    0x001452e7
                                    0x001452f3
                                    0x001452f8
                                    0x001452f9
                                    0x001452fc
                                    0x001452e1
                                    0x00145304

                                    APIs
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: wprintf
                                    • String ID: [%d] $1.3.6.1.4.1.311.10.2
                                    • API String ID: 3614878089-3478931004
                                    • Opcode ID: 0625b2eae6f8fd9ba8ed9c93ebfa619e0ca585977679011d9ac6cfc51f008ec4
                                    • Instruction ID: 443ab6c67106c0d10a9dd3ec0fdb0ff9c12e457d0ef03f2cab0143cd043c5ad0
                                    • Opcode Fuzzy Hash: 0625b2eae6f8fd9ba8ed9c93ebfa619e0ca585977679011d9ac6cfc51f008ec4
                                    • Instruction Fuzzy Hash: B1E02637100718BF87001BC8EC80CDBB35EEBC97703264023FA19571208BB2BC4243A4
                                    Uniqueness

                                    Uniqueness Score: -1.00%

                                    Function 00148F52, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                    Download Yara Rule
                                    C-Code - Quality: 64%
                                    			E00148F52(struct HINSTANCE__* _a4, intOrPtr _a8, int _a12) {
				signed int _t4;

				_t4 = LoadStringW(_a4, _a12, 0x14acd8,  *0x14a390);
				if(_t4 != 0) {
					_push(0x14acd8);
					_push(_a8);
					L00149332();
					return _t4;
				}
				return _t4 | 0xffffffff;
			}




                                    0x00148f6a
                                    0x00148f72
                                    0x00148f79
                                    0x00148f7a
                                    0x00148f7d
                                    0x00000000
                                    0x00148f83
                                    0x00000000

                                    APIs
                                    • LoadStringW.USER32(?,?,CertMgr Succeeded,?), ref: 00148F6A
                                    • _wcsicmp.MSVCRT ref: 00148F7D
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000018.00000002.739539851.0000000000141000.00000020.00020000.sdmp, Offset: 00140000, based on PE: true
                                    • Associated: 00000018.00000002.739531085.0000000000140000.00000002.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739559790.000000000014A000.00000004.00020000.sdmp Download File
                                    • Associated: 00000018.00000002.739571302.000000000014D000.00000002.00020000.sdmp Download File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_24_2_140000_CertMgr.jbxd
                                    Similarity
                                    • API ID: LoadString_wcsicmp
                                    • String ID: CertMgr Succeeded
                                    • API String ID: 129124420-2974366063
                                    • Opcode ID: 9dd752df89adf6809676b7c3eacc29b5217cc907d4f53ce2df5d2a87172974c4
                                    • Instruction ID: 65f6fbc2e872ed7f2bbedd1ad7d8b343817d73fc1e35ba1f9612a6065ad48106
                                    • Opcode Fuzzy Hash: 9dd752df89adf6809676b7c3eacc29b5217cc907d4f53ce2df5d2a87172974c4
                                    • Instruction Fuzzy Hash: B1E0C232048218BB9B215F22EC08CCB3F5EFF133B07154225F828405B0DB328860E690
                                    Uniqueness

                                    Uniqueness Score: -1.00%